P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 03-07-19, 06:43 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - July 6th, ’19

Since 2002



































July 6th, 2019




Microsoft is About to Shut Off its ebook DRM Servers: "The Books Will Stop Working"
Cory Doctorow

"The books will stop working": That's the substance of the reminder that Microsoft sent to customers for their ebook store, reminding them that, as announced in April, the company is getting out of the ebook business because it wasn't profitable enough for them, and when they do, they're going to shut off their DRM servers, which will make the books stop working.

Almost exactly fifteen years ago, I gave an influential, widely cited talk at Microsoft Research where I predicted this exact outcome. I don't feel good about the fact that I got it right. This is a fucking travesty.

As Rob Donoghue tweeted, "I keep saying it and it sounds worse each time...There will be refunds, and reasonable voice says to me it's just business, but the book voice wants to burn it all down. I'm kind of with the book voice on this one."

Me too. Here's what I wrote back in April, when Microsoft announced the shutdown.

Microsoft has a DRM-locked ebook store that isn't making enough money, so they're shutting it down and taking away every book that every one of its customers acquired effective July 1.

Customers will receive refunds.

This puts the difference between DRM-locked media and unencumbered media into sharp contrast. I have bought a lot of MP3s over the years, thousands of them, and many of the retailers I purchased from are long gone, but I still have the MP3s. Likewise, I have bought many books from long-defunct booksellers and even defunct publishers, but I still own those books.

When I was a bookseller, nothing I could do would result in your losing the book that I sold you. If I regretted selling you a book, I didn't get to break into your house and steal it, even if I left you a cash refund for the price you paid.

People sometimes treat me like my decision not to sell my books through Amazon's Audible is irrational (Audible will not let writers or publisher opt to sell their books without DRM), but if you think Amazon is immune to this kind of shenanigans, you are sadly mistaken. My books matter a lot to me. I just paid $8,000 to have a container full of books shipped from a storage locker in the UK to our home in LA so I can be closer to them. The idea that the books I buy can be relegated to some kind of fucking software license is the most grotesque and awful thing I can imagine: if the publishing industry deliberately set out to destroy any sense of intrinsic, civilization-supporting value in literary works, they could not have done a better job.

Reminded that the Microsoft ebook store closes next week. The DRM'd books will stop working.

I cannot believe that sentence.

"The books will stop working."

I keep saying it and it sounds worse each time.
— Rob Donoghue (@rdonoghue) June 26, 2019

https://boingboing.net/2019/06/28/jun-17-2004.html





Backing Up My Kindle Ebooks
Sonya Mann

“In a move that angered customers and generated waves of online pique, Amazon remotely deleted some digital editions of the books from the Kindle devices of readers who had bought them,” The New York Times reported in 2009.

Amazingly, the removed books were George Orwell’s 1984 and Animal Farm. We may never know how Amazon managed to make its blunder quite that on-the-nose.

A couple of days ago, an Apple customer realized that some movies he’d purchased through the company’s media store were missing and no longer available for him to download.

So for no particular reason, tonight I decided to back up my Kindle books and remove the DRM from the files.

It was a pain to figure out how to do this on a MacBook Pro in 2018, without owning a physical Kindle device. I documented the necessary steps for those of you whose setup is similar to mine.

My laptop is running High Sierra (version 10.13.6) and I have a current version of the Mac Kindle app installed. If you have trouble carrying out one of the individual steps, a search engine will be able to turn up helpful resources.

1. Install the Kindle Mac App.
2. Open Kindle preferences.
3. Change the content folder to one that’s convenient for you. I put it in my Google Drive folder.
4. Download all the books that you want to back up. Instead of doing this manually in the Mac app, follow these steps:
1. Go to Amazon.com and navigate to the section called Your Content and Devices.
2. Select all.
3. Click the “Deliver” button and then select your Mac app from the dropdown menu.
4. Do something else while the files download. If you have a lot of books, it’ll take some time. I think it took an hour for my ~300 books.
5. This process was buggy for me but it eventually worked. No guarantees — you may have to manually trigger the download process for each book.
5. Download Calibre.
6. Download the DeDRM plugin and follow these instructions.
7. Download the KFX Input plugin from Calibre’s native plugin menu.
8. In Calibre, click the little dropdown arrow next to the “Add books” button. Choose this option: “Add books from directories, including sub-directories (Multiple books per directory, assumes every e-book file is a different book).”
9. Wait for all the books to load.
10. You’ll have a bunch of nonsense .md files along with your actual books. My nonsense files all started with “CR!” so I stuck that in the search bar, selected all (ctrl + A), and deleted them. My guess is that you could filter by file format instead, if you prefer.
11. Select all the remaining books, again using ctrl + A.
12. Click the little dropdown arrow next to “Convert books” and choose the bulk option.
13. Fiddle with the .epub conversion settings if you want to (I didn’t) and then go ahead and convert the files.
14. Wait for that process to go through — for me it took ~45 minutes.

Aaand here’s where I stopped. A handful of the books didn’t convert properly — Calibre told me it was because of DRM issues (after all those plugins?!) but I’ll figure out what happened later.

I hope this was helpful. If you come up with a way to improve the process, please let me know! Honestly, I would love for someone to productize this whole rigmarole.

I feel astounded by the awesomeness of open-source software, and how it restores freedom to end users… but simultaneously dismayed by how many hoops you have to jump through. It’s unfortunate that ebooks merchants like Amazon have such reader-unfriendly incentives.
https://www.sonyaellenmann.com/2018/...files-mac.html





File-Storage App 4shared Caught Serving Invisible Ads and Making Purchases Without Consent
Zack Whittaker

With more than 100 million installs, file-sharing service 4shared is one of the most popular apps in the Android app store.

But security researchers say the app is secretly displaying invisible ads and subscribes users to paid services, racking up charges without the user’s knowledge — or their permission — collectively costing millions of dollars.

“It all happens in the background… nothing appears on the screen,” said Guy Krief, chief executive of London-based Upstream, which shared its research exclusively with TechCrunch.

The researchers say the app contains suspicious third-party code that allowed the app to automate clicks and make fraudulent purchases. They said the component, built by Hong Kong-based Elephant Data, downloads code which is “directly responsible” for generating the automated clicks without the user’s knowledge. The code also sets a cookie to determine if a device has previously been used to make a purchase, likely as a way to hide the activity.

Upstream also said the code deliberately obfuscates the web addresses it accesses and uses redirection chains to hide the suspicious activity.

Over the past few weeks Upstream said it’s blocked more than 114 million suspicious transactions originating from two million unique devices, according to data from its proprietary security platform, which the company said would cost consumers if they are not blocked. Upstream only has visibility in certain parts of the world — Brazil, Indonesia and Malaysia to name a few — suggesting the number of observed suspicious transactions was likely a fraction of the total number.

Then in mid-April, 4shared’s app suddenly disappeared from Google Play and was replaced with a near-identical app with the suspicious components removed.

At the time of writing, 4shared’s new app has more than 10 million users.

Irin Len, a spokesperson for 4shared, told TechCrunch that the company was “unaware” of the fraudulent ad activity in its app until we reached out, but confirmed the company no longer works with Elephant Data.

Len said the old app was removed by Google “without reason,” but its suspicions quickly fell on the third-party components, which the company removed and resubmitted the app for approval. But because their old app was pulled from Android’s app store, 4shared said it wasn’t allowed to push an update to existing users to remove the suspicious components from their devices.

Google did not respond to TechCrunch’s request for comment.

We sent Elephant Data several questions and follow-up emails prior to publication but we did not hear back.

4shared, owned by New IT Solutions based in the British Virgin Islands, makes a brief reference to Elephant Data in its privacy policy but doesn’t explicitly say what the service does. 4shared said since it’s unable to control or disable Elephant Data’s components in its old app, “we’re bound to keep the detailed overview of which data may be processed and how it may be shared” in its privacy policy.

Little else is known about Elephant Data, except that it bills itself as a “market intelligence” solution designed to “maximize ad revenue.”

The ad firm has drawn criticism in several threads on Reddit, one of which accused the company of operating a “scam” and another called the offering “dodgy.” One developer said he removed the components from his app after it began to suffer from battery-life issues, but Elephant Data was “still collecting data” from users who hadn’t updated their apps.

The developer said Google also banned his app, forcing him to resubmit an entirely new version of his app to the store.

It’s the latest app in recent months to be accused of using invisible ads to generate fraudulent revenue. In May, BuzzFeed News reported similar suspicious behavior and fraudulent purchases in Chinese video app VidMate.
https://techcrunch.com/2019/07/02/4s...hases-consent/





Full Version Of Spider-Man: Far From Home Has Already Leaked Online
Tyler Lee

If you’re looking to catch Marvel’s Spider-Man: Far From Home this coming weekend, you might want to steer clear of social media. This is because according to reports, it appears that full pirated copies of the movie have already made their way online. This is because while the rest of the world will be seeing the movie this week, it was actually released earlier in China last Friday.
Advertising

This has resulted in pirated copies of the movie being created thanks to pirates who actually sat in the movie theaters and recorded the movie using a camera, a pretty old school but common method of pirating movies. However, the problem with such recording methods is that it is usually not very clear in terms of both video and audio.

