Peer-To-Peer News - The Week In Review - May 12th, ’18

[JackSpratts]

Since 2002































May 12th, 2018




AT&T Confirms it Paid Trump Lawyer Michael Cohen's Company
Brian Stelter and Hadas Gold

AT&T confirmed Tuesday evening that it paid President Trump's personal lawyer Michael Cohen in 2017 for "insights into understanding the new administration."

The payments were revealed in a document published by Stormy Daniels' attorney Michael Avenatti Tuesday afternoon.

Avenatti alleged that Essential Consultants, a shell company set up by Cohen before the election to pay Daniels, was paid by several corporations, including AT&T. At the time, AT&T was seeking government approval for its acquisition of Time Warner, CNN's parent company.

A document released by Avenatti stated that "Essential received $200,000 in four separate payments of $50,000 in late 2017 and early 2018 from AT&T."

AT&T disputed this timeline.

"Essential Consulting was one of several firms we engaged in early 2017 to provide insights into understanding the new administration," AT&T said Tuesday evening. "They did no legal or lobbying work for us, and the contract ended in December 2017."

AT&T's assertion, in essence, is that Cohen provided information about what made Trump tick.

Selling access to or influence with a president is not illegal, but it has the whiff of the so-called "swamp" that Trump rails against.

AT&T declined to comment on the total amount of the payments. But a source with knowledge of the matter said the total was actually higher than the $200,000 listed by Avenatti.

AT&T, one of the biggest companies in the country, has numerous issues before the government, including valuable government contracts and changes to so-called "net neutrality" regulations.

But the timing of payments to a Trump lawyer is especially significant because of the AT&T-Time Warner deal.

Trump, then the GOP nominee for president, expressed opposition to the $85 billion deal on the day it was announced.

When Trump won the election, there were immediate questions about whether the deal would be blocked by the Trump administration's Justice Department.

After a year-long review process, the DOJ sued to block the deal last November, saying it would violate antitrust law by harming competition and leading to an increase in prices paid by consumers. AT&T and Time Warner deny that the purchase would causes television prices to go up, and say they need the deal to better compete with the likes of Facebook, Google, Amazon and Netflix.

The payments to Cohen stopped in December, according to AT&T. At the time, pre-trial status conferences were getting started.

Politics initially looked likely to be a major theme of the trial. Citing Trump's animus toward CNN, AT&T and Time Warner claimed his Justice Department was selectively enforcing antitrust law. (The Justice Department has denied this.) But AT&T and Time Warner did not produce evidence of this, and after the judge hearing the case, Richard Leon, blocked discovery on certain communications from the White House that attorneys for AT&T and Time Warner attorneys had sought, the companies dropped that argument. Trump's feelings about CNN and the deal were never mentioned during the trial.

AT&T declined to comment beyond its statement. A Justice Department spokesperson also declined to comment.

The trial began in March and wrapped at the end of April. Leon is expected to issue his decision on June 12, though he has said it could come earlier.
http://money.cnn.com/2018/05/08/medi...nts/index.html





U.S. 'Net Neutrality' Rules Will End on June 11: FCC
David Shepardson

The Federal Communications Commission said in a notice on Thursday that landmark 2015 U.S. open-internet rules will cease on June 11, and new rules handing providers power over what content consumers can access will take effect.

The FCC in December repealed the Obama-era “net neutrality” rules, allowing internet providers to block or slow websites as long as they disclose the practice. The FCC said the new rules will take effect on June 11.

A group of states and others have sued to try to block the new rules from taking effect. The revised rules were a win for internet service providers like AT&T Inc and Comcast Corp but are opposed by internet firms like Facebook Inc and Alphabet Inc.

“The agency failed to listen to the American public and gave short shrift to their deeply held belief that internet openness should remain the law of the land,” FCC Commissioner Jessica Rosenworcel, a Democrat, said Thursday. “The FCC is on the wrong side of history, the wrong side of the law, and the wrong side of the American people.”

The U.S. Senate is set to vote as early as next week on whether to reject the FCC repeal of the net neutrality rules - but that effort faces an uphill battle.

Proponents currently have the backing of 47 Democrats and two independents who caucus with Democrats, as well as Republican Senator Susan Collins. With the prolonged absence of Republican Senator John McCain due to illness, proponents believe they will win on a 50-49 vote.

Senator Ed Markey said it was “likely” the vote will take place in the middle of next week. On Wednesday, senators officially filed a petition to force a net neutrality vote and 10 hours of floor debate under the Congressional Review Act.

Following the FCC announcement, Markey wrote on Twitter, “the Senate must act NOW and pass my resolution to save the internet as we know it.”

The FCC voted 3-2 to reverse Obama-era rules barring service providers from blocking, slowing access to or charging more for certain online content.

Once they take effect, the new FCC rules would give internet service providers sweeping powers to change how consumers access the internet but include new transparency requirements that require them to disclose any changes to consumers.

If the Senate approves the measure, it would not likely pass the Republican-controlled House of Representatives. If the legislation were to pass the House, President Donald Trump would be expected to veto it.

In February, a coalition of 22 state attorneys general refiled legal challenges intended to block the Trump administration’s repeal of net neutrality.

FCC Chairman Ajit Pai has often said he is confident the agency’s order will be upheld.

Democrats have said they believe the issue would be key in November’s midterm congressional elections, especially among younger internet-savvy voters.

Republicans have said the FCC repeal would eliminate heavy-handed government regulations, encourage investment and return the internet to pre-2015 rules.

Reporting by David Shepardson; editing by Jonathan Oatis
https://uk.reuters.com/article/us-us...-idUKKBN1IB1UN





Movie Industry Looking Towards Digital Currencies to Fight Piracy by Rewarding Participants to Watch Free Content
Princess Agnew

While it is common for film enthusiasts and moviegoers to pay to see movies, piracy has become a very challenging issue in the industry. The major driving force behind pirating movies is the desire of consumers to watch new contents immediately they are released, without having to pay through subscription platforms such as Amazon or Netflix or going to theatres to see the movie.

According to a study, 48% of residents in the US have seen a film after it left the cinema, but before it was legally available to watch at homes. Also, 24% said they have watched a pirated film while it was still showing in cinemas. Some of the most pirated movies in 2016 include Zootopia, Batman vs. Superman, and Deadpool, while the most pirated TV series is Game of Thrones.

The Solution to End Piracy

As the 71st annual Cannes Film Festival starts, one of the major focuses will be the next program that focuses on innovation in the film industry via blockchain tech. Blockchain technology is capable of solving prevailing issues that the movie industry is facing, such as digital right issue, piracy, and user data protection.

A very popular Hollywood producer is demonstrating how digital currency and blockchain technology can help the movie industry overcome piracy as well as other common issues they are facing. Andrea Iervolino (the CEO and co-founder of Ambi Media Group) just announced the imminent launch of TaTaTu, a platform based on blockchain that interlinks entertainment viewing with social media activities.

Legal Disclaimer: The content of this website (smartereum.com) is intended to convey general information only. This website does not provide legal, investment, tax, etc advice. You should not treat any information on smartereum.com as a call to make any particular decision regarding cryptocurrency usage, legal matters, investments, taxes, cryptocurrency mining, exchange usage, wallet usage, initial coin offerings (ICO), etc. We strongly suggest seeking advice from your own financial, investment, tax, or legal adviser. Neither smartereum.com nor its parent companies accept responsibility for any loss, damage, or inconvenience caused as a result of reliance on information published on, or linked to, from smartereum.com.

Movie Enthusiasts to Be Rewarded with Digital Currencies

Just like other blockchain-based platforms, TaTaTu uses a cryptoeconomics approach to the distribution and consumption of content, offering users digital currency as rewards to participate in watching free movies, gaming, sports, and other kinds of media. TaTaTu wants to reward users with TTU (an ERC20 token) for sharing and viewing free content.
https://smartereum.com/13600/movie-i...-free-content/





Top 10 Pirated Movies From Last Week
Chris Lange

Netflix, Hulu, HBO and others have capitalized on the trend of online streaming over the past few years, but online piracy poses a constant threat to these services. Whether these companies are losing subscription revenues or content, they are feeling it on the bottom line.

Pirating online content has been a growing problem in recent years, costing studios millions of dollars in lost ticket sales and media providers streaming revenue. In just 2016, the Motion Picture Association of America said that nearly $1 billion worth of pirated movies and TV shows were downloaded.

One of the more popular mediums for downloading and watching content is BitTorrent, which operates as a peer-to-peer file-sharing service. It is capable of distributing a massive amount of data over the internet.

Although it is widely known that many files are shared and downloaded illegally over this service, it still manages to operate. Authorities use the site as well to track some users who don’t hide their IP addresses via a proxy and nab them for illegally distributing or downloading this content.

