P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 30-09-15, 07:20 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - October 3rd, '15

Since 2002


































"Visiting the home page of Boston.com every day for a month would cost the equivalent of about $9.50 in data usage just for the ads." – Gregor Aisch


"I think the most fundamental issue is that we are way past the point in the evolution of computers where people auto-buy the next latest and greatest computer chip, with full confidence that it would be better than what they’ve got." – Robert P. Colwell


"People want quality and are tired of just seeing the same girl getting railed again and again." – XBiz conference attendee






































October 3rd, 2015




RIAA Chief Says DMCA is “Largely Useless” to Combat Music Piracy

Cary Sherman says DMCA has been "subverted into a discount licensing system."
David Kravets

Cary Sherman, the chairman and CEO of the Recording Industry Association of America, has some choice words about the current state of US copyright law. He says that under the Digital Millennium Copyright Act, rightsholders must play a game of whack-a-mole with Internet companies to get them to remove infringing content.

But that "never-ending game" has allowed piracy to run amok and has cheapened the legal demand for music. Sure, many Internet companies remove links under the DMCA's "notice-and-takedown" regime. But the DMCA grants these companies, such as Google, a so-called "safe harbor"—meaning companies only have to remove infringing content upon notice from rightsholders.

This has allowed legal streaming services to hold the music industry hostage, Sherman said in a recent Forbes editorial.

"Copyright law provides a 'notice and takedown' system theoretically intended to deal with such theft," he said. "In exchange for a legal 'safe harbor' from liability, online service providers must deal with instances of theft occurring on their site or network when notified. Unfortunately, while the system worked when isolated incidents of infringement occurred on largely static web pages—as was the case when the law was passed in 1998—it is largely useless in the current world where illegal links that are taken down reappear instantaneously. The result is a never-ending game that is both costly and increasingly pointless."

Sherman added:

Compounding the harm is that some major online music distributors are taking advantage of this flawed system. Record companies are presented with a Hobson’s choice: Accept below-market deals or play that game of whack-a-mole. The notice and takedown system—intended as a reasonable enforcement mechanism—has instead been subverted into a discount licensing system where copyright owners and artists are paid far less than their creativity is worth.

On Wednesday, for example, Ars told a story of songwriter who says he made $5,679 from 178 million Pandora streams.

Sherman went on to say that the notice-and-takedown system is "broken":

But while the music industry has embraced new technology and business models, the beneficiaries of this broken system cling to this antiquated law that was enacted at the turn of the century, well before the modern Internet and today’s most advanced (and unimagined) technologies.

This anti-DMCA argument comes at a time when there's renewed discussion at the federal level about whether Internet companies should play cops. Consider that the US Senate earlier this week scrapped a proposal, adopted in secret, requiring e-mail providers, social media sites, and other Internet companies to report online terrorist activity. Sen. Ron Wyden (D-Ore.) said it wasn't a good idea to "create a Facebook Bureau of Investigations."

It sure seems like Sherman wants to create, at a minimum, a Facebook Bureau of Copyright Investigations.
http://arstechnica.com/tech-policy/2...-music-piracy/





Microsoft-Funded Startup Aims to Disrupt File Sharing Networks; Is Bitcoin Vulnerable?
Vitalik Buterin

The Russian-based PiratePay startup is attempting an old, but in this application novel, strategy to help Hollywood fight against the file sharers that they claim are costing the economy 373000 jobs and $58 billion per year: DDOSing them. As Pirate Pay CEO Andrei Klimenko describes his company’s strategy, “We used a number of servers to make a connection to each and every P2P client that distributed this film. Then Pirate Pay sent specific traffic to confuse these clients about the real IP-addresses of other clients and to make them disconnect from each other.” Pirate Pay’s first testing run of their technology, helping obstruct downloads of the film Vysotsky: Thanks to God I’m Alive, appears to have been moderately successful, blocking 44845 attempted file transfers. Pirate Pay aims to charge $12000 to $50000 for their service depending on the scale of the project, and believes they can scale up their efforts to cause a much larger amount of disruption if necessary.

The question is, can this attack be used against Bitcoin as well? In terms of P2P disruptions in general, Bitcoin and BitTorrent already have a very similar cryptographic hash mechanism that prevents attackers from feeding in false data, making it impossible to force P2P users to download corrupted or malicious file segments or Bitcoin users to download blocks that are invalid or attempt to rewrite history without paying a cost a thousand times higher than what PiratePay is offering, but neither protocol has any built-in protection against IP-based attacks. It is entirely conceivable that an attacker will attempt to disrupt Bitcoin confirmations by preventing nodes from connecting to each other, and even have some success in disrupting P2P functionality. Indeed, there is one vulnerability which was fixed recently which attempted to do exactly this, and it is indeed possible that doing short term harm to certain parts of the network will be feasible once in a while in the future because of errors in the implementation of specific clients. However, in the long run such a strategy will find its efficacy limited by one feature that Bitcoin has that BitTorrent does not: DNS bootstrap. While BitTorrent is designed to work in a 100% decentralized way with no node being trusted more than any other node, making it vulnerable to attacks where thousands of malicious nodes introduce themselves into the system, the standard Bitcoin client has a bootstrapping system where it connects to a number of hardcoded nodes and gathers a list of trusted addresses from there, making it much more difficult to confuse nodes about where the other nodes’ addresses are. Even all peer-to-peer contact becomes impossible, the Bitcoin network could gracefully decay into a centralized block download service.