This was a problem that Marvel had also previously experienced with Avengers: Endgame, in which a pirated copy of the movie was also leaked online before the rest of the world got to see it. That being said, it seems that the piracy of the movie probably won’t do much to negatively affect the movie’s financial success.

It has already been estimated that the movie has brought in about $111 million since its release in markets such as China, Japan, and Hong Kong. We expect that combined with the rest of the movie’s release in other parts of the world, it should still be a hit. So far reviews have all been pretty positive so it could be worth checking out this weekend if you don’t have plans.
https://www.ubergizmo.com/2019/07/sp...leaked-online/





The Streaming TV Sector Still Doesn't Realize Exclusives Will Drive Users Back To Piracy
Karl Bode

So we've noted a few times now that the rise of streaming video competitors is indisputably a good thing. Numerous new streaming alternatives have driven competition to an antiquated cable TV sector that has long been plagued by apathy, high rates, and comically-bad customer service. That's long overdue and a positive thing overall, as streaming customer satisfaction scores suggest.

But as the sector matures, there's a looming problem it seems oblivious to.

Increasingly, companies are pulling their content off central repositories like Hulu and Netflix, and making them exclusive to their own streaming platforms, forcing consumers to subscribe to more and more streaming services if they want to get all the content they're looking for. AT&T, for example, will soon make all of its owned content, like Friends, exclusive to its looming new streaming platform. Disney, similarly, has been pulling its content off of Netflix and Hulu to ensure it's exclusive to its own, looming Disney+ streaming service that arrives next year.

This week, Comcast noted that it would soon be pulling The Office from Netflix, making it exclusive to its own streaming service in 2021:

We're sad that NBC has decided to take The Office back for its own streaming platform — but members can binge watch the show to their hearts' content ad-free on Netflix until January 2021

— Netflix US (@netflix) June 25, 2019

By itself that's not a big deal. You can go buy the entire DVD box set of the Office for $50 on Amazon. But cumulatively, over the next few years, the sector risks creating so many exclusive silos that it begins to frustrate and annoy customers forced to shell out $8-$15 per month for 20 different services. Studies suggest that nearly every broadcaster will launch their own streaming service by 2022. And they all want their content exclusive to their own platform:

"Want to watch the new Star Trek? You’ll need to pay $6 a month for CBS All Access. Want to watch Game Of Thrones? That’s $15 per month for HBO. Stranger Things? That’s $9 to $16 for Netflix. The Office? $15 to Comcast. Fleabag? Another $9 to Amazon, please. The Handmaid’s Tale? $6 to Hulu; $12 if you don’t want ads."

The result, as one Deloitte study called it, is "subscription fatigue." Again, superficially, folks could argue that this isn't a big deal because consumers can hunt and peck, mixing and matching different subscriptions and cancelling and signing up to new ones to build their perfect package. But if you ever tried to cancel AOL during its heyday, or say, tried to cancel a Wall Street Journal digital subscription online, it should be obvious that as markets mature companies make it a pain in the ass to actually cancel and change services. There's really no reason to think this won't happen in streaming as the competition heats up, they've nabbed their desired market share, and the focus shifts to retaining existing customers.

And here's where net neutrality and telecom merger mania comes in. If you're AT&T Time Warner or Comcast NBC Universal, you've got significant advantages in this race. One, you own both the conduit these services have to travel over, and you own much of the content competitors need to compete with you. And as we've already seen, these companies aren't shy about exploiting this advantage. AT&T, for example, only imposes usage caps on its broadband customers if they use a competitor's service. But if you use AT&T's streaming services, those arbitrary and unnecessary surcharges mysteriously disappear. Similarly AT&T offers discounts (like HBO for free or just $5) if you use AT&T's wireless services.

When you're getting telecom discounts tied to subscribing to AT&T (or Comcast's, or Verizon's) streaming service, which service do you think you're going to cancel first? And with the death of net neutrality, limited broadband competition, and folks like Ajit Pai being a mindless rubber stamp to industry, who exactly do you think will stop incumbent ISPs from exploiting this advantage anti-competitively? Again, there might be competition in streaming, but if there's no competition in broadband, and there's rampant regulatory capture, you're probably gonna have some market headaches.

Ultimately, history has shown repeatedly that when consumers can't get the content they want easily, cheaply, and quickly, they'll resort to piracy.

So The Office is leaving Netflix in 2021 to go to an NBC streaming service.... pic.twitter.com/TdVgxfvsgk

— Jamie (@Jamie_2455) June 26, 2019

Admitting this fact isn't condoning the behavior, it's just stating a fact. There's some early anecdotal evidence this is already happening, with BitTorrent usage seeing a notable uptick in recent years as it has gotten more and more cumbersome for users to identify which service holds the rights to the content they're looking for. In this case the telecom sector still wins, because the arbitrary and technically unnecessary usage caps and overage fees still net them money. You'll either subscribe to an ISP's own streaming services, or you'll get penalized for piracy or using a competitor. Comcast and AT&T win either way.

Again, none of this is to say that the rise of streaming competition is a bad thing. Just that there's going to be some growing pains over the next 5 years. Growing pains that the industry isn't particularly keyed into because they're all mindlessly running head down to the trough. And those that do realize that the rise of exclusivity will lead to piracy probably figure they'll cross that bridge when they come to it. And when they do get to that bridge and piracy rates soar, history suggests they'll probably try to blame everything but their own behavior for it.

Ultimately, it seems likely that in 5-10 years, even after the weaker options have been shaken out via competition, consumers will still desire some kind of central subscription repository that makes navigating all of these choices and finding content easy. Whoever controls that repository will control the kingdom. And with the pieces on the chess board as they are now, it's pretty damn likely that telecom could cheat their way to the throne. And should telecom be left in charge of what the future of TV looks like, you're likely going to find that future looks (and is priced) a lot like the cable TV options we fought so hard to innovate away from in the first place.
https://www.techdirt.com/articles/20...o-piracy.shtml





Nielsen Reports a Record Half a Trillion On-Demand Music Streams In U.S. so Far this Year
Sarah Perez

Music streaming services have already delivered a new high of half a trillion (507.7 billion) on-demand streams in the first half of 2019, according to Nielsen’s mid-year Music Report released this week. This record number — an increase of 31.6% over the first half of last year — was attributed to the success of singles and albums from Ariana Grande, Billie Eilish, Halsey, Khalid, BTS, Lil Nas X, and Bad Bunny, among other factors.

For example, the report also noted the outsized impact of TikTok and its global audience of 500 million monthly users.

“No emerging app helped break more songs in 2019 than TikTok,” Nielsen said.

It then pointed to various TikTok hits like 2019’s year’s most-consumed on-demand song, Nil Nas X’s “Old Town Road,” which saw 1.3 billion total on-demand streams year-to-date; as well as Ava Max’s “Sweet But Psycho,” which snagged 310 million on-demand streams (YTD); and Joji’s “Slow Dancing in the Dark,” with its 165 million on-demand streams (YTD).

The report additionally broke down the record 507.7 billion on-demand streams into both on-demand audio streams — like those found on Spotify and Apple Music — and on-demand video streams, found it was the latter that was growing faster.

According to Nielsen data, video streaming grew 39.6% from 124.7 billion streams in the first half of 2018 to 174.2 billion streams in the first half of 2019.

Meanwhile, audio streams only grew 27.8% by comparison, going from 261.0 billion streams in the first half of last year to 333.5 billion streams in the first half of 2019.

Further analysis by Music Business Worldwide found that, despite the record streaming numbers, annual growth in audio streaming is actually declining. This year’s 27.8% growth in audio streaming from H1 2018 to H1 2019 was a reduction from the 41.5% growth seen from H1 2017 to H1 2018. Or, more simply put, the annual growth in total U.S. audio streaming was over 4 billion streams smaller between the two reports.

Also trending downward are physical album sales (-15.1% to 32.5M); digital album sales (-24.4% to 19.1M); vinyl (-9.6% to 7.7M); and digital track sales (-25.6% to 153.1M).

The report made mention, too, of a few notable moments in music so far in 2019. One key finding, in terms of its relationship to technology companies, was Marshmello’s concert held in Fortnite. Nielsen found the event led to “major gains” in artist’s catalog, with 13,000 equivalent units earned during the debut week of “Marshmello: Fornite Extended Set” — the DJ/producer’s largest sales week to date. His album “Joytime II” in the week following his appearance in Fortnite saw a 316% increase in sales, as well.

The full report, which dives into individual artists and trends, is available here.

The data was calculated from Jan. 4, 2019, through June 20, 2019.
https://techcrunch.com/2019/06/28/ni...far-this-year/





Regal Cinemas Readying Unlimited Ticket Subscription Program
Anthony D'Alessandro, Nancy Tartaglione

EXCLUSIVE: Sources confirm to us that Regal’s new unlimited movie ticket subscription service is prepping to launch at the end of July in the U.S. Details are still being ironed out between the major studios and Regal’s parent company, Cineworld, based in London.