24/7 Wall St. has taken a look at some of the more popular movies that were pirated this past week. These are the top 10 most pirated movies of the past week on BitTorrent:

1. Black Panther
2. Avengers: Infinity War
3. Game Night
4. Anon
5. 12 Strong
6. Fifty Shades Freed
7. Pacific Rim: Uprising
8. Den of Thieves
9. Samson
10. Thor: Ragnarok

https://247wallst.com/media/2018/05/...-last-week-16/





Jay-Z’s Tidal has been Accused of Faking Kanye West and Beyoncé Streaming Numbers
Ashley Rodriguez

Tidal, the subscription music service owned by Jay-Z and other artists, has been accused of faking the streaming numbers for two of its highest profile exclusive releases.

Kanye West’s “The Life of Pablo,” which was the first album to go platinum primarily from streaming, and Beyoncé’s platinum record “Lemonade” were released exclusively on Tidal for periods in 2016. By placing their albums on the fledgling platform, which was relaunched in 2015, both artists risked losing big paychecks.

West’s album was said to have been streamed 250 million times in the first 10 days on the service. And Beyoncé’s record was reportedly played 306 million times in 15 days. While it’s not hard to believe Bey and Yeezy could hit those numbers, they rang false to some, as Tidal said it had 3 million members then.

However, according to an in-depth investigation by Norwegian newspaper Dagens Næringsliv (DN), Tidal has reportedly manipulated those streaming numbers, to potentially make the company appear more profitable or increase royalty payments to the artists at the expense of others on the service. This is something Tidal vigorously denies and says the DN report is part of a “smear campaign.”

The DN’s report investigated streaming numbers since 2017, when it reportedly obtained a hard drive of internal Tidal data with more than 1.5 billion of rows of user play logs. Those logs were from two periods—from late January to early March, and mid April to early May—totaling 65 days in 2016. Its reporters tracked down subscribers from the logs, and presented them with their apparent listening history, which the users said didn’t add up.

The publication also worked with the Norwegian University of Science and Technology’s cyber and information security department to see whether the data on the hard drive had been manipulated.

“We have through advanced statistical analysis determined that there has in fact been a manipulation of the data at particular times. The manipulation appears targeted towards a very specific set of track IDs, related to two distinct albums,” found the researchers (pdf) at NTNU’s Center for Cyber and Information Security. “The manipulation likely originates from within the streaming service itself.”

The research said it was likely that the data was manipulated in several ways, including copying and inserting playbacks of tracks, and adjusted the timestamps on the duplicate plays.

A lawyer for Tidal reportedly told DN that the findings were false, and that DN lied about the contents of the data to the researchers.

“This is a smear campaign from a publication that once referred to our employee as an ‘Israeli Intelligence officer’ and our owner as a ‘crack dealer,'” said Tidal, in a statement shared with Quartz. “We expect nothing less from them than this ridiculous story, lies and falsehoods. The information was stolen and manipulated and we will fight these claims vigorously.”

DN used such language about the Tidal employee and owner in a previous January 2017 report that suggested Tidal had inflated its subscriber numbers, based on leaked internal documents.
https://qz.com/1273472/tidal-has-bee...yonce-streams/





The Big Music Labels are Selling Big Chunks of their Spotify Stakes

First Sony, now Warner Music Group.
Peter Kafka

As Spotify was getting its subscription music service off the ground, the world’s biggest music labels took equity stakes in the company.

Now that Spotify has gone public, they’re selling big chunks of those holdings.

Last week, Sony, the music label with the biggest stake in Spotify, announced that it had sold about half of its shares, for about $750 million.

Today, Warner Music Group says it has sold 75 percent of its Spotify shares, for about $400 million.

Warner CEO Steve Cooper made the disclosure during the company’s earnings call this morning, and made a point of saying the sale doesn’t reflect any pessimism about Spotify’s potential. Warner, along with Sony and Universal Music Group, captures the bulk of the revenue Spotify generates, so it has a vested interest in its success.

“We’re a music company and not, by our nature, long-term holders of publicly traded equity. This sale has nothing to do with our view of Spotify’s future,” Cooper said, via prepared remarks, during the call. “We’re hugely optimistic about the growth of subscription streaming. We know it has only just begun to fulfill its potential for global scale. We fully expect Spotify to continue to play a major role in that growth.”

Warner, along with the other labels, has said it would distribute some of the cash it gets from its Spotify shares to musicians and songwriters.

Spotify went public last month at a valuation of $30 billion. The company reported its first-quarter earnings last week and disappointed investors even though it delivered the results it had predicted. Wall Street currently values the company at $27 billion.
https://www.recode.net/2018/5/7/1732...y-equity-sales





SongTrust has Inked Deals with Over 150,000 Songwriters for Royalties Management
Jonathan Shieber

The music industry is finally seeing some daylight after years of sales declines and revenue attrition. As industry organizations announce year-on-year growth, songwriters are turning to royalty management organizations like SongTrust in increasing numbers. In just under a year SongTrust added 50,000 songwriters, 5,000 publishers, and now represents 1 million copyrights. The company said that one-in-five new professional songwriters are using SongTrust’s platform.

Signs of the music industry’s comeback are everywhere, SongTrust noted. They’re visible in the 8.1 percent increase in global recorded music revenues; in the second straight year that the German publishing rights body, GEMA, topped 1 billion Euros in revenue; and in the record financial results recorded by the PRS for Music — an increase of 14.7 percent over 2016.

More good news is coming to songwriters and rights holders in the form of the Music Modernization Act that’s now making its way through Congress.

Technology is something that the music industry’s back end has sorely needed. Performers, producers and songwriters avail themselves of the latest technologies in the studios and stages around the world and are then reduced to Excel spreadsheets and outmoded tracking systems to follow their songs through various distribution channels. And digital technologies like sampling, and distribution platforms like Spotify and others have complicated the process even further.

There’s a whole range of tools that are coming to market to help professionalize the back end of the industry, so that artists can get paid their fair share.

Songtrust was born out of Downtown Music Publishing, a publishing and rights management firm that manages rights for artists, such as Frank Sinatra, One Direction and Santigold.
https://techcrunch.com/2018/05/10/so...es-management/





Exclusive: Comcast Prepares All-Cash Bid to Gate-Crash Disney-Fox Deal – Sources
Greg Roumeliotis, Liana B. Baker

U.S. cable operator Comcast Corp is speaking to investment banks about obtaining bridge financing for an all-cash bid to displace Walt Disney Co on its $52 billion deal to acquire most of Twenty-First Century Fox Inc’s assets, three people familiar with the matter said on Monday.

The move is the first concrete step that Comcast is taking to upend Disney’s deal with Fox. It sets Comcast Chief Executive Brian Roberts on a collision course with two other media industry titans, Fox Executive Chairman Rupert Murdoch and Disney CEO Bob Iger.

Comcast, owner of NBC and Universal Pictures, has already made a 22 billion pound ($30 billion) offer to acquire the 61 percent stake in European pay-TV group Sky Plc that Fox does not already own. In doing so, it topped an earlier offer for the entirety of Sky by Fox.

Comcast is asking investment banks to increase the bridge financing facility they have already arranged for the Sky offer by as much as $60 billion to finance the Fox bid, the sources said.

Comcast is waiting for a judge to rule next month on the U.S. Department of Justice’s challenge to telecommunications provider AT&T Inc’s planned $85 billion acquisition of media conglomerate Time Warner Inc before it submits an offer to Fox, the sources said.

Fox rejected an offer from Comcast last year largely due to antitrust concerns, and Comcast plans to make a new offer only if AT&T and Time Warner prevail in court, the sources added.

The sources asked not to be identified because the matter is confidential. Comcast, Fox and Disney did not immediately respond to requests for comment.

Fox shares rose 5.13 percent to $39.99 on the news in after-hours trading in New York on Monday. Comcast shares were down 1.5 percent to $31.90, while Disney shares were down 0.5 percent to $102.00.

Disney clinched an all-stock deal in December to acquire Fox’s film, television and international businesses, giving the world’s largest entertainment company an arsenal of shows and movies to combat growing digital rivals Netflix Inc and Amazon.com Inc.

Murdoch, who owns close to a 17 percent in Fox and also has voting control, had a preference at the time for a stock deal, because it made the transaction non-taxable at a Fox shareholder level. It is not clear how receptive he would be to an all-cash offer by Comcast.

Disney has committed to share buybacks to give some cash to Fox shareholders. As a result, Comcast sees an opening in being disruptive to the deal by making an all-cash bid, according to the sources.