Also, it’s difficult to imagine that PiratePay’s disruption system will be able to effectively prevent file downloads for any significant length of time. Internet technology has shown itself to be rapidly advancing, and if PiratePay achieves any prominence whatsoever then it’s almost inevitable that someone will develop a slight modification to the protocol that will quickly render this attack obsolete. Possibilities include a decentralized IP reputation system, where clients connect to IPs that have been faithful to them (or other nodes that they already trust) in the past, an obfuscation system that makes it hard to tell what torrent users are sharing or even what protocol they are using, forcing PiratePay to risk arousing the ire of Blizzard, Skype (now part of Microsoft itself) or even governments, or defenses targeting specific aspects of the attack that PiratePay is currently not revealing but which will become public once the attack becomes widely implemented. It’s even conceivable that organizations like Anonymous will try to use various forms of denial of service attacks against PiratePay itself.

Finally, even if some disruption scheme is able to prevent some clients from connecting to the Bitcoin network even through the bootstrap system, unbroken network access is not nearly as necessary to participate in Bitcoin as it is in file sharing protocols. If you are attempting to download Vysotsky and PiratePay successfully disconnects you 99.9% of the time, it will take you 1000 times longer to download the file – increasing the download time to several months, making it a compelling proposition for many to either buy the movie instead or ignore it outright. If you are trying to send a Bitcoin transaction, however, and you experience 99.9% disruption, it will simply take a few hours for the transaction to get across the network rather than a few seconds. All it takes is one message to send a transaction from one node to another. There will of course be heavy blockchain splitting, and transactions may take a day to reliably confirm, but the transactions will eventually be relayed somehow.

Neither this attack nor any other will arrive at anything close to the end of copyright infringing file sharing, and Bitcoin has the advantages of far higher protocol efficiency and less need for secrecy that counteract even most attacks that may succeed against BitTorrent. Decentralized systems have proven themselves to be more reliable than centralized ones, but Bitcoin’s combination of the two paradigms is even stronger still. The best strategy to protect Bitcoin right now is not to worry about attacks against other protocols that may not even be used against Bitcoin at all, but rather to promote adoption of Bitcoin in general to help increase the size of the network and buffer it against any attacks or disruptions that attackers may try to implement no matter what their specific form.
https://bitcoinmagazine.com/articles...ble-1337825268





‘Spotify for Libraries’: Public Libraries Edge Toward Music Streaming Services

Some library streaming services have artists from Universal Music Group; others have artists from Sony Music -- but none have the entire industry's catalog, going against the all-access nature of the public library.
Rachel Dovey

As more people stream and fewer buy, Netflix-like subscriptions look like the reasonable bet for tomorrow’s music marketplace — a way for suppliers to mimic Spotify without going the freemium route. Apple Music, set to begin charging users September 30, is often lauded as the brave initiator of this potential future, but well outside Cupertino, a smaller company has spent the past five years pioneering a similar model in one of the last places you’d expect: The public library.

The service is called Freegal, and in August the Watsonville Public Library opened an account. As long as the branch pays an annual fee, patrons can stream thousands of artists from nearly 30,000 labels, many under Sony Music’s large umbrella. Cardholders can log in from anywhere — they don’t need to be inside the library — and they’re allowed up to three hours of streaming per day and three free downloads per week.

“We wanted to offer patrons a way to access music online, so that they could freely and legally listen,” says Heather Geddes, Principal Librarian of Public Services in Watsonville.

She’s not alone. In the Bay Area, both the Santa Clara County Library District and the San Mateo County Library offer the service. They’re joined by 5,000 others in 20 countries, according to Brian Downing, CEO of Library Ideas LLC (which owns Freegal).

The company’s reach makes sense: Libraries have long offered physical CDs, cassettes and LPs — why not switch to a listening format that, for better or worse, matches the consumption patterns of those kids and their darn iPhones? But not every library supports streaming services. Because the institution’s historic mission has been about providing free, open access to information, the costs and exclusive label contracts that come with companies like Freegal have some librarians opting out.

Sarah Houghton is one of them. In 2011 she published an entry to her popular Librarian in Black blog titled “Just say no to Freegal.” Now the Director of San Rafael Public Library, Houghton says she still stands by that post.

“Since [streaming has] become more prevalent on the consumer market, libraries have wanted to provide those services to our users,” she says. “Unfortunately, very few digital providers will actually license their content to libraries, so the selection is pretty slim.”

Her issues with Freegal are twofold. First, the cost — Houghton says the last quote her library received was about $20,000 annually, which would have been half of its digital operating budget. According to Downing, a library’s annual fee depends on several factors, including population served and number of cardholders, and can range from several hundred to six figures a year. Watsonville’s fee is significantly less than the sum Houghton quotes, running at about $4,000 a year, according to Library Director Carol Heitzig.

But Houghton also takes issue with the company’s business model which, she says, doesn’t mesh with the way libraries have traditionally operated.

“The way public libraries have worked, and been able to be a very good return on investment, is that we buy something once and then multiple people get to use it — whether that’s a book that we loan out ten times or a computer that 20 different people can use throughout the day,” she says. “With services like this, what the library is doing is paying for a piece of content for our patrons to use permanently, so it’s not the same kind of multiplying effect.”

Geddes, however, argues that while issues of lending and ownership aren’t as clear-cut with digital products, services like Freegal are still an important part of the library’s evolving mission. Aside from music streaming, she says, Watsonville offers online classes — publicly subsidized sessions that patrons don’t exactly check out and then give back.