Here’s what we know: There will be three tiers of pricing, which work out to $18, $21 and $24 per month, each granting access to unlimited tickets (really). While the monthly price of AMC Stubs A-List movie ticket subscription program varies by state, we hear that Regal’s is based on theater location. Those purchasing a top-priced tier will have access to any Regal Cinema (i.e., from Valencia, CA to 42nd Street in NYC), while the lowest tier gets access to about half of the chain’s national footprint. If someone purchased a subscription at a low tier and ventures to an out-of-network Regal in a higher tier (like a major city), there’s apt to be a surcharge (not final, but around $2-$3) on a gratis ticket.

There are also 10% cash reductions on concessions for each tier, which are immediate rather than receiving a voucher for the next visit. Also, there’s buzz that Regal Unlimited subscribers will have to purchase an entire year in advance for the unlimited ticket program, hence the tier prices respectively would be $288, $252 and $216.

At this point in time, it’s not clear whether premium venues (Imax, Dolby 3D, Premium Large Format screens, Dbox) will be included in the monthly subscription like it is with AMC’s. Studio executives have mentioned to us in passing that a greater degree of revenue exists in upcharging a subscriber on premium tickets. Details are still being worked out despite what many might be reading in online chat rooms.

Regal’s new program is specifically aimed at passionate moviegoers who go to the movies well in excess of two times a month. While we understand Cineworld isn’t making a specific play to dynamite millennials into the multiplex, the popularity of these one-price all-you-can-eat subscription programs, ala Netflix, is that they’re in sync with the under 35 demo’s spending habits. Not to mention in a Deadline/NRG study back in April, close to half of those polled felt the current monthly price of streaming was just right compared to the 27% who felt the current price of a movie ticket was fair. Thirty-three percent said the price of streaming was a bargain compared to 15% who felt the price of a movie ticket was still a bargain.

The Regal Unlimited system was based off CineWorld’s Unlimited in the UK, which has been running for well over a decade. The chain pioneered the concept of a movie-ticket subscription program well before MoviePass could utter the words. Just like ticket prices vary around the UK, so they do in the U.S., where it ranges from $9-$18. Hence, it’s not in Cineworld’s financial interest to offer an unlimited cost that would be the same for every customer, everywhere. As we saw with MoviePass, that’s just a recipe for disaster.

Regal already has a frequent moviegoer program, “The Regal Crown Club,” that is free. Members earn 100 points for every dollar they spend on tickets or concessions. Among the main perks: spend $180 and you get a free movie ticket (upgrades like Imax are extra). Those who spend $60 get a free small popcorn, while $70 gets you a free soft drink. Members can also choose to spend points on movie-related merchandise.

In regards to launching an unlimited movie ticket program stateside, Cineworld took its time so as to get the details right in the wake of MoviePass’ freefall with its $9.95-per-month program last year. Prior to MoviePass going off a cliff last July, AMC’s Stubs A-List program launched a year ago, which now counts north of 860,000 subscribers. Their monthly price varies by state, ranging from $19.95 a month to $23.95 a month plus tax. Members also enjoy a number of benefits including free premium upgrades (i.e., Imax, Premium Large Format tickets, 3D), RSVPing tickets ahead with no ticket fees, concession upgrades and refills.

Cinemark also has a monthly loyalty program, though it’s significantly slimmed down and not as lavish as those from its big chain rivals. For $8.99 a month, a Cinemark Movie Club membership provides one 2D movie ticket with premium-format ticket upgrades available, the ability to RSVP seats and buy tickets in advance with no online fees, additional tickets at the member price of $8.99 each and a 20% discount on concessions during every visit. Unused tickets roll over and never expire for active members.
https://deadline.com/2019/07/regal-c...ld-1202640441/





MoviePass Suspends Service Citing Technical Problems, Plans to Recapitalize Company
Todd Spangler

Starting July 4, MoviePass will be out of commission for the next several weeks — at least — with the struggling theater-subscription service provider saying it needs to fix technical issues and finish work on a new version of its app.

There was also a hint that the money-losing MoviePass business is running low on funds. The company, in announcing the temporary shutdown, said it “plans to use this time to recapitalize in order to facilitate a seamless transition and improved subscriber experience once the service continues.”

As of March 21, 2019, MoviePass’ parent company — Helios and Matheson Analytics — said it had cash on hand of about $2.8 million and $13.1 million on deposit with its merchant and fulfillment processors related to MoviePass subscription revenue. Helios and Matheson said it netted $5.56 million in new financing from “certain institutional investors,” which closed March 25.

Helios and Matheson’s net loss more than doubled in 2018, to $329.3 million, on revenue of $232.3 million, according to its latest financial filing. The company took a $38.5 million write-down for the third quarter of 2018 related to the impairment of goodwill in the MoviePass business, and it said it expects to record an impairment charge of $35.9 million for Q4 for MoviePass.

MoviePass said it put the service on hiatus starting at 5 a.m. ET on July 4. The company said the suspension is due to “maintenance-related issues.” It didn’t provide details on what the problems are or how the new MoviePass app will be enhanced.

“Once we have resolved these technical problems, the service will be live again. We estimate this process will take several weeks,” MoviePass said in a tweet Wednesday.

During MoviePass’ shutdown, subscribers will not be charged and they’ll be automatically credited for the number of affected days once the service continues, according to the company. In addition, MoviePass currently is not accepting new subscribers.

In a statement, MoviePass CEO Mitch Lowe said the suspension is required to complete work on an improved version of the MoviePass mobile application. “There’s never a good time to have to do this,” Lowe said. “But to complete the improved version of our app, one that we believe will provide a much better experience for our subscribers, it has to be done.”

The number of MoviePass subscribers plummeted from more than 3 million last year to just 225,000 in under a year, according to Business Insider report in April. A MoviePass spokeswoman disputed the report but declined to provide current subscriber figures.

The subscriber plunge stemmed from MoviePass’ change in August 2018 to eliminate the one-movie-per-day plan, priced at $9.95 per month. The new $9.95 plan allows subscribers to see just three movies each month. This year, it rolled out a refashioned “unlimited” option, for $14.95 per month, to again allow customers to see one movie daily but warning that movie choices will be restricted based on “system-wide capacity.”

Helios and Matheson is the target of a securities-fraud probe by the New York Attorney General, which is looking into whether the company misled investors. MoviePass also is the target of a class-action lawsuit by subscribers claiming the change in the “unlimited” plan was a deceptive “bait-and-switch” tactic.

Helios and Matheson Analytics currently owns approximately 92% of the outstanding shares of MoviePass, after closing a deal to acquire control of the service in December 2017. Helios and Matheson fully owns MoviePass Ventures, which was established to acquire completed indie films, and 51% of MoviePass Films, a joint venture with Emmett/Furla Films. The company also owns Moviefone, which it bought from Verizon last year.
https://www.newstimes.com/entertainm...l-14071394.php





It’s Harder to Enjoy a TV Show While Tweeting About it, UConn Study Says
Tess Vrbin

More than half of television viewers between 18 and 24 years old engage in social media on a second screen while watching, but a new UConn study says this engagement does not increase enjoyment of a show.

The UConn Department of Communication found in its study that tweeting reduces viewers’ ability to immerse themselves into the TV narrative.

“Social media metrics are an important and widely used measure of user engagement, (but) engagement may not necessarily mean enjoyment,” Saraswathi Bellur, a UConn assistant professor of communication who co-authored the study, said in an email.

Researchers separated 230 college students into two groups. One group watched the television show “Friends” while sending at least five tweets, and the other group watched the same show without tweeting.
[Related] Local doctor’s book about ‘good Nazi’ made into documentary film »

A survey afterward showed that the participants who did not tweet were more likely to be “transported” into the show and feel “more intensified emotions,” the release states. Not focusing entirely on the narrative of the show is likely what reduces enjoyment, said Xiaowen Xu, a UConn doctoral student who co-authored the study.

“You’re asking people to do a different thing when they could have involved themselves more with the story,” she said. “It kind of takes away part of their cognitive ability to get immersed.”

Some TV shows encourage and initiate audience conversations on social media, and the study imitated that to an extent, Xu said, but more research needs to be done.

“We need more studies that can systematically examine whether engaging in such Twitter interactions during a break, for example, instead of while watching the show, would be less disruptive of their enjoyment,” Bellur said. “It could also depend on the type of show, drama versus sports versus news.”

The type of social platform, such as Instagram instead of Twitter, or interactions between friends instead of the general public might also affect audience enjoyment, she said.

There have been other studies about “media multitasking,” such as memory tests, but the UConn study is unique because it measured participants’ emotions, Xu and Bellur both said.
https://www.courant.com/news/connect...ixm-story.html





Elizabeth Warren Accuses Advisory Panel for FCC of Corruption

FCC Chair Ajit Pai must "explain the extent to which CSRIC may be corrupted by corporate influence," the Democratic senator says.
Corinne Reichert

A panel that provides policy advice to the Federal Communications Commission is "stacked with corporate insiders," Democratic presidential candidate Elizabeth Warren said Monday. She cited a blog post by the Project On Government Oversight (POGO), which showed more than half of all Communications Security, Reliability and Interoperability Council (CSRIC) members are direct employees of private companies or of industry trade groups.

This could lead to allegations that rather than working for American consumers, the FCC is working for "giant telecom companies", Warren, a Democratic senator from Massachusetts, tweeted Monday.