Last November, Comcast offered to acquire most of Fox’s assets in an all-stock deal valued at $34.41 per share, a regulatory filing showed last month. Like Disney, Comcast sought to buy Fox’s entertainment networks, movie studios, television production and international assets, the filing shows.

Fox ended up announcing an all-stock deal with Disney for $29.54 per share. In the regulatory filing, Disney and Fox cited regulatory hurdles as reasons to reject Comcast’s bid, even though they did not reference it by name.

The filing also shows that Fox saw Disney’s stock as more valuable than Comcast’s, based on historic prices, and felt that a deal between Disney and Fox would generate greater long-term value. The Roberts family controls Comcast through a dual-class stock structure.

Comcast’s stock has dropped since then, from around $38 to about $32 now, giving the company a market capitalization of $149 billion.

Reporting by Greg Roumeliotis and Liana B. Baker in New York; Additional reporting by Jessica Toonkel in New York; Editing by Lisa Shumaker
https://www.reuters.com/article/us-f...-idUSKBN1I82I7





‘Who Gets to Be Sexy?’

Technology has made it possible for just about anyone to shoot, direct and star in their own porn films. Women are leading the new guard.
Amanda Hess

Kelly Shibari moved from Japan to the United States at 15 to attend college, toured as a roadie for rock bands and Broadway shows after graduation, and settled in Los Angeles, where she built a career as a film production designer. But in 2007, Hollywood writers went on strike, and work dried up. Ms. Shibari was commiserating with others in the industry, wondering how to make ends meet, when a friend dangled an idea: What about … porn?

“My first reaction was, ‘There’s no fat girls in porn,’” Ms. Shibari said. And there were definitely no fat Asian girls. “The stereotype of Asians in porn is that they’re long and lean and not very curvy,” she said. “That’s how white Americans see Asian sexuality.”

Defying those conventions worked to Ms. Shibari’s advantage, and she staked a claim to a growing niche. By 2016, she had become the first plus-size model featured in the pages of Penthouse. But that recognition came after years of Ms. Shibari and other adult entertainers pushing against the industry’s boundaries.

Performers of her size were typically cast in fetish scenes that emphasized their weight — “feeding or gaining or squashing or face sitting,” as she put it. Ms. Shibari was more interested in sex. So she started making and distributing her own films, which gave her the freedom to produce the kind of material she would actually want to watch.

“Doing porn, in the beginning, was never about politics,” Ms. Shibari said. “I wasn’t trying to break any barriers. I just wanted to have a good time.” And make some money, too. She found that both were more attainable by striking out on her own.

Ms. Shibari’s story, of economic crisis spawning creative solutions, is a familiar one in the porn industry, which is looking less and less like an industry these days. Amateurs are flooding the internet; piracy has addled the once-dominant studios; production has atomized and scattered. But along the way, something interesting has started to happen: Women are rising up.

“The decentralization of the industry is giving workers more power,” said Heather Berg, a lecturer in gender studies at the University of Southern California who studies labor issues in pornography. “It’s now so easy to produce and distribute your own content that workers are a lot less dependent on the boss.”

That means performers can now run their own shows. The rise of webcam work has opened up a style of performance that can be totally controlled by the model in her bedroom. The accessibility of film cameras, alternative hosting sites and webcam tools like Skype have made way for a wider range of sexual and gender representations. And social media has given women a voice offscreen, where they’re puncturing mainstream stereotypes while calling out destructive industry practices, too.

“Since the recession, we’ve seen this giant influx of women who are older, college educated and have backgrounds in business,” said Ms. Shibari, who currently works mostly as a marketer. “Now we have all these empowered women who want to speak up.”

Women have always capitalized on technological change to find a way into the male-dominated industry. The popularization of the VHS tape in the 1980s allowed them to experience pornography in their homes instead of in darkened theaters surrounded by guys. Newly affordable cameras made it possible for them to shoot and direct their own films. And even as studios have faltered, independent companies have gained footholds.

Take Pink and White Productions, which is run by the director Shine Louise Houston. In her time working for a sex shop, she had noticed a lack of queer material, so she decided to direct her own. In her first film, “Crash Pad” (2006), she cast Jiz Lee, a nonbinary artist and porn novice, to star.

“I had always been interested in sex work, but I didn’t think I could do it without changing myself to present more in line with mainstream aesthetics — how I looked and how I had sex,” Mx. Lee said. “When I started, it seemed like everybody looked like Stormy Daniels.”

Mx. Lee has since performed in many of Ms. Houston’s films, but also for mainstream companies like Vivid, and now manages marketing for Pink and White. These days, “we’re seeing more trans people in porn, people of color, queer people, people of size, older people, people with disabilities,” Mx. Lee said. “We have a much more expansive vision of what’s possible.”

The rise of webcams has meant a boon in one-woman shops that can accommodate potentially endless performances. “I tend to not maintain the standard of beauty that the industry is looking for,” said Ingrid Mouth, who started performing on webcams when chronic illness made it difficult for her to sustain her career as an illustrator. “When you’re shooting your own content, you’re creating your own narrative. You’re building your own audience. It’s totally open-ended.”

This creative disruption isn’t contained to explicitly feminist and queer productions. When Constance Penley, a film scholar at the University of California, Santa Barbara, co-edited the 2013 anthology “The Feminist Porn Book,” she focused on figures with overt politics, like Mx. Lee, the performer Nina Hartley and the feminist pornographer Tristan Taormino.

But more recently, Ms. Penley said, “I’m impressed how these efforts cross much of the industry, from Stoya to Stormy Daniels, from the cammers to the sex toy companies.” There is a growing sense that there is no bright line between feminist material and mainstream material.

Pornographic actresses are edging into the mainstream media, too, including Ms. Daniels, whose battle with the president has become national news, and Stoya, who writes thoughtful essays using the lens of porn performance to examine issues of sex education and privacy.

Their rising profiles have also given them opportunities to act as change agents within the industry. Recently the performer and activist Lotus Lain leveraged Twitter to speak directly to her fans, explaining that she had stopped shooting scenes with men because she was too often cast in racist scenarios. “There are all kinds of kinks in the world,” Ms. Lain said. “I don’t understand why our industry chooses to play into the racist ones.”

The increasing visibility of these women has dovetailed with a growing willingness to see sex work as work, and to put its potential exploitations into a larger class framework. As the performer Missy Martinez said on Twitter recently, “People always feel the need to ask porn stars with the concern if they ‘actually like their job.’ Dude, you work at Verizon. Are YOU okay is the real question.”

The porn industry had a moment of reckoning with sexual misconduct this year when the performer Leigh Raven and her wife, the director Nikki Hearts, posted a wrenching hourlong video to YouTube, in which Ms. Raven described being coerced and abused on a porn set.

Taking a stand has cost them some work. But their story has also complicated prevailing narratives about pornography and abuse, which situate performers as either perpetual victims or asking for it. We now know similar abuses happen on Hollywood film sets and in hotel rooms, on production lines and in offices across America. It’s harder than ever to paint porn as uniquely exploitative — or to ignore abuses that do happen.

None of this is to say that these changes have been an unqualified good for women and other marginalized people. Seizing more control over the material often requires women to work more for less. Niche queer and feminist productions tend to serve smaller audiences and pay less, too. And a new law ostensibly passed to crack down on sex trafficking also risks sending all sex work underground, forcing women to again work through intermediaries and walk back the freedoms they have gained online.

Even social media exposure is a double-edged sword, as women in pornography have to work overtime to combat mainstream stigmas. And of course, whenever women rise, a male backlash awaits. For women, making it in porn is more of a hustle than ever.

But even that has its way of challenging stereotypes. It’s harder and harder to argue that porn performers are desperate people lured in by easy cash and coerced into submission. There’s just too little money in it — and women have to work too creatively to make it — for that to stand.

The past few years have shown a glimmer of what’s possible in porn. Now, as Ms. Hearts said, “we’re just waiting for these old white men to die off.”
https://www.nytimes.com/2018/05/05/s...ary-queer.html





'Next Generation' Flaws Found On Computer Processors: Magazine

Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday.

The magazine, called c’t, said it was aware of Intel Corp’s plans to patch the flaws, adding that some chips designed by ARM Holdings, a unit of Japan’s Softbank, might be affected, while work was continuing to establish whether Advanced Micro Devices chips were vulnerable.

Meltdown and Spectre bugs could reveal the contents of a computer’s central processing unit - designed to be a secure inner sanctum - either by bypassing hardware barriers or by tricking applications into giving up secret information.

C’t did not name its sources because researchers were working under so-called responsible disclosure, in which they inform companies and agree to delay publishing their findings until a patch can be found.

The magazine said Google Project Zero, one of the original collective that exposed Meltdown and Spectre in January, had found one of the flaws and that a 90-day embargo on going public with its findings would end on May 7.