“When you transition to online, from eBooks to music streaming, you just see a variety of products that are a little bit different,” she says. “[Libraries] are feeling them out and trying to offer the services that meet the needs of our communities.”

Freegal isn’t the only company of its kind. Hoopla, offered by San Francisco Public Library, San Jose Public Library and several others throughout the Bay Area, serves 816 libraries across North America. Its pricing structure differs from Freegal’s — libraries only pay for content that patrons borrow, with fees ranging $.99 to $2 a pop for albums, eBooks and DVDs. According to Passion Hemphill, PR representative for the company, many libraries cap the number of borrows each patron is entitled to.

The services are similar in one respect: Both pay artists — though neither Hemphill nor Downing would specify a percentage. According to Hemphill, artists receive mechanical, PRO and label royalties through Hoopla.

“We make agreements with labels, and those agreements are confidential,” Downing says.

A scroll through Hoopla’s website reveals an extensive catalog, including the Weeknd, Lana Del Rey and Rihanna, with content partners ranging from Universal Music and Warner Music to Chicago-based indie label Alligator Records. Freegal, however, doesn’t just have the wider circulation — it also has Sony. Downing wouldn’t confirm that Freegal’s contract with the publishing giant is exclusive, but he did write in an email: “[Y]ou won’t find Sony Music in any other service.” A search for “Beyoncé” in Hoopla’s database, for example, brings up an eBook biography and a smooth jazz tribute to the pop star.

But while Freegal offers everything from “Crazy in Love” to the self-titled Beyoncé, its catalog lacks many artists signed to Universal subsidiaries. Beauty Behind the Madness, the Weeknd’s newest release, is one of the first featured albums on Hoopla’s site. But run a search for “the Weeknd” through Freegal, and you’ll come up empty-handed save for some Juicy J and Travis Scott features.

And that — the fact that artists are siphoned into different services according to their label — frustrates David Dodd, Collections Manager for the Sonoma County Library.

“We no longer have access to a full marketplace of materials,” he says.

The Sonoma County Library doesn’t yet subscribe to a streaming service, though Dodd says it’s considering various vendors. But in some ways, he, too, finds the available models incongruous with the library’s historic goal of free, wide-ranging public access. One reason is that with limited funds, few libraries can purchase all the services they would need to make up a well-rounded digital catalog.

“It feels like publishers are running scared and labels are running scared,” he says. “Of course creatives and publishers have a right to make money off their works, but the public library has long been a model for how to make sure that it’s not just the wealthy who can afford that music and art.”

“Everything is available on the web,” he adds. “But not everything is freely available on the web.”
http://ww2.kqed.org/arts/2015/09/26/...sic-streaming/





The Music May Stop at a Storied Manhattan Studio
Matt A.V. Chaban

“Like a Virgin.” “Born in the U.S.A.” “Tattoo You.” Clapton’s “Unplugged.”

Some of the most popular albums of the 1970s, ’80s and ’90s were produced at a recording studio built inside an old Consolidated Edison power plant on West 53rd Street in Manhattan, just off 10th Avenue.

Yet it was the name of the studio — the Power Station — that attracted Chieko Imamura, because her great-grandfather had owned the headquarters of a Tokyo electric company. Her only musical experience until that point had been childhood piano lessons.

“I think I got this studio from God,” Ms. Imamura said last week, sitting inside the fourth-floor offices of Avatar Studios, as she rechristened the place. “I didn’t own it. I’m just a custodian.”

Providence notwithstanding, Ms. Imamura does indeed own the building, which she and her mother bought out of bankruptcy in 1996 from Tony Bongiovi, the studio’s founder and hitmaker supreme.

Now that she plans to sell the property, all those gold records could well become a thing of the past, replaced by chrome faucets and marble countertops. With the West Side booming, any developer who bought the building would almost certainly replace the recording equipment with apartments.

Ms. Imamura and her husband, Kirk Imamura, who manages Avatar, insist they are courting only buyers in the record industry who would continue the studio’s legacy.

And what a legacy it is. The studio was the birthplace of hits not just for the likes of Springsteen, Bowie, Dylan and Gaga, but for jazz greats like Herbie Hancock and Pat Metheny, and for Tony- and Grammy-winning Broadway cast albums like “Follies” and “Once.”

Whether there is an industry buyer with the desire to keep the studio going — or even a deep-pocketed would-be rock mogul — is an open question. The reverberations of new technology have diminished most artists’ ability to afford session time, while allowing them to replicate Avatar’s signature sound using something as simple as a laptop.

“We’re getting calls almost every day from developers,” Mr. Imamura said, “so the fact we’re ignoring them says something about our intentions.”

There was hardly any interest in the building in 1975, when it could be had for a song. The Con Edison plant, which had provided electricity for the old Ninth Avenue el, had been converted into studios for “Let’s Make a Deal,” the old game show, but the production company went bankrupt. New York City seized the property for unpaid taxes.

Mr. Bongiovi agreed to pay off the $312,000 lien, and the city even furnished the mortgage. Still, he had to move out of his apartment and live in the building. “Every cent I had went into the studio,” he said.

At the time, most studios were carpeted “dead” spaces, with little of the trademark echo that gave Motown studios their warmth. Having cut his first records in Detroit, Mr. Bongiovi wanted to recreate that sound in New York; he came up with an innovative system of pine slats and burlap panels in unconventionally shaped rooms that today could be mistaken for Frank Gehry-designed saunas. (One corner of Studio C, however, features vinyl flooring and cork walls, an almost exact reproduction of Motown’s Snake Pit studio).