"This is the definition of corruption: industry members writing the rules to benefit themselves & their rich friends," she added in another tweet. Sen. Warren has called on FCC Chair Ajit Pai to "explain the extent to which CSRIC may be corrupted by corporate influence."

POGO's analysis of membership looked at the affiliations of the 183 people who have served on the council since 2011.

"In total, 124 members -- over 67 percent -- represented industry," POGO said. "And that figure is likely conservative because it does not take into account that some groups our methodology categorized as representing civil society or academia receive substantial financial funding from industry."

A letter from Warren and Rep. Pramila Jayapal dated June 27, spotted earlier by The Hill, asks for information from Pai on whether the panel is "inappropriately dominated by industry (pdf) insiders."

"The industry-dominated personnel on the panel have recommended policies that are directly in line with the wishes of the companies from which their members are drawn," the letter says, adding that POGO says a lack of expertise among FCC members means they rely increasingly on the panel's recommendations.

The FCC didn't immediately respond to a request for comment.

Warren and Jayapal have also asked for any communications between Pai or an FCC member and any members of the panel since Pai became chair.

The senator has been targeting technology issues in the run-up to the 2020 presidential election: Warren's presidential platform includes a call to break up tech giants like Facebook, Amazon, Google and Apple because they have too much power over the economy, society and democracy.

Last month, she also asked Assistant Attorney General Makan Delrahim to remove himself from heading up the antitrust investigation into Google and Apple, arguing his previous work as a lobbyist on behalf of the two tech giants makes for a conflict of interest. The US Department of Justice is investigating Silicon Valley's tech juggernauts over whether they're engaging in "anticompetitive conduct."
https://www.cnet.com/news/elizabeth-...of-corruption/





Frontier Customer Bought his Own Router—But has to Pay $10 Rental Fee Anyway

Customer-owned FiOS router works just fine, but Frontier refuses to waive fee.
Jon Brodkin

Buying your own router instead of renting one from an ISP is one of the few reliable ways to save money on a broadband bill.

But what if you buy and use your own router and the broadband provider still charges you a $10-per-month rental fee? That's the bitter reality for Frontier Communications customers such as Rich Son of Texas.

Son has been a Frontier customer since April 2016 when Frontier purchased Verizon's wireline networks in Texas, California, and Florida. Prior to that, he was a Verizon FiOS customer and purchased Verizon's FiOS Quantum Gateway router for $200 in order to avoid monthly rental fees.

Son and his wife, Karen, still use that FiOS router with their Frontier service at their home in a suburb near Dallas, and Son says Frontier never provided him with another router. But Frontier started charging them $5 a month for what's listed as a "Wi-Fi Router" fee on their bill, and the company raised the router fee to $10 a month in April of this year. Including the router rental charge, the couple pays $90 a month for a 150Mbps broadband plan with no TV or phone service.

Using the FiOS router to avoid rental fees "worked well for me until the takeover happened with Frontier and I began getting charged for using my own equipment," Son told Ars. "I have continued to call Frontier and was repeatedly assured that the fees will be taken off my bill."

But that didn't happen. While Son was able to get three months' worth of credits at one point last year, he said he's otherwise had to pay the $5 and now $10 router fees every month since Frontier bought Verizon's Texas network.

Complaint to FCC goes nowhere

Son filed a complaint with the Federal Communications Commission; Frontier responded to the complaint but stuck to its position that he has to pay the fee. A voicemail that Frontier left with Son and his wife said the company informed the FCC that "the router monthly charge is an applicable fee, and it will continue to be billed."

Another voicemail from Frontier told them they can avoid the monthly rental fees if they purchase a Frontier router.

"We can reimburse you if you purchase a Frontier router. We cannot reimburse you if you have a Verizon router—we are not Verizon," the voicemail said. "You can choose to use your own router, however you will be still charged the monthly fee... the difference is we do not service the router that you choose to use."

The FCC's complaint process can help customers in some cases but doesn't require the provider to do anything other than respond within 30 days. The FCC complaints team told Son in an email, "We reviewed the provider's response and based on the information submitted, we believe your provider has responded to your concerns."

With FCC Chairman Ajit Pai having deregulated the broadband industry, there's little to no chance of the commission taking action to stop fees like the one charged by Frontier.

"It's $10 today—but how much will it cost us tomorrow?" Son said. "I'd consider letting it go if their customer service blew me out of the water, but they've been terrible ever since Verizon forced Frontier on us."
Frontier defends router charge

We contacted Frontier about Son's case. The company confirmed that it refuses to stop charging the Wi-Fi router rental fee even when customers use their own router and claimed it does so in order to cover higher support costs for customers like Son.

Frontier told Ars:

Our Frontier Residential Gateway (router) is Frontier equipment provided with every service order and specifically designed to work with our service. Our advertising and our residential Internet terms and conditions make clear that our service includes equipment charges, such as the router charge, and neither our advertisements nor our terms and conditions provide any exceptions. A customer may choose to use their own router, but if the customer does, our router charge continues to apply. Also, we cannot support or repair the non-Frontier equipment.

Though infrequent, when a customer chooses to use a non-Frontier router, we see increased complaints and more difficulty with troubleshooting, performing online resets, and providing simple resolutions, so it costs more to serve that customer. Therefore, if a customer uses their own router, the charge still applies to cover these costs. Frontier cannot support or repair non-Frontier equipment.


Frontier's website states simply that "Frontier charges you a monthly lease fee for your Frontier router or modem—whether you use it or not," and it claims that the Frontier-provided router is "the exact model needed for the peak performance of your voice, TV, and Internet services." Specifically, Frontier uses an Arris NVG468MQ router but also notes on its website that "Frontier Internet works with a variety of routers, like the Arris NVG443B and the Netgear D220D."

While Frontier told us that its equipment is "provided with every service order," Son says he never received a router from Frontier. The company is literally charging him every month for a router that was never provided to him.

And while Frontier claims non-Frontier routers cause support problems, this is hard to believe in Son's case: he is using a router specifically designed to work with the FiOS network and which continues to work more than three years after Verizon sold the FiOS network to Frontier. Son told Ars that he hasn't needed to call Frontier about any problems with his router, though he has called the company plenty of times to dispute the router rental charge. Customers that buy their own routers are often more tech-savvy than the general public and are thus able to troubleshoot problems themselves, Son noted.

“It’s in Frontier’s interest”

To defend the fee, Frontier is trying to make the simple act of hooking up a router seem more complicated than it really is.

"I think it's in Frontier's interest to make it seem like this is some weird specialized equipment that communicates with their backend in some advanced technical way, but that's not true," Senior Counsel John Bergmayer of consumer-advocacy group Public Knowledge told Ars.

With FiOS fiber service, each house is equipped with an Optical Network Terminal (ONT), which does the heavy lifting of communicating with the FiOS network. Using your own router to set up Wi-Fi is not complicated even if it isn't officially supported by the ISP.

"This is discriminating against users who want to use their own equipment," Bergmayer said. Since "it's just a standard router, it's not some proprietary network interface where there's a good reason for it."

Since Frontier charges the fee even when customers use their own router, the actual cost of service is $10 more than Frontier's advertised rates, Bergmayer pointed out.

"Any time you have a fee which is not part of the advertised service but you can't opt out of the fee and everyone has to pay it whether or not you're using the thing [the fee is supposed to cover], then that's just part of the service charge" and should be listed in the advertised rate, Bergmayer said.
Legal options are limited

Theoretically, the Federal Trade Commission or state attorneys general could file lawsuits against ISPs and argue that this type of fee is unfair and deceptive and therefore violates consumer-protection laws.

It would be easier to stop this kind of practice at the FCC—the US agency that exists specifically to regulate telecommunications networks. But the Pai FCC's elimination of net neutrality rules and deregulation of broadband also got rid of rules requiring ISPs to be more transparent with customers about hidden fees. Pai's broadband deregulation also eliminated a general prohibition against unjust or unreasonable prices and practices. In short, the FCC gave up most of its authority to regulate broadband providers.

"For categories of behavior that are never OK, it's just preferable to have a rule against it rather than having to rely on state AGs to enforce their general-purpose consumer-protection statutes," Bergmayer said.

The FTC has to regulate many industries besides telecom. "It's not like they have this endless supply of investigators to throw at consumer complaints," Bergmayer said.

The FCC enforces a rule against negative option billing, the practice of charging a customer for services or equipment the customer did not affirmatively request. But that rule applies only to TV service, not broadband.
Other Frontier users fight same losing battle

Son is not alone in his frustration with Frontier. A Reddit user and Frontier customer reported the same problem in a post last year.

"When the technician was setting things up I told him I wouldn't need the router provided by Frontier since I would use my own. He removed the router from my account and took the router with him," the customer wrote.

Like Son, this customer was charged $10 a month for renting a router that wasn't being used.

"After talking to four different customer service people, it seems that the router rental is part of the package and can't be removed," the customer wrote. "Which seems ridiculous to me since, if I want to keep my Internet service with them, I have to pay $10 a month for something I don't want."

