P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 26-08-20, 06:23 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - August 29th, ’20

Since 2002










































August 29th, 2020




NYC Feds Bust Crew that Pirated ‘Nearly Every Movie,’ Causing ‘Tens of Millions’ in Losses for Film Studios
Stephen Rex Brown

Federal prosecutors have busted an international movie-pirating operation that caused “tens of millions of dollars in losses” for film production studios over the course of nine years, court filings reveal.

George Bridi, Umar Ahmad and Jonatan Correa belonged to a copyright-infringement crew called “The Sparks Group” that posted “nearly every movie released by major production studios” online, according to indictments unsealed Tuesday.

The trio allegedly duped distributors in Manhattan, Brooklyn, New Jersey and Canada into mailing them advance Blu-Ray and DVD copies of movies and television shows. The group then cracked copyright protections on the discs and posted the movies and TV shows online ahead of official release dates, prosecutors say.

“Over the course of the conspiracy, the Sparks Group has successfully reproduced and disseminated hundreds of movies and television shows prior to their retail release date, including nearly every movie released by major production studios,” an indictment reads.

“The Sparks Group continuously searched for and solicited distributors and retailers that could be used to obtain DVDs and Blu-Ray discs as early as possible.”

The crew used signature filenames like “SPARKS,” “DRONES,” “ROVERS,” “GECKOS,” and “SPRINTER” to brand their pirated content, prosecutors said. Other members of the Sparks Group “further reproduced and disseminated” the movies from servers the crew controlled, prosecutors said.

“The Sparks Group also uploaded photographs of the discs in their original packaging to its servers to demonstrate that the reproductions originated from authentic DVDs and Blu-Ray discs,” prosecutors said.

The indictments do not indicate that the accused movie pirates profited from the scheme that started in at least 2011.

An unnamed co-conspirator in the scheme lived in Westchester, according to filings. Bridi, 50, is a British national living on the Isle of Wight. Ahmad, 39, lives in Oslo, Norway.

The names of attorneys representing the men were not available.
https://www.nydailynews.com/new-york...qyq-story.html





U.S. Movie Theaters Say It's Safe To Watch A Film: How About 'Unhinged'?
Mandalit del Barco

Theaters around the country have begun showing the first new movie since the coronavirus pandemic shuttered cinemas: an audacious road rage movie titled Unhinged, starring Russell Crowe.

The $30 million dollar movie opened internationally, where it's been number one at the box office in some countries. Now it's playing in the U.S., where 70% of theaters are now open, except in Los Angeles, New York or other cities where the numbers of coronavirus cases are high.

"When our patrons come back, they'll see the safe environment we've provided for them," said John Fithian, president and CEO of NATO, the National Association of Theater Owners.

Fithian invited two medical experts and the heads of the country's biggest theater chains to launch a public awareness campaign dubbed "CinemaSafe," meant to ease moviegoer's fears. The campaign featured new industry-wide health and safety protocols, including mandatory face masks for moviegoers and employees, social distancing and regular sanitizing in theaters with better air ventilation, reduced theater capacity (most between 30% and 50%), and contact-less, electronic ticket sales.

Fithian says the protocols will be followed by more than 2,600 theater locations, including more than 30,000 screens in the U.S.

NATO used guidelines from the Centers for Disease Control and Prevention, the World Health Organization, and the Occupational Safety and Health Administration.

"It's important to understand that going to the movies is not risk free," said David F. Goldsmith, an epidemiologist at George Washington University who consulted with NATO on the protocols. Still, during the announcement, he said he had not seen any medical literature evidence showing movie theaters around the world have been a venue for viral transmission of COVID-19. "Honestly, time will tell," he said. "We're still we're at month six of this pandemic, but that is, at least, some basis for some reassurance."

Dr. Joyce Sanchez, an infectious disease specialist at the Medical College of Wisconsin, also worked on the new cinema protocols. During the announcement, she noted that going to the movies is different from flying on a crowded airplane, or going to a restaurant or some other activities these days: audiences face the same direction as they watch the big screen, she said, and "People are not speaking. People are not singing or those types of activities that propel those respiratory droplets." (Though the new protocols do allow moviegoers to temporarily remove their masks while drinking or eating popcorn or other snacks.)

The CinemaSafe announcement was a rare show of solidarity for longtime rival exhibitors. For example, Adam Aron, CEO of the biggest movie chain, AMC, remarked, "In normal times, I might say something like 'AMC Popcorn is better than Cinemark popcorn.' But right now, actually, what I'm going to say is just this one time: I'll be really happy if someone goes to a Cinemark theater or Regal Theater or the other circuits, because it's so important for our whole industry to recover. ... We all know that the future of our industry rides on our ability to actually operate our theaters safely and cleanly and to convince the public that that is precisely what we're doing."

IMAX Entertainment president Megan Colligan said around the world, movie theaters have reopened with promising box office sales for the new Korean film Peninsula and the new Chinese film The Eight Hundred. Theater owners are looking for success when Christopher Nolan's film Tenet opens internationally next week. Colligan agreed with her colleagues that American audiences are also eager to go back to the movies.