Intel shares closed down slightly to $52.28, in line with a decline in the Nasdaq Composite Index. An Intel representative declined to comment on the vulnerabilities described in c’t magazine.

In a statement on its website, Intel said it routinely works closely with customers, partners, other chipmakers and researchers to mitigate any issues that are identified, and that part of the process involved reserving blocks of CVE numbers.

“We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations,” the statement said.

AMD said it was aware of the media reports and was examining the issue. Google declined to comment. ARM representatives could not immediately be reached for comment.

The German magazine gave few details about the reported new flaws. When the Spectre and Meltdown flaws emerged, researchers said that additional similar flaws were likely to be found and would require patches.

“Considering what we have seen with Meltdown and Spectre, we should expect a long and painful cycle of updates, possibly even performance or stability issues,” said Yuriy Bulygin, chief executive officer of hardware security firm Eclypsium and a former Intel security researcher. “Hopefully, Meltdown and Spectre led to improvements to the complicated process of patching hardware.”

While no proof has yet emerged that Spectre or Meltdown were ever used by hackers in the real world, similar attacks have “become a hot, new area of research. Bad actors have probably already invested in such attacks by now,” Bulygin said.

Reporting by Douglas Busvine; additional reporting by Laharee Chatterjee in Bangalore; editing by Jane Merriman and Leslie Adler
https://www.reuters.com/article/us-c...-idUSKBN1I42BZ





Microsoft Working on a Fix for Windows 10 Meltdown Patch Bypass
Catalin Cimpanu

Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike.

Only patches for Windows 10 versions were affected, the researcher wrote today in a tweet. Microsoft quietly fixed the issue on Windows 10 Redstone 4 (v1803), also known as the April 2018 Update, released on Monday.

"Welp, it turns out the Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation," Ionescu wrote.

Welp, it turns out the #Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation. This is now patched on RS4 but not earlier builds -- no backport?? pic.twitter.com/VIit6hmYK0
— Alex Ionescu (@aionescu) May 2, 2018

Ionescu pointed out that older versions of Windows 10 are still running with outdated and bypass-able Meltdown patches.
Microsoft patched another —unrelated— vulnerability today

Microsoft issued today an security update, but it wasn't to backport the "fixed" Meltdown patches for older Windows 10 versions.

Instead, the emergency update fixed a vulnerability in the Windows Host Compute Service Shim (hcsshim) library (CVE-2018-8115) that allows an attacker to remotely execute code on vulnerable systems.

Microsoft classified CVE-2018-8115 as a "critical" issues. A patched hcsshim file is available for download from GitHub.
Backported patches are on the way

"We are aware and are working to provide customers with an update," a Microsoft spokesperson told Bleeping Computer today in an email.

It may be that if Microsoft doesn't bundle these fixes in an out-of-band update, they will most likely arrive in Microsoft's May 2018 Patch Tuesday, but this is only our speculation.

Microsoft released its Meltdown and Spectre patches on January 4, a day after security researchers disclosed the two flaws, vulnerabilities that allow attackers to retrieve data from protected areas of modern CPUs.

The Redmond-based OS maker has had a hard time patching the two flaws, and the company recently issued additional security updates to fix the original Spectre mitigations, and also deliver Intel CPU microcode updates, as a favor to Intel.
https://www.bleepingcomputer.com/new...-patch-bypass/





Alexa and Siri Can Hear This Hidden Command. You Can’t.

Researchers can now send secret audio instructions undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant.
Craig S. Smith

Many people have grown accustomed to talking to their smart devices, asking them to read a text, play a song or set an alarm. But someone else might be secretly talking to them, too.

Over the past two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant. Inside university labs, the researchers have been able to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites. In the wrong hands, the technology could be used to unlock doors, wire money or buy stuff online — simply with music playing over the radio.

A group of students from University of California, Berkeley and Georgetown University showed in 2016 that they could hide commands in white noise played over loudspeakers and through YouTube videos to get smart devices to turn on airplane mode or open a website.

This month, some of those Berkeley researchers published a research paper that went further, saying they could embed commands directly into recordings of music or spoken text. So while a human listener hears someone talking or an orchestra playing, Amazon’s Echo speaker might hear an instruction to add something to your shopping list.

“We wanted to see if we could make it even more stealthy,” said Nicholas Carlini, a fifth-year Ph.D. student in computer security at U.C. Berkeley and one of the paper’s authors.

Mr. Carlini added that while there was no evidence that these techniques have left the lab, it may only be a matter of time before someone starts exploiting them. “My assumption is that the malicious people already employ people to do what I do,” he said.

These deceptions illustrate how artificial intelligence — even as it is making great strides — can still be tricked and manipulated. Computers can be fooled into identifying an airplane as a cat just by changing a few pixels of a digital image, while researchers can make a self-driving car swerve or speed up simply by pasting small stickers on road signs and confusing the vehicle’s computer vision system.

With audio attacks, the researchers are exploiting the gap between human and machine speech recognition. Speech recognition systems typically translate each sound to a letter, eventually compiling those into words and phrases. By making slight changes to audio files, researchers were able to cancel out the sound that the speech recognition system was supposed to hear and replace it with a sound that would be transcribed differently by machines while being nearly undetectable to the human ear.

The proliferation of voice-activated gadgets amplifies the implications of such tricks. Smartphones and smart speakers that use digital assistants such as Amazon’s Alexa or Apple’s Siri are set to outnumber people by 2021, according to the research firm Ovum. And more than half of all American households will have at least one smart speaker by then, according to Juniper Research.

Amazon said that it doesn’t disclose specific security measures, but it has taken steps to ensure its Echo smart speaker is secure. Google said security is an ongoing focus and that its Assistant has features to mitigate undetectable audio commands. Both companies’ assistants employ voice recognition technology to prevent devices from acting on certain commands unless they recognize the user’s voice.

Apple said its smart speaker, HomePod, is designed to prevent commands from doing things like unlocking doors, and it noted that iPhones and iPads must be unlocked before Siri will act on commands that access sensitive data or open apps and websites, among other measures.

Yet many people leave their smartphones unlocked, and, at least for now, voice recognition systems are notoriously easy to fool.

There is already a history of smart devices being exploited for commercial gains through spoken commands.

Last year, Burger King caused a stir with an online ad that purposely asked ‘O.K., Google, what is the Whopper burger?” Android devices with voice-enabled search would respond by reading from the Whopper’s Wikipedia page. The ad was canceled after viewers started editing the Wikipedia page to comic effect.

A few months later, the animated series South Park followed up with an entire episode built around voice commands that caused viewers’ voice-recognition assistants to parrot adolescent obscenities.

There is no American law against broadcasting subliminal messages to humans, let alone machines. The Federal Communications Commission discourages the practice as “counter to the public interest,” and the Television Code of the National Association of Broadcasters bans “transmitting messages below the threshold of normal awareness.” Neither say anything about subliminal stimuli for smart devices.

Courts have ruled that subliminal messages may constitute an invasion of privacy, but the law has not extended the concept of privacy to machines.

Now the technology is racing even further ahead of the law. Last year, researchers at Princeton University and China’s Zhejiang University demonstrated that voice-recognition systems could be activated by using frequencies inaudible to the human ear. The attack first muted the phone so the owner wouldn’t hear the system’s responses, either.

The technique, which the Chinese researchers called DolphinAttack, can instruct smart devices to visit malicious websites, initiate phone calls, take a picture or send text messages. While DolphinAttack has its limitations — the transmitter must be close to the receiving device — experts warned that more powerful ultrasonic systems were possible.

That warning was borne out in April, when researchers at the University of Illinois at Urbana-Champaign demonstrated ultrasound attacks from 25 feet away. While the commands couldn’t penetrate walls, they could control smart devices through open windows from outside a building.

This year, another group of Chinese and American researchers from China’s Academy of Sciences and other institutions, demonstrated they could control voice-activated devices with commands embedded in songs that can be broadcast over the radio or played on services like YouTube.

More recently, Mr. Carlini and his colleagues at Berkeley have incorporated commands into audio recognized by Mozilla’s DeepSpeech voice-to-text translation software, an open-source platform. They were able to hide the command, “O.K. Google, browse to evil.com” in a recording of the spoken phrase, “Without the data set, the article is useless.” Humans cannot discern the command.

The Berkeley group also embedded the command in music files, including a four-second clip from Verdi’s “Requiem.”

How device makers respond will differ, especially as they balance security with ease of use.

“Companies have to ensure user-friendliness of their devices, because that’s their major selling point,” said Tavish Vaidya, a researcher at Georgetown. He wrote one of the first papers on audio attacks, which he titled “Cocaine Noodles” because devices interpreted the phrase “cocaine noodles” as “O.K., Google.”