“Tony was a genius,” said Nile Rodgers, the guitarist and producer who with his band Chic was the first to record in the studios. Mr. Rodgers was so impressed that as a producer he brought in Madonna to record “Like a Virgin,” and acts like Duran Duran, David Bowie and Barbra Streisand soon followed.

The free recording time Mr. Bongiovi provided for his cousin John helped launch the band Bon Jovi. Credit for its success is still a sore spot in the family.

Once when Mr. Bongiovi’s father was visiting he got into an elevator with his son and Bruce Springsteen.

“He turns to Bruce, having no idea who he is, and says, ‘You work here?’ ” Mr. Bongiovi recalled. “Bruce says yes, and my dad says: ‘You better make sure the room is clean. There’s a big star coming in, Bruce something.’ And Bruce, without missing a beat, just says, ‘Yes sir, I’ll make sure of it.’ ” The sleeve for the Boss’s 1980 album “The River” features photos shot on the roof.

When Meat Loaf was recording “Bat Out of Hell,” a member of his crew was constantly smoking marijuana, which set off the fire alarm at the studios. When police and firefighters arrived, Mr. Bongiovi ushered them into a separate studio where Mr. Springsteen was working, hoping a brush with stardom might convince them to look the other way.

They did.

Like so many studio owners then and now, Mr. Bongiovi ultimately fell victim to the advance of technology. After one label departed, costing him a third of his business, he invested heavily in audio-video production equipment for commercials and other work. When that enterprise never took off, the bank forced a sale.

The Imamuras have managed to keep the studio profitable by building additional studio space, but changes in the industry, and in technology, have meant fewer rock stars and more jingles.

“They’ve got entire layouts of the Power Station you can call up,” Mr. Rodgers said of the latest computer programs. “But it’s not the same.”

Even so, should Avatar close for good, it would devastate many in the industry.

“It’s sad that all the great studios are going away,” Cyndi Lauper, who recorded “True Colors” in the building, wrote in an email from Nashville, where she is recording her latest album. “There will never be such a magical room as the big room at Power Station. New York is losing its place as a great music town.”

Yet Avatar keeps on producing hits, among them Vampire Weekend’s “Contra” and a collection of Tony Bennett and Lady Gaga duets, “Cheek to Cheek,” that hit No. 1 on the Billboard album charts last year. Studio A, which can accommodate up to 70 musicians, remains popular with Broadway and soundtrack producers.

Despite their success, the Imamuras have decided they have had enough of the business. “The time has come,” Ms. Imamura said.

And their timing could hardly be better. The old Sony recording studios next door were demolished several years ago to make way for condos, and a site similar to Avatar, one block north, sold in February for $19.6 million.

Given that price, Avatar could be worth at least $27 million on a per-square-foot basis — if not more, since a developer could capitalize on its history of hits.

Imagine: “Studio Apartments at the Avatar.”

The Imamuras cannot fathom such a fate, but they may not have a choice. “We would take less from someone in the industry, of course, within reason,” Mr. Imamura said. “We are hopeful they are out there, but only time will tell.”
http://www.nytimes.com/2015/09/29/ny...d-records.html





If They Build It, Will We Come? Meet The Tech Entrepreneurs Trying To Take Back The Porn Industry

Porn has long been a driving force in tech and internet innovation, but the industry now finds itself in unprecedented danger thanks to piracy and free “tube” sites. These are some of the pioneers and entrepreneurs who are trying to fight back.
Charlie Warzel

It’s a cloudless, mid-January day in Los Angeles, and I’m in a cramped, dimly lit hotel conference room off the Sunset Strip getting scolded by the star of Gang Bang Darlings 8.

“I hope you all feel really guilty,” Vicky Vette tells me and the 30 or so porn professionals gathered here for a piracy panel at the XBiz360 Adult Digital Media Conference. Vette is dressed in a tight but tasteful pink tank top with distressed flared jeans and peep-toe flats. Just moments earlier a man dressed in a flame-kissed bowling shirt à la Guy Fieri asked the crowd to raise our hands if we’ve ever streamed porn for free online. All hands, most of them white and male, went up. Now, after Vette’s admonishment, he asks how many of us have shelled out for a $30 monthly subscription site.

I see one, maybe two, sheepish hands from men slinking in their seats. Even at porn industry conventions, nobody seems to be paying for porn.

The discussion is about how porn’s top directors and producers are coping with the scourge of piracy brought about by tube sites — the free, user-uploaded streaming porn video sites made in the image of YouTube — and tempers are rising. Midway through, an audience member wearing a golf shirt tucked into khakis adorned with a cell phone holster asks if the industry folk feel like they’re losing out to the glut of free porn on the internet, and a panelist cuts him off quickly: “No doubt. Anyone who says otherwise is lying to you.” One of the industry men on the panel tries to interject to extol the virtues of now-ancient-sounding DVDs, likening them to comic books as collectibles for the porn crowd. But as anyone who’s ever typed a risqué term into Google in the past 10 years knows, the kids aren’t buying and collecting dirty DVDs.

Colin Rowntree, one of online porn’s cadre of founding fathers, sporting a salt-and-pepper beard, friendly, sunken eyes, and a Tommy Bahama print shirt, rattles off bleak stats from memory. “Since 1998, there’s been an average of 70% drop in revenue on standard pay sites,” he tells the room. “You simply need to diversify. If you work 10 times harder than you did in the ’90s, then you can get close to getting back to the old revenues but not quite.” The room nods solemnly in agreement.