"Some people go to the gym, some people go to church, some people need to go to the beach and surf, and some people really do need to go to the movies," she said. "It is people's happy place." Colligan said having health and safety protocols in place "is going to lead to a really wonderful escape for people and for families."
https://www.npr.org/sections/coronav...about-unhinged





With ‘Unhinged,’ Hollywood Cautiously Returns to Movie Theaters

The Russell Crowe thriller brought in $4 million domestically — a figure that would normally disappoint but, given the pandemic, is seen as a success.
Nicole Sperling

This weekend Hollywood took a toe dip back into theaters with the wide release of “Unhinged,” the Russell Crowe thriller that opened Friday in 1,823 locations across the country, including drive-ins in California and large cineplexes in San Antonio, Tex., Oklahoma City and Orlando.

The film cost $33 million to make and earned just $4 million its opening weekend — a figure that would normally disappoint. But with theaters operating at a maximum of 50 percent capacity, it is seen as a relative success. Five months after all theaters shut because of the coronavirus, this weekend showed the country’s cautious interest in returning to the movies.

Mark Gill, the chief executive of Solstice Studios, the independent studio behind the film said he expected “Unhinged” to generate at least $30 million in North American box office receipts. It has already earned $8 million internationally.

“The fact that we will get to our goal in these crazy uncertain times feels like a gigantic relief,” he added.

Twenty-six percent of U.S. screens were open this weekend in some 44 states, each operating at limited capacity with additional safety protocols like mask wearing and touchless ticketing. Seven states, including California, New Jersey and New York, which account for close to 25 percent of the national box office, are still not permitted to open their cineplexes. Drive-in theaters in three California locales, including Los Angeles and San Francisco, generated the highest grosses of the weekend.

The results, although modest, have Hollywood carefully optimistic about what’s possible for the remaining weeks of summer. Next weekend, Disney will open in theaters its long-delayed X-Men spinoff “New Mutants,” while “Unhinged” adds some 500 screens to its release. On Sept. 3, Warner Bros. will finally debut the highly anticipated and oft-delayed Christopher Nolan thriller “Tenet” in the U.S. The theater industry hopes to have 70 percent of the nation’s screens open by that date.

For Mr. Gill, the added competition should help make the case for returning to the movies.

“Theaters that have been open for a while did better comparatively because people knew they were open,” he said. “Some of this is just about getting people to understand that. Another movie is only going to help. God knows there is plenty of room.”

The other wide release for the weekend, the young-adult drama “Words on Bathroom Walls,” had a more subdued debut, generating $462,050 on 925 screens despite the “A” rating from audience survey company CinemaScore and overwhelmingly positive reviews.

The theater business has been decimated by the coronavirus. AMC, the nation’s largest circuit, lost $561 million during its second quarter this year with revenue down 99 percent due to the virus. The chain reopened a portion of its 630 theaters this weekend for the first time.

Many of Hollywood’s largest films, including the next installment of James Bond and the ninth iteration of the “Fast And Furious” franchise, have exited the 2020 calendar completely, while others, like Disney’s “Mulan,” are moving straight to streaming services. Analysts are counting on additional theaters opening in the coming months to bolster the releases, including “Wonder Woman” on Oct. 2 and Marvel Studios’ “Black Widow” on Nov. 6.

“Our belief in the long-term success of the theatrical business is unshaken,” said David A. Gross, the principal of Franchise Entertainment Research in a statement. “This weekend is the first step. The next couple of weeks will show us a lot more. The rebuilding process is going to take nine to 18 months.”
https://www.nytimes.com/2020/08/23/b...ox-office.html





‘Tenet’ May Not Be Playing at Your Local Drive-In Theater
Melinda Sue Gordon

“Tenet,” Christopher Nolan’s hotly anticipated and oft-delayed sci-fi epic, may not be unspooling in a drive-in theater near you.

To be fair, when the film touches down in the U.S. over Labor Day weekend, it’s unclear where exactly in the country the movie will be able to play. Many cinemas, particularly of the indoor variety, are still closed due to coronavirus.

But two weeks ahead of its domestic debut, scheduled for Sept. 3, Warner Bros. offered some clarity to exhibitors about its plans for Nolan’s latest. The studio issued strict guidelines to drive-in operators across the country, mandating that “Tenet” can only play in outdoor venues if indoor theaters in that particular market are open.

Since traditional brick-and-mortar theaters have reopened in Chicago, for example, drive-in locations in the Windy City will be permitted to play the film. But in New York City and Los Angeles, where hardtop cinemas are still closed, drive-in exhibitors won’t have access to “Tenet.”

However, given the rapidly changing nature of the pandemic, sources familiar with the situation stress these plans could be flexible. It’s possible the studio’s posture on drive-in theaters could soften in the coming weeks and that the film could screen on outdoor venues, even where indoor theaters are closed.