Mr. Carlini said he was confident that in time he and his colleagues could mount successful adversarial attacks against any smart device system on the market.

“We want to demonstrate that it’s possible,” he said, “and then hope that other people will say, ‘O.K. this is possible, now let’s try and fix it.’”
https://www.nytimes.com/2018/05/10/t...o-attacks.html





Lawmakers Move to Block Government from Ordering Digital ‘Back Doors’
Morgan Chalfant

A bipartisan group of House lawmakers have introduced legislation that would block the federal government from requiring technology companies to design devices with so-called back doors to allow law enforcement to access them.

The bill represents the latest effort by lawmakers in Congress to wade into the battle between federal law enforcement officials and tech companies over encryption, which reached a boiling point in 2015 as the FBI tussled with Apple over a locked iPhone linked to the San Bernardino terror attack case.

Top FBI and Justice Department officials have repeatedly complained that they have been unable to access devices for ongoing criminal investigations because of encryption. FBI Director Christopher Wray has suggested that devices could be designed to allow investigators to access them, though he insists the bureau is not looking for a “back door.”

The bipartisan bill introduced Thursday would prohibit federal agencies from requiring or requesting that firms “design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product” by the government.

Rep. Zoe Lofgren (D-Calif.) introduced the legislation along with Reps. Ted Lieu (D-Calif.), Jerrold Nadler (D-N.Y.), Matt Gaetz (R-Fla.), Thomas Massie (R-Ky.) and Ted Poe (R-Texas).

The bill would also block courts from issuing an order to compel companies to design products with “back doors” to allow for surveillance or law enforcement searches.

The legislation makes an exception for mandates, requests or court orders that are authorized under the Communications Assistance for Law Enforcement Act, a 1994 law requiring telephone companies to make changes to their network design in order to make it easier for the government to wiretap phone calls.

The bill’s introduction comes following an FBI inspector general report that found the bureau did not exhaust all avenues when trying to unlock the San Bernardino suspect’s iPhone before pursuing a court order to force Apple to break into the device.

Critics have argued that the report shows the FBI was more interested in establishing a legal precedent to get companies to bypass encryption than in actually unlocking the phone.

Lofgren and other sponsors of the bill were among a group of lawmakers who wrote to Wray in April describing the report as “troubling” and suggesting that the FBI could find solutions to unlocking encrypted devices on the market instead of designing devices in order to allow law enforcement to probe them. Some, like Sen. Ron Wyden (D-Ore.), argue that altering the design of digital devices to allow for such access would weaken security.

Lofgren’s bill is identical to legislation she introduced back in 2015. The bill, along with its companion in the Senate sponsored by Wyden, never went to the floor for a vote.

Attorney General Jeff Sessions said this week that Congress may ultimately need to “take action” to solve the encryption problem. He and other officials have said the FBI was unable to break into thousands of devices last year despite having warrants to probe them.

Sens. Dianne Feinstein (D-Calif.) and Chuck Grassley (R-Iowa), meanwhile, are said to be in the early stages of pursuing their own legislation in the Senate, though the details of what a prospective bill would look like are unclear.
http://thehill.com/policy/cybersecur...tal-back-doors





Unroll.me to Close to EU Users Saying it Can’t Comply with GDPR
Natasha Lomas

Put on your best unsurprised face: Unroll.me, a company that has, for years, used the premise of ‘free’ but not very useful ’email management’ services to gain access to people’s email inboxes in order to data-mine the contents for competitive intelligence — and controversially flog the gleaned commercial insights to the likes of Uber — is to stop serving users in Europe ahead of a new data protection enforcement regime incoming under GDPR, which applies from May 25.

In a section on its website about the regional service shutdown, the company writes that “unfortunately we can no longer support users from the EU as of the 23rd of May”, before asking whether a visitor lives in the EU or not.

Clicking ‘no’ doesn’t seem to do anything but clicking ‘yes’ brings up another info screen where Unroll.me writes that this is its “last month in the EU” — because it says it will be unable to comply with “all GDPR requirements” (although it does not specify which portions of the regulation it cannot comply with).

Any existing EU user accounts will be deleted by May 24, it adds:

“The EU is implementing new data privacy rules, known as General Data Protection Regulation (GDPR). Unfortunately, our service is intended to serve users in the U.S. Because it was not designed to comply with all GDPR requirements, Unroll.Me will not be available to EU residents. This means we may not serve users we believe are residents of the EU, and we must delete any EU user accounts by May 24. We are truly sorry that we are unable to offer our service to you.”

While Unroll.me, which is owned by Slice Technologies, also claims on the very same website that its parent company “strips away personal information” (i.e. after it has passed personal data attached to commercial and transactional emails found in users’ inboxes) — to “build anonymized market research products that analyze and track consumer trends” — it has been criticized for not being transparent about how it parses and sells people’s personal information.

And in fact if you go to the trouble of reading the small print of Unroll.me’s privacy policy it says it can share users’ personal information how it pleases — not just with its parent entity (and direct affiliates) but with any other ‘partners’ it chooses…

“We may share personal information we collect with our parent company, other affiliated companies, and trusted business partners. We also will share personal information with service providers that perform services on our behalf. Our non-affiliated business partners and service providers are not authorized by us to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements.”

So it’s not hard to see why Unroll.me has decided it must shut up shop in the EU, given this ‘hand-in-the-cookie-jar’ approach to private data. (In a GDPR FAQ on its site it tries to suggest it needs more time to comply with the enforcement requirements — couching the regulation as “so vast and appropriately comprehensive” it simply hasn’t had time to get its ducks in order; yet the final text of GDPR was agreed at the end of 2015, and the regulation was proposed three years before that, so all companies handling personal data in the EU have had years to get aware and get prepared.)

The move also flags up contradictions in Unroll.me’s messaging to its users. For instance we’ve asked the company why it’s shutting down in the EU if — as it claims on its website — it “respects your privacy”. We’re not holding our breath for a response.

The market exit also looks like a tacit admission that Unroll.me has essentially been ignoring the EU’s existing privacy regime. Because GDPR does not introduce privacy rules to the region. Rather the regulation updates and builds on a data protection framework that’s more than two decades old at this point — mostly by ramping up enforcement, with penalties for privacy violations that can scale as high as 4% of a company’s global annual turnover.

So suddenly the EU is getting privacy regs with teeth. And just as suddenly Unroll.me is deciding it needs to shut up the local shop… 🤔 (And nor is it the only one… )

Unrollme to stop serving European customers, because of GDPR. https://t.co/tYrmsXlHvS pic.twitter.com/j4W0cBBHYR

— Mikko Hypponen (@mikko) May 5, 2018

It’s true that GDPR does tighten existing consent requirements for processing personal data — but only slightly. Current EU rules already require that consent be freely given, specific and informed. GDPR adds that it must also be a “clear affirmative act” and “unambiguous”, along with requiring data controllers are able to demonstrate that a service user whose personal data is being processed has given consent for that to happen.

But the core EU requirement of ‘freely given, specific and informed’ consent stands. Which does rather suggest that Unroll.me was already trampling over the privacy rights of EU users — given it’s the threat of big fines that’s the shiny new thing here…

GDPR also takes aim at the practice of burying information that users need to decide whether or not to consent to their personal data being processed in difficult to find and read dense legalese.

And the regulation’s requirements on that front are forcing companies to be more up front about what exactly they intend to do with people’s data. (Even if some tech giants are still trying their hand at socially engineering and manipulating ‘consent‘.)

“Consent [under GDPR] must also now be separable from other written agreements, and in an intelligible and easily accessible form, using clear and plain language,” data protection expert Jon Baines, an advisor at UK law firm Mishcon de Reya LLP, told us recently. “If these requirements are enforced by data protection supervisory authorities and the courts, then we could well see a significant shift in habits and practices.”

As well as signs of shifts in business processes, it looks like some of the changes that GDPR can take (early) credit for include expedited market exits by companies with business models that rely on not being adequately up front with their users.

In the case of Unroll.me, any non-EU users should really be asking themselves if they need this ‘service’ — and/or asking the company lots of questions about what it’s doing with their private information; who it’s selling their information to; and what those third parties are using their data for?
https://techcrunch.com/2018/05/05/un...ply-with-gdpr/





New Service Blocks EU Users So Companies Can Save Thousands on GDPR Compliance
Catalin Cimpanu

A new service called GDPR Shield is making the rounds this week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won't have to deal with GDPR compliance.

GDPR, or General Data Protection Regulation, is a new user and data privacy regulation slated to come into effect in the EU three weeks from now, on May 25, 2018.