Other Frontier customers posting in the same Reddit thread also reported that Frontier refused to waive the fee. As one customer wrote, "I feel like this is a fraudulent practice because I am being charged a rental fee for an item that I do not have possession of."
https://arstechnica.com/information-...al-fee-anyway/





Amazon Seeks Permission to Launch 3,236 Internet Satellites
Nathaniel Mott

Amazon wants the U.S. Federal Communications Commission (FCC) to give it the go-ahead to launch 3,236 satellites that would be used to establish a globe-spanning internet network. Seeking Alpha reported that Amazon expects "to offer service to tens of millions of underserved customers around the world" via the network, which the company is developing under the code-name Project Kuiper.

News of Project Kuiper broke in April, when Amazon uncharacteristically confirmed its work on the project to GeekWire. The company often declines to comment on reports concerning its plans; it seems the development of thousands of internet-providing satellites is the exception. The company had yet to seek FCC approval for the project, though, which is what Seeking Alpha reported today.

So what does this plan to offer space internet with a weird name actually involve? Amazon explained in April:

“Project Kuiper is a new initiative to launch a constellation of low Earth orbit satellites that will provide low-latency, high-speed broadband connectivity to unserved and underserved communities around the world. This is a long-term project that envisions serving tens of millions of people who lack basic access to broadband internet. We look forward to partnering on this initiative with companies that share this common vision.”

Expanding Internet access has become something of an obsession among tech companies. Google offers fiber Internet services as well as its own cellular network, Facebook scrapped plans to offer internet access via drones in June 2018, and Amazon isn't the only company hoping to use low Earth orbit satellites to allow previously unconnected people to finally join the rest of the world online. It's a bit of a trend.

Project Kuiper could potentially bring Amazon closer to Blue Origin, the space exploration company founded by Amazon founder Jeff Bezos, should they collaborate on the satellite network. Even if the companies don't, connecting more people to the Internet could be a boon for Amazon. The company wouldn't necessarily have to convince those people to buy things from its marketplace, either, thanks to the variety of digital services it offers.
https://www.tomshardware.com/news/am...fcc,39805.html





Top VPNs Secretly Owned by Chinese Firms

Nearly a third of top VPNs are secretly owned by Chinese companies, while other owners are based in countries with weak or no privacy laws, potentially putting users at risk, security researchers warn
Warwick Ashford

Almost a third (30%) of the world’s top virtual private network (VPN) providers are secretly owned by six Chinese companies, according to a study by privacy and security research firm VPNpro.

The study shows that the top 97 VPNs are run by just 23 parent companies, many of which are based in countries with lax privacy laws.

Six of these companies are based in China and collectively offer 29 VPN services, but in many cases, information on the parent company is hidden to consumers.

Researchers at VPNpro have pieced together ownership information through company listings, geolocation data, the CVs of employees and other documentation.

In some instances, ownership of different VPNs is split amongst a number of subsidiaries. For example, Chinese company Innovative Connecting owns three separate businesses that produce VPN apps: Autumn Breeze 2018, Lemon Cove and All Connected. In total, Innovative Connecting produces 10 seemingly unconnected VPN products, the study shows.

Although the ownership of a number of VPN services by one company is not unusual, VPNpro is concerned that so many are based in countries with lax or non-existence privacy laws.

For example, seven of the top VPN services are owned by Gaditek, based in Pakistan. This means the Pakistani government can legally access any data without a warrant and data can also be freely handed over to foreign institutions, according to VPNpro.

The ability to access the data held by VPN providers, the researchers said, could enable governments or other organisations to identify users and their activity online. This potentially puts human rights activists, privacy advocates, investigative journalists and whistleblowers in jeopardy.

This lack of privacy, the study notes, extends to ordinary consumers, who are also coming under greater government surveillance.

“We’re not accusing any of these companies of doing anything underhand. However, we are concerned that so many VPN providers are not fully transparent about who owns them and where they are based,” said Laura Kornelija Inamedinova, research analyst at VPNpro.

“Many VPN users would be shocked to know that data held on them could be legally requested by governments in countries such as China and Pakistan.

“Our recommendation is that people do a lot of due diligence on the VPN that they want to use, since they aren’t all created equal and simply using a VPN does not guarantee privacy or security.”

VPNpro identified a further four companies: Super VPN & Free Proxy, Giga Studios, Sarah Hawken, and Fifa VPN, which together own 10 VPN services – where the parent company, and therefore company of origin, is completely hidden.

In February 2019, two US senators raised concerns about this issue and the potential threat to consumers and government agencies, calling on the Department of Homeland Security to investigate the possibility that VPNs are allowing valuable information to be routed to foreign adversaries.

In a letter, Democrat Ron Wyden and Republican Marco Rubio asked Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA) under the DHS, to perform a VPN threat assessment to determine potential risks to the US government, SearchSecurity reported.

In a factsheet on VPNs, civil liberties and privacy group Big Brother Watch warns that VPN providers have the potential to see users’ internet activity, “but many paid for VPNs make it clear that they do not log any of their user’s traffic”.

This prevents VPN providers from giving a document of any of the websites users visit, the guidance states.

Big Brother Watch recommends that free VPNs should be avoided because they may not be secure and could track users.

“If you want to be sure your online activity stays private, make sure you choose a VPN which does not log your internet activity and online traffic,” the guidance says. “Not all VPNs are the same. Make sure you do your research before choosing a VPN.”
https://www.computerweekly.com/news/...-Chinese-firms





Internet Group Brands Mozilla ‘Internet Villain’ for Supporting DNS Privacy Feature
Zack Whittaker

An industry group of internet service providers has branded Firefox browser maker Mozilla an “internet villain” for supporting a DNS security standard.

The U.K.’s Internet Services Providers’ Association (ISPA), the trade group for U.K. internet service providers, nominated the browser maker for its proposed effort to roll out the security feature, which they say will allow users to “bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK.”

Mozilla said late last year it was planning to test DNS-over-HTTPS to a small number of users.

Whenever you visit a website — even if it’s HTTPS enabled — the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. The security standard is implemented at the app level, making Mozilla the first browser to use DNS-over-HTTPS. By encrypting the DNS query it also protects the DNS request against man-in-the-middle attacks, which allow attackers to hijack the request and point victims to a malicious page instead.

DNS-over-HTTPS also improves performance, making DNS queries — and the overall browsing experience — faster.

But the ISPA doesn’t think DNS-over-HTTPS is compatible with the U.K.’s current website blocking regime.

Under U.K. law, websites can be blocked for facilitating the infringement of copyrighted or trademarked material or if they are deemed to contain terrorist material or child abuse imagery. In encrypting DNS queries, it’s claimed that it will make it more difficult for internet providers to filter their subscribers’ internet access.

The ISPA isn’t alone. U.K. spy agency GCHQ and the Internet Watch Foundation, which maintains the U.K.’s internet blocklist, have criticized the move to roll out encrypted DNS features to the browser.

The ISPA’s nomination quickly drew ire from the security community. Amid a backlash on social media, the ISPA doubled down on its position. “Bringing in DNS-over-HTTPS by default would be harmful for online safety, cybersecurity and consumer choice,” but said it encourages “further debate.”

One internet provider, Andrews & Arnold, donated £2,940 — around $3,670 — to Mozilla in support of the nonprofit. “The amount was chosen because that is what our fee for ISPA membership would have been, were we a member,” said a tweet from the company.

Mozilla spokesperson Justin O’Kelly told TechCrunch: “We’re surprised and disappointed that an industry association for ISPs decided to misrepresent an improvement to decades old internet infrastructure.”

“Despite claims to the contrary, a more private DNS would not prevent the use of content filtering or parental controls in the UK. DNS-over-HTTPS (DoH) would offer real security benefits to UK citizens. Our goal is to build a more secure internet, and we continue to have a serious, constructive conversation with credible stakeholders in the UK about how to do that,” he said.

“We have no current plans to enable DNS-over-HTTPS by default in the U.K. However, we are currently exploring potential DNS-over-HTTPS partners in Europe to bring this important security feature to other Europeans more broadly,” he added.

Mozilla isn’t the first to roll out DNS-over-HTTPS. Last year Cloudflare released a mobile version of its 1.1.1.1 privacy-focused DNS service to include DNS-over-HTTPS. Months earlier, Google-owned Jigsaw released its censorship-busting app Infra, which aimed to prevent DNS manipulation.

Mozilla has yet to set a date for the full release of DNS-over-HTTPS in Firefox.
https://techcrunch.com/2019/07/05/is...n-dns-privacy/





The Worm That Nearly Ate the Internet

It infected 10 million computers. So why did cybergeddon never arrive?
Mark Bowden

Just over 10 years ago, a unique strain of malware blitzed the internet so rapidly that it shocked cybersecurity experts worldwide. Known as Conficker, it was and remains the most persistent computer worm ever seen, linking computers with Microsoft operating systems globally, millions of them, to create a vast illicit botnet, in effect, a black-market supercomputer. That much power controlled by its unknown maker posed an existential threat not just to any enterprise connected to the web, but to the internet itself.

Botnets, networks of secretly linked personal computers controlled by an unseen hand, have launched some of the most notorious dedicated denial of service attacks, flooding websites with so many data requests that they crash. A 2012 attack all but shut down online operations at major banking institutions. They also spread malware. Botnets were behind the WannaCry ransomware attack of 2017 which infected an estimated 200,000 computers in 150 countries and crippled computer networks at National Health Service hospitals in England and Scotland.