Exhibitors were told that Warner Bros. wants to keep “Tenet” from areas where traditional venues are still shuttered in order to help preserve the twists and turns of the plot, which has been shrouded in secrecy. But theater owners are concerned that audiences could resort to seeking out the movie elsewhere — like pirating it online.

“Tenet” isn’t hitting U.S. theaters for another two weeks, and there’s a chance that additional states could be given permission by officials to reopen theaters by then. For now, theaters have reopened in 44 states — but major metropolises like New York City and Los Angeles remain closed. Currently, 1,738 theaters in the U.S. and 2,152 in North America have resumed business, according to Comscore. There are over 6,000 theaters in total.

As moviegoing has cautiously started to resume in the U.S., drive-in theaters in Los Angeles, San Fransisco and Sacramento have been among the biggest moneymakers for new releases, as was the case last weekend with Solstice Studios’ road-rage thriller “Unhinged.” But per Warner Bros. guidelines, “Tenet” wouldn’t be able to play in any of those markets because indoor theaters there still remain dark.

Some exhibitors were surprised that Warner Bros. would forgo the chance to have “Tenet” on as many screens as possible, especially for a film that carries a budget around $200 million and will need robust ticket sales to get out of the red.

“There’s no predicting what’s going to happen with theaters reopening,” one exhibitor told Variety under the condition of anonymity. “Studios do things all the time that don’t make sense.”

Even though they’ve been a lifeline to the movie business during the pandemic, drive-in theater owners said they recognize their venues might not be of the highest priority to studios since there are so few of them in the country.

“It would be more meaningful if there were 3,000 drive-ins in the country,” the theater owner said. “With only 300 venues, it’s not significant enough.”

In the meantime, drive-in operators aren’t entirely devoid of new content to show. Disney’s superhero thriller “New Mutants” and “Bill & Ted Face the Music” with Keanu Reeves and Alex Winter will open on both indoor and outdoor screens this weekend. And classic favorites like “Jurassic Park,” “Harry Potter” and “Indiana Jones” have been reliable draws at times when there aren’t fresh titles to play. Exhibitors, in any case, feel confident that people still love going to the movies.

“Everyone wants the pandemic to be over with,” the theater owner said. “It’s going to take a lot of patience.”
https://variety.com/2020/film/news/t...an-1234746741/





Researchers at University College London Set a New World Record for Fastest Internet
Joanna Nelius

Imagine being able to download every single movie and TV show on Netflix in less than a second. Thousands of titles in a literal snap. Researchers at University College London have the ability to do that with a new world record they set for fastest internet—178 terabits a second, or 178,000 Gbps. Lecturer and Royal Academy of Engineering Research Fellow Dr. Lidia Galdino and team collaborated with Xtera and KDDI Research on the project.

According to UCL’s announcement, that speed is “double the capacity of any system currently deployed in the world.” To get that insanely fast speed, UCL researchers used a greater range of wavelengths than what’s typically used in fiber-optic cables and different amplifier technologies to boost the signal. Fiber-optic cables tend to absorb signals (well, the photons that are transmitted through the cable to make the signal) after a few miles because of the material the cables are made out of. Repeaters, which are like a wifi extender, are needed to re-transmit those signals so they can travel for a longer distance. So what the researchers managed to do is not only extend the signal, but also massively amplify it.

Current infrastructure uses a limited spectrum bandwidth of 4.5THz and 9THz commercial bandwidth is just starting to enter the market. 5G on the high-band or millimeter wave spectrum operates on 24 GHz and above and can transmit data up to at rate of 1 to 3 Gbps. But the internet speed Dr. Galdino and team achieved uses a 16.8THz bandwidth to get 178,000Gbps. Makes 5G seem rather slow when you put those numbers side by side.

This kind of system would be cheap to integrate with our existing internet infrastructure, too. According to UCL, upgrading amplifiers at certain intervals would be a fraction of what it would cost to install new optical fiber cables, roughly $21,100 every 25-62 miles (40-100 km) versus $594,000 every 0.62 miles (1 km), based on today’s conversation rate of £1 to $1.32). This sounds like it could be a worthwhile solution to help shrink the digital divide, something that the current pandemic has further illustrated the seriousness of.

“Independent of the covid-19 crisis, internet traffic has increased exponentially over the last 10 years and this whole growth in data demand is related to the cost per bit going down,” Dr. Galdino said to UCL. “The development of new technologies is crucial to maintaining this trend towards lower costs while meeting future data rate demands that will continue to increase, with as yet unthought-of applications that will transform people’s lives,”

Internet traffic has surged due to many now working or attending school from home, in addition to a higher demand of digitally-delivered entertainment like streaming movies and playing videogames online. The internet is holding strong for now, but its clearer than ever that it’s woefully inadequate because many do not have reliable or affordable access to it—an issue long before the current pandemic.