To an outsider, this is a brutally honest portrait of an industry in crisis. How can the porn business, which has squeezed performers and studios so far to the financial margins that it has become openly hostile to new entrants, innovate and survive? As an art form? I summon the courage to ask the panelists this very question. But before they can respond, a performer in the front row turns to administer my second scolding of the afternoon. “Well, what the hell are you going to jerk off to when we stop producing?”

According to some estimates, 36% of all internet downloads are of pornographic material. And while there’s no way to truly confirm these ever-changing figures, some observers have suggested that roughly 12% of the internet contains at least some pornographic content. In 2012, YouPorn told Extreme Tech that the site pulls in 100 million page views per day; at peak that’s 4,000 page views a second. And in PornHub’s 2014 year in review, the sites boasted 18.35 billion total visits and 78.9 billion total videos viewed. That’s 11 videos viewed for every person alive. A casual observer would probably assume that the internet has been great for porn; in one sense, it has been. Never before have so many people had immediate access to this much adult content.

But inside the industry, porn’s relationship to the internet is fraught. The adult industry is credited — quietly — with frequently building and shaping new technologies, and technology has long been credited with creating the porn juggernaut. A 1986 Merrill Lynch study, dredged up by adult industry scholar Jonathan Coopersmith, shows that “X-rated tapes constituted over half of all sales of pre-recorded tapes in the late 1970s.” It took until the mid-1980s for the rest of the market to catch up; in the meantime, Deep Throat racked up nearly $100 million, most of which came from sales of tapes.

Major architectural foundations of the internet also owe a debt to porn, which helped to pioneer e-commerce and credit card billing through adult pay sites in the 1990s. Coopersmith cites “cybersex promoters” in the ’80s and ’90s with leading the development and distribution of CD-ROMs, noting that Penthouse’s Virtual Photo Shoot software “won praise for being one of the most interactive games then manufactured.” You can also thank porn for the popularization of webcams, which began their boom as early as 1995 in adult online forums.

But if porn helped to conceive and nurture the modern internet, the internet has turned its back on porn. Major internet companies like Instagram and Tumblr have hidden adult content from internal search, and Google has removed porn while de-prioritizing adult sites in its search algorithms. Facebook, arguably the internet’s most important destination, has banned adult content outright since its inception, and mainstream billing sites and financial services firms have shut their doors to adult companies, citing them as “high risk” clients.

If online porn was built by technically proficient, big-dreaming smut innovators, it’s now under siege by, essentially, technically proficient, deep-pocketed, shell corporation–constructing scoundrels. Consumed and overwhelmed by the fruits of its own technological innovations, the adult world must once again return to its entrepreneurial, iconoclastic roots if it wants to reclaim its industry. If anybody has any clue what we’re going to jerk off to in the future, it’s probably these guys.

It’s a cold February night and I’m driving along the pitch-dark, blind-curved back roads of southern New Hampshire as Colin Rowntree tells me how he inadvertently went from being a classically trained orchestral conductor to a BDSM website proprietor. Rowntree’s tastefully furnished New Hampshire McMansion serves as a set and editing studio for Wasteland.com — it has that classic unlived-in model-home feel, but with fewer canyon views, more Keurig instant coffee machines, and a friendly old golden retriever who looks like he’d unwittingly lope into the shot during a particularly vigorous spanking scene.

Colin, 56, and his wife Angie, 54, are both in the Adult Video News Hall of Fame, but after 10 minutes talking to them, a stranger might guess that they own a burgeoning Adirondack chair business or run an artisanal scented-candle operation. Instead, this founding father of online porn has a plan to take back at least some power from the tubes.

Boodigo.com is their ethical porn search engine, a chance for them to regain some control of the adult internet. “It’s the culmination of our entire careers in this industry,” Colin says with a smile. He spent the last year building it with a couple of ex-Google engineers, and its premise is simple: a safe, secure search engine for adult content that doesn’t track users or mine any user data, algorithmically de-prioritizes free tube content, and actively weeds out deeply offensive and illegal content like child porn.

Boodigo is a direct response to Google’s tightening restrictions against adult content. In March 2014, Google eliminated adult advertising in its search products and largely cut access to the helpful Google employees who specialized in takedown requests from the adult industry. It’s also an attempt to curry favor with the growing legion of average porn consumers who are weary of having their most private browsing behaviors tracked. “Google is very, very good at what it does but it’s not what you want if you’re looking for something sensitive. Porn, fireworks, firearms. You want something naughty? Come to us and we won’t track your shit,” Colin says.

Colin explains how online porn has changed since he and Angie posted a few images of women in leather fetish gear on the web as part of a promotion for a hodgepodge direct-mail catalog site in 1994, accidentally launching one of the internet’s first adult pay sites. Since then, Colin and Angie (who runs the porn for women site sssh.com), have experimented with all styles of content and technologies to keep their niche sites afloat. There’s “This Old Dungeon,” which teaches people how to build bondage furniture, and BDSMPad, a tablet porn app, which launched the same day as the iPad with the tagline “We flagellate, you masturbate.” But for all the innovations, gimmicks, and decades of experience, the Rowntrees have watched the tubes destroy porn’s middle class and technological edge.

Colin and Angie have managed to make a sturdy living thanks to the niche nature of their sites, but the glut of free tube porn has squeezed margins. “I’ve seen members inside Wasteland download 20 years of movies in their trial period, and I know for a fact those all go on the tubes,” Angie says. As suspicious as the bulk downloads look, there’s little the Rowntrees — or other adult producers — can do to prove it. “We’ve tried to search user names inside Wasteland to see if they’re also there on PornHub, but they must have different names.”