A cyberweapon called EternalBlue, stolen in 2017 from the National Security Agency’s secret labs, has been used to attack the networks of entire cities — Baltimore is still struggling to free thousands of municipal computers infected just last month. Botnets also enabled Russia’s meddling in the presidential election in 2016, sending millions of social media users false stories.

Conficker’s botnet was easily capable of launching any of the above — and far worse. At its height, when it consisted of at least 10 million individual IP addresses, there were few computer networks in the world secure enough to withstand an attack from it. And yet it was used only once, to spread a relatively minor strain of “scareware” intended to frighten unsuspecting users into downloading fake antivirus software. That attack was surprisingly pedestrian, like taking a Formula One racecar for a slow ride around the block. Surely something bigger was coming.

Join Jamelle Bouie as he shines a light on overlooked writing, culture and ideas from around the internet.

But it never did. Why? Who created Conficker, and why bother if they were not going to use it?

Today, thanks to extraordinary sleuthing by the F.B.I. and some of the world’s premier cybersecurity experts, there are answers to these questions. They offer an unsettling reminder of the remarkable sophistication of a growing network of cybercriminals and nation states — and the vulnerability of not just our computers, but the internet itself.

Fear of Conficker — the name was coined by Microsoft programmers combining “con,” from the name TrafficConverter.biz, the website used for the worm’s joy ride, with a German expletive — peaked on April 1, 2009, when a new, more virulent strain that could spread directly from computer to computer without any action by users, was programmed to activate.

This new iteration prompted scary headlines and prime-time TV warnings — CBS’s “60 Minutes” called Conficker “one of the most dangerous threats ever.” Shawn Henry, assistant director of the F.B.I.’s cyber division, said its potential for damage was as great as “a weapon of mass destruction or a bomb in one of our major cities.”

But then, when the appointed date came and no attacks were launched, and no networks crashed, anxiety over Conficker evaporated.

Something, however, had happened. Neither joke nor disaster, the worm quietly made its adaptation, slipped the grasp of cybersecurity sleuths and accelerated its growth. This was where things stood when I wrote about Conficker for The Atlantic in 2010, and then in the book “Worm,” published the following year. The botnet’s reach was vast, real, but dormant.

There were competing theories for why. One was that it was the work of academic hackers who had created it as a lab experiment and then accidentally unleashed it — one could understand why they would be reluctant to claim authorship. Another was that it was a cyberweapon developed by a government, perhaps even by the United States.

Neither theory was correct. While some experts still disagree, most now believe that Conficker was the work of Ukrainian cybercriminals building a platform for global theft who succeeded beyond all expectation, or desire. The last thing a thief wants is to draw attention to himself. Conficker’s unprecedented growth drew the alarmed attention of cybersecurity experts worldwide. It became, simply, too hot to use.

This explanation was detailed in an article published in December 2015 by The Journal of Sensitive Cyber Research and Engineering, a classified, peer-reviewed publication issued by a federal interagency cybersecurity working group including the Pentagon, Department of Homeland Security and N.S.A. — and distributed to a small number of experts with the appropriate security clearances. The article itself was not classified, but reached only a small readership. I obtained a copy this year.

The article was written by three computer scientists at SRI International, a laboratory in Menlo Park, Calif., who were part of the ad hoc group formed in 2008 to combat Conficker, known as the Conficker Cabal. Two of them, Phil Porras and Vinod Yegneswaran, were the first to spot Conficker. The third author, Hassan Saidi, was the first to reverse-engineer it.

Their journal article lays out the digital trail that led detectives to the five men, four Ukranians and a Swede, who the F.B.I. says launched, and probably created, the worm.

The first clue was the worm’s very sophistication. The method by which it infiltrated the core of computers demanded intimate knowledge of Microsoft engineering. It exploited newly discovered flaws in the Microsoft Windows operating system before most users downloaded security patches, and employed cutting-edge cryptographic methods. It had innovative ways of disguising its point of origin and hiding its controllers. As the Cabal made efforts to halt its spread, the worm quickly adapted, adopting effective countermoves. There was no slowing it.

But Conficker’s most impressive feature was its cryptography. Creators of illicit botnets want to protect their investments by encrypting internal commands and controls, lest their malware be hijacked by competing criminals or shut down by security experts.

Conficker’s encryptionClose X was worlds ahead of most. It employed three of the most sophisticated coding methods in existence, RC4, RSA and MD6, all produced by the premier cryptologist in the world, Ron Rivest, of the Massachusetts Institute of Technology. A draft version of the latest of these, MD6, had been released only weeks before Conficker appeared, as an entry in a contest to reset the United State’s official top-level encryption method. MD6 was just a proposal, and as such was known only to Mr. Rivest’s lab and to the experts from the National Institute of Standards and Technology judging the contest. The only way to obtain it was to visit Mr. Rivest’s website or that of the N.I.S.T. contest. Conficker became MD6’s first known use.

Other features of the worm offered clues. It was designed to self-destruct in any computer using a Ukrainian keyboard, a sure sign that its makers lived there and were trying to avoid running afoul of the law in their own country. A test run provided another clue. On Dec. 1, 2008, the botnet’s millions of infected computers were instructed to contact TrafficConverter.biz, a well-known criminal site, on the same day, a volume of traffic it could not handle. They had inadvertently launched a denial of service attack on themselves. The blunder suggested the brains behind Conficker did not realize how widely their virus had spread.

The worm continued to evolve. To control it, the unseen hand behind the huge botnet had to issue a command. To disguise the source of that command, the worm daily generated 250 new “domains,” numeric labels that identify computer networks online. The Cabal scrambled in 2008 to decipher the worm’s coding to discover, purchase and then effectively shut down all 250 of these domains every day. This required transactions with commercial internet registrars worldwide.

To counter that effort, the worm’s creators upped the challenge. When a new iteration of the malware, Conficker C, arrived in late February 2009, it increased the number of new daily web addresses to 10,000 — 3.65 million a year. Suddenly the cost of fighting Conficker skyrocketed: The credit card bills of one Cabal member assigned to purchase web addresses rose into the six figures.

The real break came when the creators tried to refine Conficker’s already extraordinary cryptography. Months after Mr. Rivest submitted the MD6 proposal to N.I.S.T., a flaw was discovered, corrected and resubmitted. As with the original version, this correction was known only to a very small circle of elite cryptographers. The earliest versions of Conficker had employed the original, flawed version. When Conficker C appeared, it used the corrected one.

This significantly narrowed the window during which Conficker’s creators had revisited either the M.I.T. or N.I.S.T. websites. Combing through the relatively few experts who used the websites just before Conficker C appeared, investigators found the IP address of smartsystem.com.ua — the address of a Ukrainian company that was the recipient of millions swindled by TrafficConverter.biz. It was a gotcha moment.

On July 21, 2011, an F.B.I. agent, Norm Sanders, and Francis Franze-Nakamura, an assistant United States attorney, along with Ukrainian national police arrested three Ukrainians: Sergey Kamratov, Dmytro Volokitin and Yevgen Fatyeyev. They were insouciant men in their 30s who drove multimillion-dollar black Porsches and lived in penthouse apartments. They had met in school and were partners in smartsystems.com. Their company had more than 100 employees. Each claimed to earn the equivalent of only $30,000 annually — Mr. Kamratov said he was a schoolteacher.

“There was more cash than that spread out on their kitchen counters,” said Mr. Sanders.

Computers at their residences revealed direct links to smartsystem.com.ua, to TrafficConverter.biz and to the coding work and planning behind Conficker. The three were charged in Ukraine for failure to pay taxes on their illegal income, which was estimated in the tens of millions of dollars. I could not determine if they were prosecuted there, as my requests for information from Ukrainian authorities went unanswered. My suspicion is that they all were soon released and have gone back to work either for themselves or for the state. (The Swede, Mikael Sallnert, was arrested in Denmark and extradited to the United States, where he pleaded guilty in 2012 and was sentenced to 48 months in prison. The fifth man, Victor Mauze, was named in the indictment but has not been prosecuted.)

Malware in Ukraine is big business. Some e-crime companies have their own buildings in office parks, with salaried employees who show up for work every day wearing ID badges, collect health benefits and enjoy company picnics. The takedown of smartsystem.com.ua caused a significant but only temporary cessation of scareware; the criminals have moved on.

Ransomware is the new plague, and it funnels money from victims by using Bitcoin and other anonymous payment methods. Because fewer victims know how to use such payment methods, the criminals try to make up the gap by raising the ransom fees tenfold from the old credit card days.

New versions of Microsoft’s operating system effectively bar infection by Conficker. So as older computers go off line, the size of the great botnet continually shrinks. Today it is estimated to consist of about 500,000 infected computers. A lot of damage can be done with a botnet of that size, but it is unlikely, given the fuss it created, that Conficker will be used.

Newer botnet-creating malware programs prudently aim for slower-growing infections that create smaller botnets. But criminal enterprise online has not slowed. Both the criminals and law enforcement have grown more sophisticated.