The entire published paper, “Optical Fibre Capacity Optimisation via Continuous Bandwidth Amplification and Geometric Shaping,” is available to read at IEEE Photonics Technology Letters.
https://gizmodo.com/researchers-at-u...orl-1844789699





5G in US Averages 51Mbps While Other Countries Hit Hundreds of Megabits

It's an upgrade over 4G but not a huge one due to reliance on low-band spectrum.
Jon Brodkin

Average 5G download speeds in the US are 50.9Mbps, a nice step up from average 4G speeds but far behind several countries where 5G speeds are in the 200Mbps to 400Mbps range. These statistics were reported today by OpenSignal, which presented average 5G speeds in 12 countries based on user-initiated speed tests conducted between May 16 and August 14. The US came in last of the 12 countries in 5G speeds, with 10 of the 11 other countries posting 5G speeds that at least doubled those of the US.

The US's average 5G speed is 1.8 times higher than the country's average 4G download speed of 28.9Mbps. User tests in neighboring Canada produced a 4G average of 59.4Mbps and a 5G average of 178.1Mbps. Taiwan and Australia both produced 5G averages above 200Mbps, while South Korea and Saudi Arabia produced the highest 5G speeds at 312.7Mbps and 414.2Mbps, respectively.

In the US, average download speeds for users who accessed 5G at least some of the time was 33.4Mbps—that figure includes both their 4G and 5G experiences. This was the second lowest of the 12 countries surveyed by OpenSignal, with the highest speeds coming in Saudi Arabia (144.5Mbps) and Canada (90.4Mbps). The US fared better in 5G availability, the percentage of time in which users are connected to 5G; the US figure in that statistic is 19.3 percent, fifth best, with Saudi Arabia placing first at 34.4 percent and the UK placing last at 4.5 percent.

OpenSignal says it collects "billions of measurements daily from over 100 million devices globally." OpenSignal told Ars that the 12 countries included in the report are those in which it has collected the highest-quality data.
Modest speed bump in low-band spectrum

The relatively small gap between 4G and 5G speeds in the US (28.9Mbps vs 50.9Mbps) reflects the widespread use of low-band spectrum for both the old and new networks. T-Mobile in particular has upgraded large portions of its low-band 4G network to 5G, which provides a speed boost but not the huge speed upgrades possible in 5G networks that rely on high-band spectrum. OpenSignal's report explained:

The modest 5G download speeds in the US are due to a combination of the limited amount of new mid-band 5G spectrum that is available and the popularity of low-band spectrum—T-Mobile's 600MHz and AT&T's 850MHz—which offer excellent availability and reach but lower average speeds than the 3.5GHz mid-band spectrum used as the main 5G band in every country outside of the US.

Previous OpenSignal research released in June, based on tests between March 16 and June 13, showed that Verizon is far and away the US leader in average 5G download speeds, at 494.7Mbps. T-Mobile and its newly purchased subsidiary Sprint both posted average 5G speeds of just over 49Mbps while AT&T posted an average of 60.8Mbps.

But Verizon's 5G network is tiny, largely because of Verizon's reliance on millimeter-wave frequencies that are easily blocked by walls and don't travel far, so Verizon's high 5G download speeds had practically no impact on the US average across all carriers. Users of OpenSignal's speed-test app were able to get a Verizon 5G signal just 0.4 percent of the time, compared to 22.5 percent for T-Mobile, 14.1 percent for Sprint, and 10.3 percent for AT&T.

Despite Verizon's small 5G network, the US ranks higher in 5G availability than in 5G speeds because the low-band spectrum used by other carriers "is ideally suited to enable great 5G reach and allow users to spend more time connected than in countries with higher frequency 5G spectrum," OpenSignal wrote in today's report. "In the US the low-band 5G services of T-Mobile and AT&T have helped drive a high 5G availability result. T-Mobile US' very recent launch of standalone access 5G—where a phone no longer needs to connect to 4G in order for 5G to work—should help 5G services in future."

The gradual shift from 4G to 5G might seem familiar to those who remember the shift from 3G to 4G that began about a decade ago. The 5G market is currently "immature" in OpenSignal's view. "We are still in the early stages of a 5G era that will last for at least a decade because the first 5G services launched only in 2019, and in a number of countries we continue to see 5G services aimed at smartphone users launching for the first time," the report said.
https://arstechnica.com/information-...s-of-megabits/





Charter Lies to FCC, Says Its Customers Love Data Caps
Joel Hruska

Corporations lie. Sometimes they lie to Congress. Sometimes they lie to end-users. Sometimes they lie to themselves. And sometimes they lie to the governmental agencies in charge of regulating the internet with the express goal of squeezing more money out of their customer bases.