The new regulation brings a wealth of protections to user privacy but is a nightmare for companies doing business in Europe.

The reasons are plenty, but the humongous fines for failing to meet GDPR standards are at the top of the list for most companies (€20 million/$24 million or 4% of a company's annual worldwide revenue —whichever is higher).

There's also the 72-hour deadline to reveal data breaches and the necessity of hiring a so-called "Data Protection Officer." Plus, GDPR also mandates that companies must inform users on what data they collected about them, allow them to review the data, and even let users delete the data from the company's servers if they so wish.

Companies are turning away from the EU market

Any company that has data on EU users is subject to the new GDPR regulation and can be fined, regardless if the company is not based in a EU state.

As such, smaller companies that can't afford the exorbitant (consultation, legal, and technical) costs of becoming GDPR compliant, are hoping that nobody notices they're breaking the law or pulling out of the EU market altogether.

Examples of companies and services that have withdrawn from the EU market because of GDPR include Verve (online marketing), Ragnarok Online (online game), Super Monday Night Combat (online game), Unroll (email subscription service), Brent Ozar Unlimited (software supplier), Tungle (gaming software provider), and Drawbridge (cross-device identity service)

The list is probably bigger, as not all companies have made their decision public.

Companies are intentionally blocking EU IP addresses

Apart from this, there are also the companies that had no intent on breaking into the EU market but are serving customers regardless, and as such, are also falling under the GDPR umbrella.

Here, a new trend has sparked —blocking "unwanted" EU customers from accessing their sites in the first place.

A company that has openly admitted to such a practice is Boston-based cyber-security firm Steel Root, which has implemented its own system that blocks EU-based users from accessing its service.

But running such a system is not an option for companies with no experience in managing IP blacklists. Here's where the makers of GDPR Shield [archived link] have seen a business opportunity.

EU regulation sparks another Internet trend

"Block EU users from accessing your site," the GDPR Shield website reads. "Don't spend thousands on legal fees to make your site GDPR-compliant. If you aren't targeting EU users, simply use GDPR Shield to block all traffic from the EU," the company boasts.

The GDPR Sheild service is not free, though, and sites that want to use it have to pay monthly fees from $9 upward.

Similar services are bound to pop up on the web in the coming days, similar to how tens of websites appeared after the EU passed its infamous Cookie Law that mandated that each website ask users for permission before storing cookies on their devices.

That useless EU regulation generated an influx of similarly useless popups all over the web, and the new GDPR regulation might have the unintended consequence of shutting out millions of EU users off of thousands or more websites owned by companies that are not in the mood of spending thousands of dollars to become GDPR compliant.
https://www.bleepingcomputer.com/new...pr-compliance/





Meet the Renegades of the Intellectual Dark Web

An alliance of heretics is making an end run around the mainstream conversation. Should we be listening?
Bari Weiss

Here are some things that you will hear when you sit down to dinner with the vanguard of the Intellectual Dark Web: There are fundamental biological differences between men and women. Free speech is under siege. Identity politics is a toxic ideology that is tearing American society apart. And we’re in a dangerous place if these ideas are considered “dark.”

I was meeting with Sam Harris, a neuroscientist; Eric Weinstein, a mathematician and managing director of Thiel Capital; the commentator and comedian Dave Rubin; and their spouses in a Los Angeles restaurant to talk about how they were turned into heretics. A decade ago, they argued, when Donald Trump was still hosting “The Apprentice,” none of these observations would have been considered taboo.

Today, people like them who dare venture into this “There Be Dragons” territory on the intellectual map have met with outrage and derision — even, or perhaps especially, from people who pride themselves on openness.

It’s a pattern that has become common in our new era of That Which Cannot Be Said. And it is the reason the Intellectual Dark Web, a term coined half-jokingly by Mr. Weinstein, came to exist.

What is the I.D.W. and who is a member of it? It’s hard to explain, which is both its beauty and its danger.

Most simply, it is a collection of iconoclastic thinkers, academic renegades and media personalities who are having a rolling conversation — on podcasts, YouTube and Twitter, and in sold-out auditoriums — that sound unlike anything else happening, at least publicly, in the culture right now. Feeling largely locked out of legacy outlets, they are rapidly building their own mass media channels.

The closest thing to a phone book for the I.D.W. is a sleek website that lists the dramatis personae of the network, including Mr. Harris; Mr. Weinstein and his brother and sister-in-law, the evolutionary biologists Bret Weinstein and Heather Heying; Jordan Peterson, the psychologist and best-selling author; the conservative commentators Ben Shapiro and Douglas Murray; Maajid Nawaz, the former Islamist turned anti-extremist activist; and the feminists Ayaan Hirsi Ali and Christina Hoff Sommers. But in typical dark web fashion, no one knows who put the website up.

The core members have little in common politically. Bret and Eric Weinstein and Ms. Heying were Bernie Sanders supporters. Mr. Harris was an outspoken Hillary voter. Ben Shapiro is an anti-Trump conservative.

But they all share three distinct qualities. First, they are willing to disagree ferociously, but talk civilly, about nearly every meaningful subject: religion, abortion, immigration, the nature of consciousness. Second, in an age in which popular feelings about the way things ought to be often override facts about the way things actually are, each is determined to resist parroting what’s politically convenient. And third, some have paid for this commitment by being purged from institutions that have become increasingly hostile to unorthodox thought — and have found receptive audiences elsewhere.

“People are starved for controversial opinions,” said Joe Rogan, an MMA color commentator and comedian who hosts one of the most popular podcasts in the country. “And they are starved for an actual conversation.”

That hunger has translated into a booming and, in many cases, profitable market. Episodes of “The Joe Rogan Experience,” which have featured many members of the I.D.W., can draw nearly as big an audience as Rachel Maddow. A recent episode featuring Bret Weinstein and Ms. Heying talking about gender, hotness, beauty and #MeToo was viewed on YouTube over a million times, even though the conversation lasted for nearly three hours.

Ben Shapiro’s podcast, which airs five days a week, gets 15 million downloads a month. Sam Harris estimates that his “Waking Up” podcast gets one million listeners an episode. Dave Rubin’s YouTube show has more than 700,000 subscribers.

Offline and in the real world, members of the I.D.W. are often found speaking to one another in packed venues around the globe. In July, for example, Jordan Peterson, Douglas Murray and Mr. Harris will appear together at the O2 Arena in London.

But as the members of the Intellectual Dark Web become genuinely popular, they are also coming under more scrutiny. On April 21, Kanye West crystallized this problem when he tweeted seven words that set Twitter on fire: “I love the way Candace Owens thinks.”

Candace Owens, the communications director for Turning Point USA, is a sharp, young, black conservative — a telegenic speaker with killer instincts who makes videos with titles like “How to Escape the Democrat Plantation” and “The Left Thinks Black People Are Stupid.” Mr. West’s praise for her was sandwiched inside a longer thread that referenced many of the markers of the Intellectual Dark Web, like the tyranny of thought policing and the importance of independent thinking. He was photographed watching a Jordan Peterson video.

All of a sudden, it seemed, the I.D.W. had broken through to the culture-making class, and a few in the group flirted with embracing Ms. Owens as their own.

Yet Ms. Owens is a passionate Trump supporter who has dismissed racism as a threat to black people while arguing, despite evidence to the contrary, that immigrants steal their jobs. She has also compared Jay-Z and Beyoncé to slaves for supporting the Democratic Party.

Many others in the I.D.W. were made nervous by her sudden ascendance to the limelight, seeing Ms. Owens not as a sincere intellectual but as a provocateur in the mold of Milo Yiannopoulos. For the I.D.W. to succeed, they argue, it needs to eschew those interested in violating taboo for its own sake.

“I’m really only interested in building this intellectual movement,” Eric Weinstein said. “The I.D.W. has bigger goals than anyone’s buzz or celebrity.”

And yet, when Ms. Owens and Charlie Kirk, the executive director of Turning Point USA, met last week with Mr. West at the Southern California Institute of Architecture, just outside of the frame — in fact, avoiding the photographers — was Mr. Weinstein. He attended both that meeting and a one-on-one the next day for several hours at the mogul’s request. Mr. Weinstein, who can’t name two of Mr. West’s songs, said he found the Kardashian spouse “kind and surprisingly humble despite his unpredictable public provocations.” He has also tweeted that he’s interested to see what Ms. Owens says next.

This episode was the clearest example yet of the challenge this group faces: In their eagerness to gain popular traction, are the members of the I.D.W. aligning themselves with people whose views and methods are poisonous? Could the intellectual wildness that made this alliance of heretics worth paying attention to become its undoing?

There is no direct route into the Intellectual Dark Web. But the quickest path is to demonstrate that you aren’t afraid to confront your own tribe.