Meanwhile, the stakes have grown much higher. Today experts like those in the Cabal are less concerned about criminal activity online than cyberwarfare. Conficker’s potential was scary not because of its potential to commit theft, but because of its far greater potential for launching a cyberattack on computer networks.

“The epidemic style of Conficker’s spread gave us a clear picture of what a full-scale cyberattack might look like,” Mr. Porras said. “Only, thankfully, without the consequences.”

We are in the age of digital warfare. In recent years we have seen cyberespionage and cybersabotage campaigns by the United States, China, North Korea, Russia and Iran. Stuxnet, a strain of malware thought to have been created by American and Israeli experts, temporarily stalled Iran’s nuclear program by sabotaging centrifuges used to refine weapons-grade uranium. Nations today are seeding the critical infrastructure of other nations with malicious logic designed to destroy, and digital tools — like the malware pilfered from the N.S.A., EternalBlue — are now in the arsenal of every major country.

When the next threat arises, we will no longer depend, as we did with Conficker, on an ad hoc group of private experts to respond. The United States has a cybersecurity command at the Pentagon, and there are aggressive efforts by Homeland Security and intelligence agencies to counter and launch digital attacks. From the vantage point of just eight years, the fears stirred by Conficker seem quaint.

The internet, born of a dream of universal connectivity and ready access to the knowledge of ages, has succeeded both for better and for worse. It ties the world together in many good ways, but it has also become a broad avenue for theft, hatred, lies, ignorance and subversion.

Lately, it invites destruction. The lesson of Conficker is that crippling attacks on industry and even nation states no longer require a powerful military-industrial complex and expensive arsenals of planes, ships, bombs and missiles. The poor can play, too. All one needs is know-how — and a keyboard.
https://www.nytimes.com/2019/06/29/o...m-ukraine.html





Sting Catches Another Ransomware Firm — Red Mosquito — Negotiating With “Hackers”

We recently wrote about two U.S. firms that promised high-tech ransomware solutions but instead paid the cyber-attacker. A U.K. company appears to do the same.
Renee Dudley

ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up for ProPublica’s Big Story newsletter to receive stories like this one in your inbox as soon as they are published.

ProPublica recently reported that two U.S. firms, which professed to use their own data recovery methods to help ransomware victims regain access to infected files, instead paid the hackers.

Now there’s new evidence that a U.K. firm takes a similar approach. Fabian Wosar, a cyber security researcher, told ProPublica this month that, in a sting operation he conducted in April, Scotland-based Red Mosquito Data Recovery said it was “running tests” to unlock files while actually negotiating a ransom payment. Wosar, the head of research at anti-virus provider Emsisoft, said he posed as both hacker and victim so he could review the company’s communications to both sides.

Red Mosquito Data Recovery “made no effort to not pay the ransom” and instead went “straight to the ransomware author literally within minutes,” Wosar said. “Behavior like this is what keeps ransomware running.”

Since 2016, more than 4,000 ransomware attacks have taken place daily, or about 1.5 million per year, according to statistics posted by the U.S. Department of Homeland Security. Law enforcement has failed to stem ransomware’s spread, and culprits are rarely caught. If files encrypted by attackers are not backed up, and a free public decryption tool is unavailable, usually the only way to clear them is paying the ransom, said Michael Gillespie, a software analyst in Illinois whom the FBI has honored with a community leadership award for his help on ransomware. But clients who don’t want to give in to extortion are susceptible to firms that claim to have their own methods of decrypting files. Often, victims are willing to pay more than the ransom amount to regain access to their files if they believe the money is going to a data recovery firm rather than a hacker, Wosar said.

On its website, Red Mosquito Data Recovery calls itself a “one-stop data recovery and consultancy service” and says it has dealt with hundreds of ransomware cases worldwide in the past year. It advertised last week that its “international service” offers “experts who can offer honest, free advice.” It said it offers a “professional alternative” to paying a ransom, but cautioned that “paying the ransom may be the only viable option for getting your files decrypted.”

It does “not recommend negotiating directly with criminals since this can further compromise security,” it added.

Red Mosquito Data Recovery did not respond to emailed questions, and hung up when we called the number listed on its website. After being contacted by ProPublica, the company removed the statement from its website that it provides an alternative to paying hackers. It also changed “honest, free advice” to “simple free advice,” and the “hundreds” of ransomware cases it has handled to “many.”

Besides Red Mosquito Data Recovery’s website, a company called Red Mosquito has its own website. A person answering the phone at the Red Mosquito site said they are “sister” companies and that RMDR, as it is known, specializes in helping ransomware victims. The Red Mosquito site markets a wider array of cyber-services.

The two U.S. firms, Proven Data Recovery of Elmsford, New York, and Hollywood, Florida-based MonsterCloud, both promised to use their own technology to help ransomware victims unlock their data, but instead typically obtained decryption tools from cyberattackers by paying ransoms, ProPublica found.

We also traced ransom payments from Proven Data to Iranian hackers who allegedly developed a strain known as SamSam that paralyzed computer networks across North America and the U.K. The U.S. government later indicted two Iranian men on fraud charges for allegedly orchestrating the extortion, and banned payments to two digital currency destinations associated with them. Proven Data chief executive Victor Congionti told ProPublica in May it paid the SamSam attackers at the direction of clients, and didn’t know they were affiliated with Iran until the U.S. government’s actions. Congionti said that Proven Data’s policy on disclosing ransom payments to clients has “evolved over time” and it is now “completely transparent.”

MonsterCloud chief executive Zohar Pinhasi said in May that its data recovery methods are a trade secret and it doesn’t mislead clients. A spokesperson said Friday that Pinhasi stands by his earlier statements.

For his Red Mosquito Data Recovery experiment, Wosar said he created a fake ransomware, which he named “GOTCHA.” He also drafted a ransom note — laden with typos such as “immidiately” for authenticity, since many attackers aren’t native English speakers — with instructions for contacting the hacker, according to a copy of the note that he provided to ProPublica. Like many actual ransom notes, Wosar’s included a unique ID sequence, and instructed the victim to use it in any reply, the copy shows. Such a sequence helps real hackers know which victim is paying them. Wosar said he inserted it so that he could confirm it was Red Mosquito Data Recovery contacting him at the “hacker” email address, even if the firm didn’t identify itself. The ID sequence was an encrypted version of the company’s own name, he said.

On April 17, posing as prospective client “Joe Mess,” Wosar sought RMDR’s help, according to emails he provided to ProPublica. Attaching the ransom note and sample files, he wrote in an email, “Two days ago I found my home server to be hacked by someone and all my pictures, documents, videos, and other files have been renamed to .gotcha files and encrypted... I don’t have any backups but I do not want to pay those assholes.”

“I am very confident we will be able to recover your files,” someone identifying himself as Conor Lairg replied later that day from a Red Mosquito email address, copies of the correspondence show. “We are now running tests and I will be in touch as soon as possible with an update.”

Two minutes later, Wosar’s hacker email account lit up with a response from “tony7877@protonmail.com.” The subject line contained the unique ID he had assigned to the victim, which meant the message could only come from Red Mosquito Data Recovery or someone that the company shared it with.

“How much for decrypt?” the respondent asked.

Meanwhile, “Joe Mess” pressed Lairg for confirmation that Red Mosquito wouldn’t pay the ransom: “So you think you may be able to help without me having to pay the ransom?”

“We are still investigating and will get back to you as soon as possible,” Lairg responded.

Less than an hour later, Wosar, posing as the hacker, began negotiating with “tony7877@protonmail.com,” the correspondence shows.

“$1200 in Bitcoin,” he wrote. “You pay, we provide key and decriptor (sic) to recover data.”

The respondent sought a better deal. “Can you do for 500 USD,” it replied.

Wosar’s hacker alter ego agreed to lower the price. “$900. Take it or kiss data bye bye,” he wrote. “We don’t run chairity (sic) here.”

The contact told him it would try to obtain the Bitcoin needed.

The next day, documents show, Lairg wrote to Wosar’s victim email address, saying he was “pleased to confirm that we can recover your encrypted files” for $3,950 — four times as much as the agreed-upon ransom. Lairg said the firm would recover the files within an estimated three business days. Payment would be required before recovery began, but the money would be returned if they couldn’t recover any of the files, he wrote.

Posing as the victim, Wosar asked: “How did you do it?” Lairg did not answer, instead providing details of how to handle payment and outlining steps to prepare for the recovery, such as disabling anti-virus software that could interfere with decryption, according to the documents. Wosar said he stopped communications after that.

No one named Conor Lairg is listed on the contact pages of either Red Mosquito website or on LinkedIn. Calls to both Red Mosquito companies did not reach him.

In its investigation, ProPublica found that both MonsterCloud and Proven Data used aliases in dealing with customers.

Using the same ruse, Wosar said, he also contacted Proven Data, MonsterCloud, and a company outside the U.S. with which his experiment is still in progress. Proven Data was “very open about paying ransoms so no point to following up after that,” Wosar said. He said MonsterCloud, which currently serves businesses and government agencies hit by ransomware rather than home users, did not respond.