Currently, Charter is not allowed to impose data caps on customers. This restriction was a requirement of its 2016 merger with Time Warner and the protection is set to expire on May 18, 2023. Charter has petitioned to end the protection two years early, in May 2021. Charter’s argument for dissolving the agreement is straightforward: Charter should be allowed to put data caps in place because Netflix and other video-on-demand services are popular and growing rapidly. Its competitors are allowed to use data caps, so Charter should be allowed to deploy them as well. Here’s the company’s argument:

Contrary to Stop The Cap’s assertion that consumers “hate” data caps, the marketplace currently shows that broadband service plans incorporating data caps or other usage-based pricing mechanisms are often popular when the limits are sufficiently high to satisfy the vast majority of users.

As a current Charter customer who is protected from a data cap: Charter is lying through its teeth. No human being I’ve ever met has liked data caps. Furthermore, most Americans have either one or two ISPs available to choose from in their local markets. If both your local ISPs deploy data caps, that doesn’t make data caps popular. It just means ISPs have engaged in abusive, rent-seeking behavior. Earlier this summer, Cox acknowledged throttling entire neighborhoods if a single person in the neighborhood used more bandwidth than Cox thought an unlimited service should provide.

Customers do not love data caps. Customers accept data caps because they have no choice but to do so. The company literally tries to claim that not being allowed to put data caps on a plan is harmful because it is prevented from “keeping pace with its competitors and offering consumers the kinds of plans they are looking for.”

The idea that customers are somehow being shortchanged because Charter isn’t allowed to squeeze them for overage fees is a lie. It’s the same lie that drives online advertising, website data collection policies, and a vast number of supposedly user-friendly services. In every case, the company in question will float a handful of examples of how their service can be useful, while ignoring just how rare those examples are.

Charter, for example, brings up the fact that some customers who use very little data per month might want a plan that only bills for data used, while others might like a prepaid internet plan they can renew through an app. To the best of my knowledge, there are no ISPs that actually charge a reasonable rate-per-bit for internet time. Typically, any home internet plan that offers just a few GB of monthly bandwidth also come with steep overage fees should you exceed it. The tools ISPs deploy to track home network usage are often inaccurate.

The best way to regulate network usage isn’t to slap people with bandwidth limits for the purposes of enriching ISPs. The best way to ensure everyone in a neighborhood receives the service they pay for is to regulate network performance. Capacity regulations are a secondary tactic at best, and the ISPs themselves are well aware of this.

Speaking as a Charter customer, I do not want a data cap placed on my service, particularly given the hundreds of gigabytes of data I can burn through while downloading games for a review. While it’s not something I do every day, I’ve definitely downloaded more than 1TB of data in a month before. I’ll grant that many of the company’s customers do not exceed their data caps on a regular basis and therefore do not think about the issue, but not being aware of something is not the same as liking it. Being forced to buy internet plans with bandwidth caps because no other plans are available is not the same as preferring these plans. Charter is misrepresenting the opinions and positions of its customers in public.
https://www.extremetech.com/internet...love-data-caps





Bridgefy, the Messenger Promoted for Mass Protests, is a Privacy Disaster

Researchers notified the company in April of serious flaws that have yet to be fixed.
Dan Goodin

The rise of mass protests over the past year—in Hong Kong, India, Iran, Lebanon, Zimbabwe, and the US—has presented activists with a major challenge. How do you communicate with one another when Internet connections are severely congested or completely shut down and at the same time keep your identity and conversations private?

One heavily promoted solution has been Bridgefy, a messaging app that has the financial and marketing backing of Twitter cofounder Biz Stone and boasts having more than 1.7 million installations. By using Bluetooth and mesh network routing, Bridgefy lets users within a few hundred meters—and much further as long as there are intermediary nodes—to send and receive both direct and group texts with no reliance on the Internet at all.

Bridgefy cofounder and CEO Jorge Ríos has said he originally envisioned the app as a way for people to communicate in rural areas or other places where Internet connections were scarce. And with the past year’s upswell of large protests around the world—often in places with hostile or authoritarian governments—company representatives began telling journalists that the app’s use of end-to-end encryption (reiterated here, here, and here) protected activists against governments and counter protesters trying to intercept texts or shut down communications.

Over the past few months, the company has continued to hold out the app as a safe and reliable way for activists to communicate in large gatherings. Bridgefy's tweets embrace protestors in Belarus, India, and Zimbabwe, not to mention the Black Lives Matter protests throughout the US. The company has also said its software developer kit can be used to build COVID-19 contact tracing apps.

Just this month, on August 10, this article quoted Bridgefy cofounder and CEO Jorge Ríos saying: “Last year, we became the protest app.” Up until last week, Bridgefy told Android users via the Google Play Store, “Don’t worry! Your messages are safe and can’t be read by those people in the middle.” The company continues to encourage iOS users to “have secure and private conversations” using the app.

But now, researchers are revealing a litany of recently uncovered flaws and weaknesses that show that just about every claim of anonymity, privacy, and reliability is outright false.