The metaphors for this experience vary: going through the phantom tollbooth; deviating from the narrative; falling into the rabbit hole. But almost everyone can point to a particular episode where they came in as one thing and emerged as something quite different.

A year ago, Bret Weinstein and Heather Heying were respected tenured professors at Evergreen State College, where their Occupy Wall Street-sympathetic politics were well in tune with the school’s progressive ethos. Today they have left their jobs, lost many of their friends and endangered their reputations.

All this because they opposed a “Day of Absence,” in which white students were asked to leave campus for the day. For questioning a day of racial segregation cloaked in progressivism, the pair was smeared as racist. Following threats, they left town for a time with their children and ultimately resigned their jobs.

“Nobody else reacted. That’s what shocked me,” Mr. Weinstein said. “It told me that a culture that told itself it was radically open-minded was actually a culture cowed by fear.”

Sam Harris says his moment came in 2006, at a conference at the Salk Institute with Richard Dawkins, Neil deGrasse Tyson and other prominent scientists. Mr. Harris said something that he thought was obvious on its face: Not all cultures are equally conducive to human flourishing. Some are superior to others.

“Until that time I had been criticizing religion, so the people who hated what I had to say were mostly on the right,” Mr. Harris said. “This was the first time I fully understood that I had an equivalent problem with the secular left.”

After his talk, in which he disparaged the Taliban, a biologist who would go on to serve on President Barack Obama’s Commission for the Study of Bioethical Issues approached him. “I remember she said: ‘That’s just your opinion. How can you say that forcing women to wear burqas is wrong?’ But to me it’s just obvious that forcing women to live their lives inside bags is wrong. I gave her another example: What if we found a culture that was ritually blinding every third child? And she actually said, ‘It would depend on why they were doing it.’” His jaw, he said, “actually fell open.”

“The moral confusion that operates under the banner of ‘multiculturalism’ can blind even well-educated people to the problems of intolerance and cruelty in other communities,” Mr. Harris said. “This had never fully crystallized for me until that moment.”

Before September 2016, Jordan Peterson was an obscure psychology professor at the University of Toronto. Then he spoke out against Canada’s Bill C-16, which proposed amending the country’s human-rights act to outlaw discrimination based on gender identity and expression. He resisted on the grounds that the bill risked curtailing free speech by compelling people to use alternative gender pronouns. He made YouTube videos about it. He went on news shows to protest it. He confronted protesters calling him a bigot. When the university asked him to stop talking about it, including sending two warning letters, he refused.

While most people in the group faced down comrades on the political left, Ben Shapiro confronted the right. He left his job as editor at large of Breitbart News two years ago because he believed it had become, under Steve Bannon’s leadership, “Trump’s personal Pravda.” In short order, he became a primary target of the alt-right and, according to the Anti-Defamation League, the No. 1 target of anti-Semitic tweets during the presidential election.

Other figures in the I.D.W., like Claire Lehmann, the founder and editor of the online magazine Quillette, and Debra Soh, who has a Ph.D. in neuroscience, self-deported from the academic track, sensing that the spectrum of acceptable perspectives and even areas of research was narrowing. Dr. Soh said that she started “waking up” in the last two years of her doctorate program. “It was clear that the environment was inhospitable to conducting research,” she said. “If you produce findings that the public doesn’t like, you can lose your job.”

When she wrote an op-ed in 2015 titled “Why Transgender Kids Should Wait to Transition,” citing research that found that a majority of gender dysphoric children outgrow their dysphoria, she said her colleagues warned her, “Even if you stay in academia and express this view, tenure won’t protect you.”

Nowadays Ms. Soh has a column for Playboy and picks up work as a freelance writer. But that hardly pays the bills. She’s planning to start a podcast soon and, like many members of the I.D.W., has a Patreon account where “patrons” can support her work.

These donations can add up. Mr. Rubin said his show makes at least $30,000 a month on Patreon. And Mr. Peterson says he pulls in some $80,000 in fan donations each month.

Mr. Peterson has endured no small amount of online hatred and some real-life physical threats: In March, during a lecture at Queen’s University in Ontario, a woman showed up with a garrote. But like many in the I.D.W., he also seems to relish the outrage he inspires.

“I’ve figured out how to monetize social justice warriors,” Mr. Peterson said in January on Joe Rogan’s podcast. On his Twitter feed, he called the writer Pankaj Mishra, who’d written an essay in The New York Review of Books attacking him, a “sanctimonious prick” and said he’d happily slap him.

And the upside to his notoriety is obvious: Mr. Peterson is now arguably the most famous public intellectual in Canada, and his book “12 Rules for Life” is a best-seller.

The exile of Bret Weinstein and Ms. Heying from Evergreen State brought them to the attention of a national audience that might have come for the controversy but has stayed for their fascinating insights about subjects including evolution and gender. “Our friends still at Evergreen tell us that the protesters think they destroyed us,” Ms. Heying said. “But the truth is we’re now getting the chance to do something on a much larger scale than we could ever do in the classroom.”

“I’ve been at this for 25 years now, having done all the MSM shows, including Oprah, Charlie Rose, ‘The Colbert Report,’ Larry King — you name it,” Michael Shermer, the publisher of Skeptic magazine, told me. “The last couple of years I’ve shifted to doing shows hosted by Joe Rogan, Dave Rubin, Sam Harris and others. The I.D.W. is as powerful a media as any I’ve encountered.”

Mr. Shermer, a middle-aged science writer, now gets recognized on the street. On a recent bike ride in Santa Barbara, Calif., he passed a work crew and “the flag man stopped me and says: ‘Hey, you’re that skeptic guy, Shermer! I saw you on Dave Rubin and Joe Rogan!’” When he can’t watch the shows on YouTube, he listens to them as podcasts on the job. On breaks, he told Mr. Shermer, he takes notes.

“I’ve had to update Quillette’s servers three times now because it’s caved under the weight of the traffic,” Ms. Lehmann said about the publication most associated with this movement.

Yet there are pitfalls to this audience-supported model. One risk is what Eric Weinstein has called “audience capture.” Since stories about left-wing-outrage culture — the fact that the University of California, Berkeley, had to spend $600,000 on security for Mr. Shapiro’s speech there, say — take off with their fans, members of the Intellectual Dark Web may have a hard time resisting the urge to deliver that type of story. This probably helps explain why some people in this group talk constantly about the regressive left but far less about the threat from the right.

“There are a few people in this network who have gone without saying anything critical about Trump, a person who has assaulted truth more than anyone in human history,” Mr. Harris said. “If you care about the truth, that is quite strange.”

Emphasis is one problem. Associating with genuinely bad people is another.

Go a click in one direction and the group is enhanced by intellectuals with tony affiliations like Steven Pinker at Harvard. But go a click in another and you’ll find alt-right figures like Stefan Molyneux and Milo Yiannopoulos and conspiracy theorists like Mike Cernovich (the #PizzaGate huckster) and Alex Jones (the Sandy Hook shooting denier).

It’s hard to draw boundaries around an amorphous network, especially when each person in it has a different idea of who is beyond the pale.

“I don’t know that we are in the position to police it,” Mr. Rubin said. “If this thing becomes something massive — a political or social movement — then maybe we’d need to have some statement of principles. For now, we’re just a crew of people trying to have the kind of important conversations that the mainstream won’t.”

But is a statement of principles necessary to make a judgment call about people like Mr. Cernovich, Mr. Molyneux and Mr. Yiannopoulos? Mr. Rubin has hosted all three on his show. And he appeared on a typically unhinged episode of Mr. Jones’s radio show, “Infowars.” Mr. Rogan regularly lets Abby Martin — a former 9/11 Truther who is strangely sympathetic to the regimes in Syria and Venezuela — rant on his podcast. He also encouraged Mr. Jones to spout off about the moon landing being fake during Mr. Jones’s nearly four-hour appearance on his show. When asked why he hosts people like Mr. Jones, Mr. Rogan has insisted that he’s not an interviewer or a journalist. “I talk to people. And I record it. That’s it,” he has said.

Mr. Rubin doesn’t see this is a problem. “The fact is that Jones reaches millions of people,” he said. “Going on that show means I get to reach them, and I don’t think anyone is a lost cause. I’ve gotten a slew of email from folks saying that they first heard me on Jones, but then watched a bunch of my interviews and changed some of their views.”

The subject came up at that dinner in Los Angeles. Mr. Rubin, whose mentor is Larry King, insisted his job is just to let the person sitting across from him talk and let the audience decide. But with a figure like Mr. Cernovich, who can occasionally sound reasonable, how is a viewer supposed to know better?