Essentially, the Rowntrees’ proposition is that concerned internet users will eschew the convenience — and zero-dollar price point — of the tube sites in favor of privacy and peace of mind. So far it’s working, albeit slowly. Colin says Boodigo had 2.5 million unique daily visitors and 7 million queries at launch in September 2014. As of mid-August, the site was pulling in over a million more unique visitors per day, with 39% of visitors returning to the site. This past August, the site received 3.5 million uniques daily. “As long as the porn’s still there, they keep coming back because nobody is watching them,” Colin says. If it continues to take off, Boodigo could cut off some of the tube sites’ revenue by stanching the flow of traffic to pages that make money from traditional banner advertising. Given the dominance of the tubes, it’s more of a first strike than it is a finishing blow, but it’s one that could extend a lifeline to porn’s more niche subscription sites.

Only a week after launching Boodigo’s equivalent of Google’s AdWords module in January, Rowntree says he received his first five-figure ad buy, and since then Boodigo’s advertiser base has consistently grown to now over 400 advertisers. The organic search results have surpassed over 10 million adult sites. As porn producers look to reallocate some of their Google ad funds, Rowntree sees an enormous opportunity. As we pull into the three-door garage he recently used to film a food-fight orgy scene for Wasteland, Colin says, “I think I might be able to retire off this one someday.”

Streaming video, which was first introduced to the web in 1994 by the Dutch porn company Red Light District, enabled MindGeek — formerly Manwin and before that Mansef — to build the first tube sites, allowing users to upload scores of pirated porn videos. The company’s origins, much like its legality, are murky. Some link the beginnings of the MindGeek dynasty to early 2007, when Matt Keezer, one of the founders of the major online porn studio Brazzers, bought the PornHub domain for less than $3,000. It quickly grew thanks to revenue from banner ads, launching new brands like Mofos.com and acquiring tube sites like ExtremeTube and Tube8. The company consolidated under the name Mansef, but after a Secret Service raid and asset seizure of nearly $9 million, the founders, suddenly paranoid, sold the business off to Fabian Thylmann, a German programming prodigy, for a reported $140 million.

Under Thylmann’s management, ad revenues soared, and the company — renamed Manwin — nearly doubled to 500 employees by 2011. A New York magazine article suggests that Manwin’s pretax earnings nearly doubled between December 2009 and December 2010. While Thylmann made overtures to clean up tube piracy — Mansef, under the Brazzers owners, had been accused of allowing its users to upload troves of illegal clips to the porn sites — adult producers found it nearly impossible to stop their content from spreading illegally onto the tube sites. All the while, Manwin aggregators made fortunes from simple display advertising, which, in turn, allowed the company to buy up bigger tubes like YouPorn in 2011, and major mainstream adult production studios like Babes.com, Digital Playground, Reality Kings, and Twistys.

In 2012, Thylmann was extradited to Germany for tax evasion; Manwin has changed hands once again and is now operated as MindGeek. According to some reports, MindGeek owns eight of the top ten tubes sites, creating, essentially, a monopoly. As such, the company has the financial resources and the reach to force studios, producers, and performers to cooperate in any number of partnership deals. In many cases, they join up and give MindGeek tube sites HD preview content for less-than-optimal affiliate traffic kickback deals rather than compete with the monster sites. MindGeek declined to address the company’s checkered past, noting, “The current management cannot comment on alleged operations that took place years ago under previous leadership and owners.”

Even when worked up, most porn folks will admit the number of pirated clips on MindGeek-owned tube sites has decreased since the company bought many of the major adult studios. But the scourge is far from eliminated. In fact, there’s so much illegal material online that it’s created a cottage industry of copyright takedown entrepreneurs.

Nate Glass, owner of Takedown Piracy, removes thousands of illegal clips a week in his quest to right the piracy wrongs wrought by the tubes. His company just built a digital fingerprinting tool that identifies and flags stolen clips for copyright infringement takedown notices. He has eight studio clients on board and is confident that if all studios cooperated, he could drastically decrease the amount of pirated porn. “We took down 12,000 videos almost immediately for those eight clients who signed up,” Glass tells me, noting that the program has also identified 200,000 illegal videos as well as their copyright holders.

Glass worries that the viewer has no idea that their favorite, secretly bookmarked, banner ad–laden free porn repositories are contributing to the shrinking of the adult industry. In this way, the internet has ushered in a lost generation for porn: millions of young users who don’t just think paying for porn is for suckers, but don’t realize that porn isn’t free by default.

Recently Glass, along with adult performer Jessica Drake, went on a U.S. college tour to talk to students about stealing porn. It was dismal. “Many don’t even know that the porn they’re watching on PornHub is there without permission,” he told me. “When you sit down to rub one out, you’re not engaging in critical economic thought.” Glass says he sees fans tweet to adult performers with messages saying, “I love this scene of yours on PornHub,” only to have the performer tweet back that the clip is up illegally. “It doesn’t even enter their minds. It’s a different generational mind-set.”

Even some of porn’s established names sound weary describing the grind. “People think I make hundreds of thousands of dollars a year, which I don’t,” Stoya, the raven-haired 10-year industry veteran best known for her near-ubiquitous internet presence, tells me over coffee on a snowy February afternoon near NYU. Stoya blogs frequently about the adult industry — on her own site and for The Verge, Refinery29, Vice, and occasionally for the New York Times — and is as exhausted with the state of the industry as she is eloquent about its shortcomings.