Unsafe at any speed

In a paper published on Monday, researchers said that the app’s design for use at concerts, sports events, or during natural disasters makes it woefully unsuitable for more threatening settings such as mass protests. They wrote:

Though it is advertised as “safe” and “private” and its creators claimed it was secured by end-to-end encryption, none of aforementioned use cases can be considered as taking place in adversarial environments such as situations of civil unrest where attempts to subvert the application’s security are not merely possible, but to be expected, and where such attacks can have harsh consequences for its users. Despite this, the Bridgefy developers advertise the app for such scenarios and media reports suggest the application is indeed relied upon.

The researchers are: Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, and Lenka Marekova from Royal Holloway, University of London. After reverse engineering the app, they devised a series of devastating attacks that allow hackers—in many cases with only modest resources and moderate skill levels—to take a host of nefarious actions against users. The attacks allow for:

• deanonymizing users
• building social graphs of users’ interactions, both in real time and after the fact
• decrypting and reading direct messages
• impersonating users to anyone else on the network
• completely shutting down the network
• performing active man-in-the-middle attacks, which allow an adversary not only to read messages, but to tamper with them as well

Impersonation, MitMs, and more

A key shortcoming that makes many of these attacks possible is that Bridgefy offers no means of cryptographic authentication, which one person uses to prove she’s who she claims to be. Instead, the app relies on a user ID that’s transmitted in plaintext to identify each person. Attackers can exploit this by sniffing the ID over the air and using it to spoof another user.

With no effective way to authenticate, any user can impersonate any other user, as long as an attacker has come into contact with that user (either one-on-one or in network-wide broadcast messages) at least once. With that, the attacker can pose as a trusted contact and trick a person into revealing personal names or other confidential information, or take harmful actions. The lack of authentication can also give rise to eavesdropping or tampering of messages.

Here’s how: When hypothetical Bridgefy user Ursula messages Ivan, she uses Ivan’s public key to encrypt the message. Ivan then uses his private key to decrypt the message. With no cryptographic means to verify a user’s identity, an attacker—say, one named Eve—can impersonate Ivan and present her own public key to Ursula. From then on, Eve can intercept and read all messages Ursula sends to Ivan. To tamper with the messages Ursula or Ivan send, Eve impersonates both parties to the other. With that, Eve can intercept the messages each sends and change the contents or add malicious attachments before sending it on to the other party.

There’s a separate way to read encrypted messages, thanks to another major Bridgefy flaw: its use of PKCS #1, an outdated way of encoding and formatting messages so that they can be encrypted with the RSA cryptographic algorithm. This encoding method, which was deprecated in 1998, allows attackers to perform what's known as a padding oracle attack to derive contents of an encrypted message.

Bleichenbacher strikes again

By carefully modifying the ciphertext, sending it to a targeted phone, and monitoring the phone's reaction, an attacker can learn the underlying plaintext contained in the ciphertext. In this particular attack, the padding oracle can be built on compression that Bridgefy uses to reduce the load on mesh networks. This is a variant of the so-called Bleichenbacher attack—named after its discoverer Swiss cryptographer Daniel Bleichenbacher—which has been the source of other crippling encryption flaws, including the HTTPs attacks known as DROWN and ROBOT.

The utility of the Bleichenbacher attack devised against Bridgefy is limited because it takes about 14 hours to complete. Still, it could be useful in the event police obtain a phone following the arrest of its owner. The attack may also be feasible in protests where targeted activists stay holed up in protest camps for extended periods of time.

It’s not a vulnerability... it’s a feature

Two other attacks don’t exploit Bridgefy vulnerabilities, rather these attacks target features developers intentionally designed to add app capabilities. One attack allows police or counterdemonstrators to build detailed social graphs of users connected to a network.

It works because all one-to-one messages contain the sender and receiver IDs in plaintext. The result is that anyone with physical presence can build a social graph of which IDs are communicating with every other ID over a given mesh network. The adversary can then use publicly available programming interfaces to query Bridgefy’s Internet server for the usernames that correspond to the IDs.

In many cases, users—whether individual or those who are included in a social graph—can be tied to real-world identities thanks to another design feature that lets users find friends who are also using the app. When users verify their accounts, they’re required to provide their phone numbers. Other users, whether verified or not, can then use a Bridgefy API to identify anyone in their contact list who has a verified account.

By using a phone that has every local or even national number in its contacts database, police or counter protestors can use this feature to obtain the phone number of any verified user. Until last December, Bridgefy required verification for every account. Since then, verification is an option.

An adversary can also track individual users’ movements in a crowd by building a rough topology of the network as it evolves in real time. This attack is possible because Bridgefy sends three receipts when a message is received: a “mesh reach” in cleartext, an encrypted “delivery” receipt, and an encrypted “viewed” receipt. The technique works because users who are further away from each other will experience a longer delay between a message and its receipts.

Another attack that results from design decisions, and a lack of defensive programming, is a “zip bomb” that completely shuts down a network. As the name suggests, it works by sending a compressed zip file in a broadcast message that’s beamed to all connected users. When carefully crafted, the attachment is about 10 kilobytes when decrypted, but it balloons into more than 10 megabytes as soon as it’s unzipped.