Of course, the whole notion of drawing lines to keep people out is exactly what inspired the Intellectual Dark Web folks in the first place. They’re committed to the belief that setting up no-go zones and no-go people is inherently corrupting to free thought.

“You have to understand that the I.D.W. emerged as a response to a world where perfectly reasonable intellectuals were being regularly mislabeled by activists, institutions and mainstream journalists with every career-ending epithet from ‘Islamophobe’ to ‘Nazi,’” Eric Weinstein said. “Once I.D.W. folks saw that people like Ben Shapiro were generally smart, highly informed and often princely in difficult conversations, it’s more understandable that occasionally a few frogs got kissed here and there as some I.D.W. members went in search of other maligned princes.”

But people who pride themselves on pursuing the truth and telling it plainly should be capable of applying these labels when they’re deserved. It seems to me that if you are willing to sit across from an Alex Jones or Mike Cernovich and take him seriously, there’s a high probability that you’re either cynical or stupid. If there’s a reason for shorting the I.D.W., it’s the inability of certain members to see this as a fatal error.

What’s more, this frog-kissing plays perfectly into the hands of those who want to discredit the individuals in this network. In recent days, for example, Mr. Harris has been labeled by the Southern Poverty Law Center as a bridge to the alt-right: “Under the guise of scientific objectivity, Harris has presented deeply flawed data to perpetuate fear of Muslims and to argue that black people are genetically inferior to whites.”

That isn’t true. The group excoriated Mr. Harris, a fierce critic of the treatment of women and gays under radical Islam, for saying that “some percentage, however small” of Muslim immigrants are radicalized. He has also estimated that some 20 percent of Muslims worldwide are Islamists or jihadis. But he has never said that this should make people fear all Muslims. He has defended the work of the social scientist Charles Murray, who argues that genetic differences may explain differences in average IQ across racial groups — while insisting that this does not make one group inferior to another.

But this kind of falsehood is much easier to spread when other figures in the I.D.W. are promiscuous about whom they’ll associate with. When Mr. West tweeted his praise for Ms. Owens, the responses of the people in the network reflected each person’s attitude toward this problem. Dave Rubin took to Twitter to defend Ms. Owens and called Mr. West’s tweet a “game changer.” Jordan Peterson went on “Fox and Friends” to discuss it. Bret Weinstein subtweeted his criticism of these choices: “Smart, skeptical people are often surprisingly susceptible to being conned if a ruse is tailored to their prejudices.” His brother was convinced that Mr. West was playing an elaborate game of chess. Ms. Heying and Mr. Harris ignored the whole thing. Ben Shapiro mostly laughed it off.

Mr. West is a self-obsessed rabble-rouser who brags about not reading books. But whether or not one approves of the superstar’s newest intellectual bauble, it is hard to deny that he has consistently been three steps ahead of the zeitgeist.

So when he tweets “only freethinkers” and “It’s no more barring people because they have different ideas,” he is picking up on a real phenomenon: that the boundaries of public discourse have become so proscribed as to make impossible frank discussions of anything remotely controversial.

“So many of our institutions have been overtaken by schools of thought, which are inherently a dead end,” Bret Weinstein said. “The I.D.W. is the unschooling movement.”

Am I a member of this movement? A few months ago, someone suggested on Twitter that I should join this club I’d never heard of. I looked into it. Like many in this group, I am a classical liberal who has run afoul of the left, often for voicing my convictions and sometimes simply by accident. This has won me praise from libertarians and conservatives. And having been attacked by the left, I know I run the risk of focusing inordinately on its excesses — and providing succor to some people whom I deeply oppose.

I get the appeal of the I.D.W. I share the belief that our institutional gatekeepers need to crack the gates open much more. I don’t, however, want to live in a culture where there are no gatekeepers at all. Given how influential this group is becoming, I can’t be alone in hoping the I.D.W. finds a way to eschew the cranks, grifters and bigots and sticks to the truth-seeking.

“Some say the I.D.W. is dangerous,” Ms. Heying said. “But the only way you can construe a group of intellectuals talking to each other as dangerous is if you are scared of what they might discover.”
https://www.nytimes.com/2018/05/08/o...-dark-web.html





A Recycled IP Address Caused Me to Pirate 390,000 Books by Accident
Nick Janetakis

Let me tell you a story on how a subdomain of mine managed to serve 390,000+ PDF books without any of my servers being compromised.

When people talk about a site being compromised, usually you would think that your server has been compromised. That would be someone gaining access to your server and then doing whatever they please.

That didn’t happen here.

I take security very seriously. I have SSH locked down to only allow SSH key based logins and even root logins are disabled. My site is static too, which means it’s only being hosted through nginx from a non-root user.

The only way someone is going to gain access to my server is if they manage to gain access to my workstation and steal my SSH key pair. The odds of that are remote because my workstation never leaves my office and I have the reflexes of a highly trained ninja.

So how did a subdomain of mine end up help distributing 390,000+ PDF books without my server being compromised? Well, that’s easy…

How Did It Happen?

It boils down to this. About 2 years ago I was recording a video course that dealt with setting up HTTPS on a domain name.

In all of my courses, I make sure to “really” do it on video so that you can see the entire process from end to end.

Back then I used nickjanetakis.com for all of my courses, so I didn’t have a dedicated domain name for the course I was working on, such as diveintodocker.com.

I also didn’t have a spare domain name that I wanted to publicly share, so I registered a new DigitalOcean droplet to host an example site on. Then I set up an A record to point ssl.nickjanetakis.com to that droplet’s IP address.

Cool, there’s nothing wrong with that. Set up a temporary site for recording the course and then delete it afterwards. Easy peasy, and that’s exactly what I did but I forgot to remove the A record when I was done.

So for years, I had ssl.nickjanetakis.com pointing to an IP address that I was no longer in control of. That means the owner of that IP address could host anything and it would automatically be mapped to ssl.nickjanetakis.com without me knowing.

I Ignored the First Warning Sign

I have Google Alerts set up so I get emailed when people link to my site. A few months ago I started to receive an absurd amount of notifications, but I ignored them. I chalked it up to “Google is probably on drugs”.

Stranger things have happened with Google, so I thought maybe something got mixed up. Now I’ve learned my lesson. While bugs roll out into production all the time, Google Alerts being totally busted is super unlikely.

I Didn’t Ignore the Second Warning

Part of my morning routine is to check emails with intent to answer any questions about my courses that may have happened during the night.

I usually skim the subject lines to see which emails to answer first but one of them caught my eye. It read “Hi, seems your website has been compromised”.

Well you don’t see that every day. I figured it was spam that somehow made it to my inbox but I recognized the email because it was someone who signed up for one of my courses.

He sent me a screenshot showing a few PDFs being hosted from ssl.nickjanetakis.com, so I immediately went to Google and searched for site:ssl.nickjanetakis.com.

Search results for the compromised subdomain:

It was mostly college books but there was a ton of other stuff too. Hopefully by the time you read this most of them have been removed from Google’s index.

Fixing the Problem in a Few Seconds

Since it was linked to a subdomain I instantly knew what was wrong, especially because I remember using that subdomain a few years ago when I made that course.

The fix was really easy. I just hopped over to my domain registrar’s DNS settings and deleted the entry that mapped the IP address to that subdomain.

But before deleting it, I copied the IP address so I could open a support ticket on DigitalOcean. I figured they would like to know that someone is illegally distributing content on one of their servers. Now that they know the IP address, they can shut it down.

Avoiding the Problem in the Future

Always remove unused records from your DNS settings when you’re done using them.

DigitalOcean and many other cloud providers have purchased blocks of IP addresses and they provide these IP addresses to people like you and me.

When a droplet gets destroyed, the IP address eventually gets put into the public pool of available IP addresses and someone else will get it.

This is pretty scary because things like the above can happen if you’re not careful, but it also means if an IP address were blacklisted for doing something questionable, you might end up with that IP address in the future (but that’s a totally different problem).

Domain Validation Should Be More Strict

I think this brings up an interesting question. Right now you can validate you own a domain by putting an HTML snippet on your page. Services like Google Analytics allow for this.

Technically the person who took control over ssl.nickjanetakis.com could have proven ownership of that subdomain if they set up a page and hooked it up to Google Analytics.

Also, Let’s Encrypt’s web server based challenge would have passed.

I know I made a stupid mistake by not removing the A record but this could happen to anyone. I would like to see more services only allow for DNS based authentication by adding TXT records.

Although I suppose the bigger problem here is having IP addresses being recycled. Hopefully once IPv6 is fully in use we’ll have a big enough pool so that hosting providers can remove previously used addresses from their pool. That won’t be fool proof, but it’s a start.
https://nickjanetakis.com/blog/a-rec...ks-by-accident

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

May 5th, April 28th, April 21st, April 14th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black