“Wosar is well respected in the cyber security community, and we take no issue with him poking and prodding various cyber security companies,” Pinhasi, the MonsterCloud CEO, said in a statement Monday. “MonsterCloud did not respond to his inquiry simply because we do not serve individual consumers – there was no action to be taken. However, it’s my strong preference that oversight and regulation be done through appropriate bodies – industry and/or government organizations that are both peer reviewed for proper checks and balances and also utilize proper scientific method, study methodology, and processes.”

This is the second time that Wosar has targeted Red Mosquito, he said. In 2016, he said this year, he and another researcher created a variant of ransomware and used it to infect one of their own computers. Then they emailed Red Mosquito, as well as MonsterCloud and Proven Data, posing as a victim who didn’t want to pay a ransom, he said.

The firms eagerly agreed to help, claiming the ability to decrypt ransomware strains that were not actually breakable — and they didn’t mention that they paid ransom, Wosar said. The email accounts that he’d set up for the imaginary attacker began receiving emails from anonymous addresses offering to pay the ransom, he said. He traced the requests to the data recovery firms. Wosar said he no longer has the email correspondence from the 2016 sting.

Congionti and Pinhasi both said they could not recall the particular case. Red Mosquito did not respond to an emailed question about it.

“Ransomware victims need to be aware that there’s no silver bullet when it comes to restoring their data,” Wosar said. “There is also no shame for a data recovery company in paying the ransom, as long as they are open and transparent about it.”
https://www.propublica.org/article/s...g-with-hackers





Amazon Alexa Keeps Your Data with no Expiration Date, and Shares it Too

A US senator asked questions, and Amazon provided answers you might not want to hear.
Alfred Ng

If you have hangups about Amazon and privacy on its smart assistant, Alexa, you're not alone. Even after Amazon sent answers to a US senator who had questions about how the tech giant retains voice data and transcripts, the lawmaker remains concerned about Alexa's privacy practices.

Sen. Chris Coons, a Democrat from Delaware, sent a letter to Amazon CEO Jeff Bezos in May, demanding answers on Alexa and how long it kept voice recordings and transcripts, as well as what the data gets used for. The letter came after CNET's report that Amazon kept transcripts of interactions with Alexa, even after people deleted the voice recordings.

The deadline for answers was June 30, and Amazon's vice president of public policy, Brian Huseman, sent a response on June 28. In the letter, Huseman tells Coons that Amazon keeps transcripts and voice recordings indefinitely, and only removes them if they're manually deleted by users.

Huseman also noted that Amazon had an "ongoing effort to ensure those transcripts do not remain in any of Alexa's other storage systems." But there are still records from some conversations with Alexa that Amazon won't delete, even if people remove the audio, the letter revealed.

Privacy concerns aren't just limited to voice assistants, not with smart technology finding its way into more household items like doorbells and locks. And tech companies aren't always up front about what kind of data they collect or how much control you have over it.

"The American people deserve to understand how their personal data is being used by tech companies, and I will continue to work with both consumers and companies to identify how to best protect Americans' personal information," Coons said in a statement.

When reached for comment, Amazon referred to the letter for details.

In the letter to Coons, Amazon noted that for Alexa requests that involve a transaction, like ordering a pizza or hailing a rideshare, Amazon and the skill's developers can keep a record of that transaction. That means that there's a record of nearly every purchase you make on Amazon's Alexa, which can be considered personal information.

Other requests, including setting reminders and alarms, would also remain saved, Huseman noted, saying that this was a feature customers wanted.

"Customers would not want or expect deletion of the voice recording to delete the underlying data or prevent Alexa from performing the requested task," Huseman said in his letter.

That feature raised concerns among privacy advocacy groups, which discovered that Alexa's "Remember" feature didn't delete information stored unless people called Amazon's customer service to delete the entire profile. Amazon said it's since fixed the issue and called it a bug.

The answers didn't exactly inspire confidence in Amazon for Coons.

"Amazon's response leaves open the possibility that transcripts of user voice interactions with Alexa are not deleted from all of Amazon's servers, even after a user has deleted a recording of his or her voice," the lawmaker said in a statement. "What's more, the extent to which this data is shared with third parties, and how those third parties use and control that information, is still unclear."

Amazon said it uses the transcripts for training its voice assistant, and also so customers can know what Alexa thought it heard for voice commands. Those transcripts aren't anonymized -- Amazon explained that they're associated with every user's account.
https://www.cnet.com/news/amazon-ale...shares-it-too/





Microsoft's Ebook Apocalypse Shows the Dark Side of DRM
Brian Barrett

Your iTunes movies, your Kindle books—they’re not really yours. You don’t own them. You’ve just bought a license that allows you to access them, one that can be revoked at any time. And while a handful of incidents have brought that reality into sharp relief over the years, none has quite the punch of Microsoft disappearing every single ebook from every one of its customers.

Microsoft made the announcement in April that it would shutter the Microsoft Store’s books section for good. The company had made its foray into ebooks in 2017, as part of a Windows 10 Creators Update that sought to round out the software available to its Surface line. Relegated to Microsoft’s Edge browser, the digital bookstore never took off. As of April 2, it halted all ebook sales. And starting as soon as this week, it’s going to remove all purchased books from the libraries of those who bought them.

Other companies have pulled a similar trick in smaller doses. Amazon, overcome by a fit of irony in 2009, memorably vanished copies of George Orwell’s 1984 from Kindles. The year before that, Walmart shut down its own ill-fated MP3 store, at first suggesting customers burn their purchases onto CDs to salvage them before offering a download solution. But this is not a tactical strike. There is no backup plan. This is The Langoliers. And because of digital rights management—the mechanism by which platforms retain control over the digital goods they sell—you have no recourse. Microsoft will refund customers in full for what they paid, plus an extra $25 if they made annotations or markups. But that provides only the coldest comfort.

“On the one hand, at least people aren’t out the money that they paid for these books. But consumers exchange money for goods because they preferred the goods to the money. That’s what happens when you buy something,” says Aaron Perzanowski, professor at the Case Western University School of Law and coauthor of The End of Ownership: Personal Property in the Digital Economy. “I don’t think it’s sufficient to cover the harm that’s been done to consumers.”

"This is why we call DRM media and devices defective by design."

John Sullivan, Free Software Foundation


Presumably not many people purchased ebooks from Microsoft; that’s why it’s pulling the plug in the first place. But anyone who did now potentially has to go find those same books again on a new platform, buy them again, and maybe even find a new device to read them on. For certain types of readers, particularly lawyers and academics, markups and annotations can be worth far more than $25. And even if none of that were the case, the move rankles on principle alone.

“Once we complete a transaction you can’t just reach into my pocket and take it back, even if you do give me money,” says John Sullivan, executive director of the nonprofit Free Software Foundation. “It’s not respecting the freedom of the individual.”

A Microsoft spokesperson referred WIRED to a Frequently Asked Questions page, which states that “your books will be removed from Microsoft Edge when Microsoft processes the refunds,” in “early July.”

More than anything, Microsoft’s ebook rapture underscores the hidden dangers of the DRM system that underpins most digital purchases. Originally intended as an antipiracy measure, DRM now functions mostly as a way to lock customers into a given ecosystem, rather than reading or viewing or listening to their purchases wherever they want. It’s a cycle that has persisted for decades and shows no signs of abating.

“These events keep happening,” Perzanowski says. “When they happen there is a sort of momentary blip of outrage and frustration, and people get upset. And then they go about their lives until the next time, and everyone’s surprised and frustrated all over again but without a sense that something needs to happen to change this power dynamic.”

One reason DRM persists is that it remains relatively hidden from the consumer. Amazon and other ebook stores do offer some non-DRM titles but don’t make the distinctions clear. And Perzanowski’s research has shown that a “sizable percentage” of shoppers think that clicking Buy Now entitles them to similar ownership privileges of digital goods—lending, gift-giving, and more—as their physical counterparts.

There’s also no real enforcement mechanism in place. The Federal Trade Commission has some authority here; it was only after FTC pressure that Walmart decided not to shut down its DRM servers completely back in 2008. But half measures like Microsoft’s reimbursement plan appears to be enough to stave it off. Congress could act, but it’s the body that codified DRM enforcement in the first place with 1998’s Digital Millennium Copyright Act.

The issue also extends beyond ebooks and movies. Think of Jibo, the $900 robot whose servers are shutting down. Or the Revolv smart-home hub that Google acquired and promptly shut down—sparking another FTC inquiry. Even Keurig tried to DRM its coffee pods. It’s bad out there.

“This is why we call DRM media and devices defective by design, or broken from the beginning. There’s self-destruction built into the whole concept,” Sullivan says. “This is still the prevalent way of distributing media. That companies still pull the plug is still surprising and frustrating.”

At least Microsoft can afford to pay off its impacted customers. The next time a platform folds—and takes its ecosystem with it—those affected might not be so lucky. Which is maybe the real lesson of Microsoft obliterating its ebooks: This has all happened before, and not nearly enough is being done to stop it from happening again.
https://www.wired.com/story/microsof...pocalypse-drm/




































Until next week,

- js.


















Current Week In Review





Recent WiRs -

July 29th, June 22nd, June 15th, June 8th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 30th, '11 JackSpratts Peer to Peer 0 27-07-11 06:58 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 01:38 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)