The massive size causes the Bridgefy app to crash. Each time a user restarts the app, it will once again unzip the file and experience the same crashing error again. With all apps connected to the network repeatedly crashing, the network completely shuts down. The only way to recover is to reinstall the app, but there’s nothing stopping an attacker from repeating the attack again and again.

The researchers notified Bridgefy of their findings in late April. The app maker has yet to fix any of the vulnerabilities but said it is in the process of completely overhauling the messaging internals to use the Signal protocol, the widely trusted open-source cryptographic engine that drives both the Signal and WhatsApp apps.

In a statement, company officials wrote:

After we received the Royal Holloway University of London research team’s findings, our original approach was to work quickly to fix the current Bridgefy SDK so we could release a security update to the app stores. Once we started digging deep into how we would do this, however, we realized that the SDK’s current security model was based on a design that was appropriate for when Bridgefy was a small startup, but not for the scale it has today and the growth we want to achieve in the future. Fixing the reported issues would be hard to do and the solutions would not guarantee a healthy security position for our product.

Because of this, we decided to think outside the box and consider the possibility of rewriting our entire model from scratch, designing a new one that would get rid of all the reported issues right off the bat. Trying not to reinvent the wheel, we searched for an existing solution that we could use that was already validated by the industry and security experts and this is when we found the Signal Protocol.

By using this open-source protocol we are going to add a very robust end-to-end encryption mechanism to our SDK, making our users feel more confident to use our product given that this solution is already used by millions of people around the world through messaging apps like WhatsApp and Signal. Most importantly, we will be delegating all the security heavy lifting to the real experts and focusing more on the actual peer-to-peer mesh technology that makes our company and our SDK unique.

In terms of engineering progress, we have already begun testing a version of our SDK internally that lacks the previous outdated security layer and now encrypts messages between devices using the Signal protocol, thus fixing all of the most severe security issues reported. We are also adding another security layer that will encrypt all the SDK control messages on a per-app basis so only users from the same app can understand the messages sent through the app’s mesh.


The statement went on to thank the research team.

In June, the app maker began issuing tweets like the ones here, here, and here that correct earlier statements and acknowledge the app, in fact, doesn’t provide end-to-end encryption and shouldn’t be relied for sensitive communications.

But the company continues to send mixed messages. The App Store and Play Store promotions mentioned earlier give the impression Bridgefy can be trusted to keep messages private, even though it has been clear to the company since April that they can’t. Tweets that continue to refer to mass protests and welcome activists using the app are another example.

It’s unclear how widely used the app is, despite the company touting the 1.7 million installs the messenger has, with more than 1 million in the Google Play Store alone. A fair number of comments there reported that the app doesn’t work well or at all. It’s also hard to find evidence of large grass-roots embrace of the app from protestors. It’s possible that the majority of people who downloaded the app don’t actually use it.

Even if that’s the case, the rise of Bridgefy is a cautionary tale about putting trust in apps that promise security, privacy, and resiliency in adverse settings. That’s particularly true for messaging apps that—unlike Signal, WhatsApp, and Telegram—are designed to work when there’s no Internet service available.

“Our work ... draws attention to this problem space,” the researchers wrote. “While it is difficult to assess the actual reliance of protesters on mesh communication, the idea of resilient communication in the face of a government-mandated Internet shutdown is present throughout protests across the globe. Yet, these users are not well served by the existing solutions they rely on. Thus, it is a pressing topic for future work to design communication protocols and tools that cater to these needs.”
https://arstechnica.com/features/202...vacy-disaster/





Facebook Apologizes to Users, Businesses for Apple’s Monstrous Efforts to Protect its Customers' Privacy

New iOS update will rob people of personalized ads, wails antisocial giant
Kieren McCarthy

Facebook has apologized to its users and advertisers for being forced to respect people’s privacy in an upcoming update to Apple’s mobile operating system – and promised it will do its best to invade their privacy on other platforms.

The antisocial network that makes almost all of its revenue from building a vast, constantly updated database of netizens that it then sells access to, is upset that iOS 14, due out next month, will require apps to ask users for permission before Facebook grabs data from their phones.

“This is not a change we want to make, but unfortunately Apple’s updates to iOS14 have forced this decision,” the behemoth bemoans before thinking the unthinkable: that it may have to end its most intrusive analytics engine for iPhone and iPad users.

“We know this may severely impact publishers’ ability to monetize through Audience Network on iOS 14, and, despite our best efforts, may render Audience Network so ineffective on iOS 14 that it may not make sense to offer it on iOS 14 in the future.”

Amazingly, despite Facebook pointing out to Apple that it is tearing away people’s right to have their privacy invaded in order to receive ads for products they might want, Cupertino continues to push ahead anyway.

The result is potentially horrifying. “While it’s difficult to quantify the impact to publishers and developers at this point with so many unknowns, in testing we’ve seen more than a 50 per cent drop in Audience Network publisher revenue when personalization was removed from mobile app ad install campaigns,” Facebook warns.