Like their production counterparts, performers often need to diversify by performing in cam shows, auctioning clothing like their bras and panties, making molds of their orifices and appendages for licensed sex toys, and interacting with fans through paid texts, snaps, and even online video games. Performers are increasingly required to book scenes without royalties and are subsequently required to promote them relentlessly on social media. “I’m just tired,” Stoya says. And yet she sees a business opportunity amid the chaos.

“When you hit these kinds of walls, some people go one way and stagnate, and with others it forces you to innovate,” she says, thumbing through an incoming text on her iPhone. “One day Kayden [performer Kayden Kross and Stoya’s business partner] and I said, ‘We don’t want to work for anyone else anymore.’ See, we’re are spoiled because we’ve been contract performers for so long and so we started envisioning it, thinking, OK, DVD won’t work and we know that membership sites don’t work.” And so, last winter, she launched TrenchcoatX, a site that eschews the classic subscription model for one where viewers can preview and then pay for porn on a scene-by-scene basis. “Pay-per-scene exists with something like [the massive amateur porn site] Clips4Sale but it feels like Costco almost. We wanted this to feel like a brick-and-mortar store,” Stoya says.

With its tagline “Curated Smut,” the site seems to focus on highly original, artistically imagined, and expertly produced videos. Though TrenchcoatX isn’t the first to pilot a pay-per-scene model, the site’s videos and series aim to shoot provocative scenes and recurring series that, aside from the thrusting and exposed skin, look different from most of the porn on the internet. One of Stoya’s series, Around the World in 80 Ways, is governed by two rules: “Scenes have to be shot outside the San Fernando Valley, and they have to be fun for someone involved.” Another series is simply titled Fluid and celebrates all the elements that the particular term offers.

For the longtime performer, TrenchcoatX is also about fighting stagnation, not just with regard to her own work, but as it relates to the innovation of the medium. “Ten to twenty years ago you’d literally put a naked person on a DVD or on the internet and money just fell from the sky, to hear the old guard tell it,” she says as we finish our coffees. “And so today you look at performers and there seems to be a bit still of confusion. It’s this idea that, ‘Hey, wait, my job is a job now!’”

Perhaps one of the most compelling ideas of how to revitalize porn comes from Veronica Vain over an 11:30 a.m. burrito bowl in a cramped Upper East Side Chipotle. When Vain and I first met, she was not yet 100 days into her career as an adult performer but was nonetheless convinced she could bring product placement and native ads to porn.

According to Vain — a 23-year old Wall Street intern turned porn star whose conversation mixes market inefficiencies with anecdotes about on- and off-set cunnilingus — the tubes have already won. When Vain released her first video in February, a free 13-minute clip was released on PornHub. The full clip was available on behind a paywall at EvilAngel.com, the video’s distributor. That morning, the PornHub clip had over 2 million views. The Evil Angel clip had only 4,000 views. “So the market spoke. They wanted free porn,” she said bluntly and with hints of fatigue, as if she were trying to explain a chapter in a macroeconomics textbook to a dense college freshman.

Product placement works for movies and TV and music — so why not porn? Wares peripheral to the adult industry are ripe for product placement inside adult videos; sex toys, lubes, and condoms could be fit seamlessly into the preamble of an adult video. Add in some some breathy moaning about the branding particulars and sensible price points in between crescendoing oohs and aahs and you may just have yourself an alternative revenue stream.

But Vain’s dream lies in mainstream companies that already cultivate an edgier image (think Axe body spray and Monster energy drinks, or anything Ed Hardy) that could be marketed to the legions of frequent porn watchers. “The younger generation has less qualms with porn, and most companies that aren’t Folgers Coffee want porn watchers to buy their shit. They want them as the recurring revenue stream,” Vain explained. “Mommy and Daddy are dying soon.”

Vain describes her ideal future scenario. “Monster can go to MindGeek and say, ‘I want you to make me a big Monster scene with flashy cars and there’s a hot chick drinking Monster and wants to fuck all the guys.’ That would sell Monster,” she says, sitting back in her chair with a satisfied smile. “Maybe not that day, but there’s going to be a conversion between the guy who sees the Monster porn and then goes to the gas station and is choosing between Monster and Red Bull. He just had a nice little experience with Monster.”

Vain says she has the data to back her claims. Her first film, Screwing Wall Street, is a long product placement for an adult dating site called Arrangement Finders. In the scene, Vain pitches Arrangement Finders’ IPO as an investment opportunity to a powerful Wall Street executive. The pitch, a three-minute sexually tense ad for the site, goes over well, culminating in a celebratory boardroom sex romp. In this scenario, according to Vain, everybody wins, especially the advertisers. According to Vain, Arrangement Finders boasted a 426% increase in user sign-ups in the two days after Vain’s video hit PornHub.

Like Kross and Stoya, Vain is also trying to get in on the streaming game. Unabashed about milking every last bit of her Wall Street association, she says she’s close to securing significant financing to launch her own “Hulu for porn” operation that she’s named Bangbox. She argues that piracy alone isn’t what’s killing the industry. “It’s just easier getting content for free than buying it,” she says. “Even if you’re game to buy porn, it’s easier to get more of [a performer’s] content in one place on a tube than it is with a subscription.” And so Bangbox looks to take the best of both worlds and package it into a friendly streaming platform.