And who’s to blame? Not Facebook that’s for sure. While it promises that it is “working on short-and long-term strategies to support publishers through these changes,” it feels obliged to point out that it is Apple that “will hurt many of our developers and publishers at an already difficult time for businesses… Many of these are small businesses that depend on ads to support their livelihood.”

Internal data is always correct

It’s hard to imagine how Tim Cook sleeps at night knowing that he is purposely ruining people’s lives by not allowing Facebook to sell people’s personal data to help mom-and-pop stores. And Facebook is nothing if not generous, pointing out that “in 2019 we paid out billions of dollars” - according to “Facebook internal data.”

That’s right, Facebook actually gave some of the money it made from running those ads through its system to the business that paid for those ads. Which doesn’t make any sense but shut up, Facebook is the good guy, ok? And Apple is wrong to be doing this.

Facebook wants advertisers to know however that it has their back. It will continue to suck as much information as possible off every other device and through every other operating system.

Unfortunately, however, it will require them to set up a completely new advertising account to run campaigns for iOS users, because it’s not going to apply Apple’s new privacy protection measures any further than it has to. Again, though, this is Apple’s fault, not Facebook’s. Apple made the changes.

Facebook closes out by promising that it will do all it can to prevent user privacy from being respected in future. “We believe that industry consultation is critical for changes to platform policies, as these updates have a far-reaching impact on the developer ecosystem," it said.

"We’re encouraged by conversations and efforts already taking place in the industry - including within the World Wide Web Consortium (W3C) and the recently announced Partnership for Responsible Addressable Media (PRAM). We look forward to continuing to engage with these industry groups to get this right for people and small businesses.”
https://www.theregister.com/2020/08/...ebook_ios_ads/





50 Years Later, Jimi Hendrix's Electric Lady Studios Is Still An Artistic Haven
Chad Campbell and Matt Kwong

Fifty years ago — on Aug. 26, 1970 — Jimi Hendrix opened a psychedelic recording space in Greenwich Village, N.Y. Created by an artist and for artists, Electric Lady Studios broke the mold for what a recording studio could be.

"Imagine what it's like to have a studio built by flower power, hippie, acid-tripping kind of people," says Nile Rodgers, the guitar player known for his work in Chic and as an arranger, composer and producer.

"When a musician walked in there, they really felt like, 'Wow, I can make some great music in here,'" says Eddie Kramer, the studio's recording engineer who Rodgers calls "the magical sauce of Electric Lady."

"I was very fortunate to have been associated with Jimi Hendrix right from the beginning of his career in London in 1967, which is when I started recording him," Kramer says. "In 1969, Jimi and his manager bought a club called The Generation. The idea was to make it a place where Jimi could jam and they wanted a tiny little 8-track studio in the back corner.

"I was invited to come down and have a look and see what I thought of the idea," Kramer continues, "and I said, 'Guys, that's a terrible idea. You want Jimi to have a nightclub? That's craziness.' The fact that Jimi spends so much time in the studio, spending about $150,000 a year, I said, 'Why don't we just build it into the best studio in the world?' And Electric Lady Studios was born."

Hendrix died less than a month after the studio opened. Although Electric Lady rocks on today, it collected dust for years during the early 2000s. Electric Lady's managing partner, Lee Foster, remembers what it was like back then.

"The music business had sort of fallen on its head. You had Napster; you had digital recording. There was an idea at the time [that] we no longer need recording studios," he says. "When I first arrived here, you could just tell that people had sort of given up. We went a full 10 months without a single recording session in this building. I was sort of thrust into this position of 'Make it work or we're going to shut it down.' "

Foster ripped up carpets, threw out couches and we painted the walls to bring back the original vibes and make it a space where musicians felt inspired. Nurturing that aspect paid off.

"These days, if you're here," Foster says, "you're running into Mark Ronson, Lady Gaga, Lorde, Frank Ocean, Tyler the Creator, ASAP Rocky. For me, as a fan of music, it's like watching the Avengers walk around."

In the last decade, everything from Kanye West's My Beautiful Dark Twisted Fantasy single "All of the Lights" to Lady Gaga's A Star Is Born anthem, "Shallow," has been recorded at Electric Lady. Nile Rodgers, who has worked with the likes of D'Angelo, Femi Kuti and Hall & Oates at Electric Lady, remembers his last visit to the studio while working on Random Access Memories.

"I was working with Daft Punk and Thomas [Bangalter] said '[You're] kidding, you did Chic records here? Give me the mystique of what you guys created.' And that's when we did 'Get Lucky,' " he says. "It just flowed from being in that space and being in that room and feeling the magic of history."

With 50 years of history in the walls, Lee Foster thinks that if Jimi is watching, "he is very proud of what we're doing here and very proud of the music that's coming out of here."
https://www.npr.org/2020/08/26/90601...artistic-haven

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

August 22nd, August 15th, August 8th, August 1st

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is online now   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 05:31 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)