To hear her describe it, Bangbox will be searchable, customizable, and, like Netflix, learn your preferences from what you watch. It’ll host a slew of free three- to five-minute clips, with easy, one-click options to buy the full scene on a pay-as-you-go model. Unlike the tubes, where free scenes are typically longer but have no real way of directly converting to a sale of content, Vain hopes to make it easy to purchase a scene here and there on a whim. “Nobody has captured the impulse buying that you see with in-app purchases on phones,” she says. “The way I see it, each guy has three to five girls he likes, and if he could have something to surface that, preview it, and casually watch their stuff in one place, he’d be happy to buy it.” Vain says she’s given away 40% of Bangbox to a technology company and that they’ve built a sophisticated back end to the site. Vain adds that she’s waiting to close a round of angel funding by the end of September, which she plans to use solely for marketing and attracting talent with a possible beta launch later in the fall.

“I’m really just ripping off the Hulu site,” she says matter-of-factly. “It’s not revolutionary, but then again, I’m confident that people just don’t consume enough content to justify paying 30 bucks a month for access to 7,000 videos. There’s a better way and I want to build it.” Vain’s not alone in her pursuits. This summer, PornHub, a MindGeek company, rolled out its own subscription-based all-you-can-watch HD access package for $10 a month — something the company is trying to sell as “the Netflix of porn” (in reality, it’s just a marketing spin repackaging of MindGeek’s myriad subscription content with no advertisements).

But even she seems aware that there are limits to who will pay; for example, she doesn’t plan to pander to those who’re looking to hide their porn subscriptions from significant others. “I want people who’re comfortable with paying for porn,” she says. Vain’s entrepreneurial streak could very well out-earn her once-potential Wall Street career, but still, even though the ideas from the likes of Vain and the Rowntrees are practical, even technologically savvy, they feel like protective jabs intended to merely extend porn’s dreary fight into another round. So, where’s the knockout blow?

Cindy Gallop has a lot of lines. Here’s one of them: “I’m in the Steve Jobs reality-distortion business.” Her line, like many things Gallop says, is both immediately catchy and mildly perplexing; at first it makes decent sense but upon further inspection seems like it could be nonsense. Or maybe it’s the other way around? The same can be said of Gallop’s current fixation (and the reason for my visit to her eccentric, all-black, modeled-after-a-Shanghai-nightclub apartment): She wants to move porn out from the shadows as a vice industry, alter the way we talk about, think about, and share stories about our most private intimate relationships and, while she’s at it, essentially transform the future of adult entertainment.

That’s a monstrously tall order. But for Gallop it’s personal. Gallop is 55 but now only dates men in their twenties, a policy that has led her to believe that bad sex education combined with unlimited access to free porn has turned millennials into less than tender and attentive lovers. Her solution: Since porn has become a stand-in for sex education for most younger men, Gallop created MakeLoveNotPorn.com, which is essentially a PSA site to dispel myths about the adult industry. The More You Know, but for true facts about facials.

The site’s popularity quickly prompted a spin-off called MakeLoveNotPorn.tv, a pay site that features non-porn types filming themselves having sex with real partners and flings. The goal: to illustrate the varied landscape of real-world sex, which Gallop and her team define as fun, silly, embarrassing, messy, and markedly different from the deadly serious sex you’ll find on your average tube site.

“Imagine the sexual equivalent of’ ‘Charlie Bit My Finger,”’ she beams. Most, if not all, contributors on the site are paying members who film their scenes themselves, but Gallop believes there’s a way — through safe-for-work couple “intro videos” — to engineer virality that might get people to shell out the cash to watch the full scene. These “MakeLoveNotPornStars,” as Gallop calls them, lack the extreme proportions, fitness levels, tans, and natural gifts of most traditional porn stars. It’s a wholly different representation of sexuality that draws members with the promise of sex that looks familiar. So far MLNP has brought in 881 submissions, resulting in 333 videos on the site and 100 unique “MakeLoveNotPornstars” (mostly average Joes) and has roughly 350,000 members, according to Gallop.

Gallop hopes that real-world sex in the adult entertainment world will lead to viewers having a healthier relationship with porn. But there are limits to this altruism; there’s also, according to Gallop, substantial money to be made in sex-related startups and porn that makes you feel good about watching people being sexual. Gallop likes to recite the Silicon Valley mantra that the biggest problems deliver the biggest returns, and sees plenty of problems (an unhealthy cultural relationship with sex) and billions of potential users (people who, uh, like sex). And destigmatizing porn would ultimately mean drastically widening the pool of investors willing to back “sex tech,” which Gallop defines as “technology-driven ventures, designed to enhance, innovate, and disrupt every area of human sexuality and human sexual experience.”

“If [Silicon Valley] chose to actively focus on adult and sex as an area of investment, oh my god, the opportunities,” she says, rearing back into her couch with excitement. On the surface, the worlds of porn and tech seem uniquely suited to each other; the adult world needs the money, while venture capitalists, who often self-describe as risk takers, have a potentially massive audience in porn consumers and, consequently, billions to be made (the adult industry alone has been said to be valued at $87 billion in 2015). But even with erotica having its zeitgeist moment (50 Shades, etc.), Gallop struggles. “High-profile VC firms can’t bounce my investor profile back fast enough,” she sighs. “You’d be amazed how many fucks are given when it comes to sex tech.”

At an event Q&A this winter, Gallop confronted PayPal founder and infamous investor Peter Thiel — who recently led an investment in a marijuana tech company — to ask if he thought startups focusing on sex tech, or the future of sex, were as untouchable as the rest of Silicon Valley. Thiel stepped around the question with a sterile non-answer. And for the past nine months Gallop has struggled to bring angel investors on board to fund MLNP.tv. “It goes like this: I meet with somebody who’s interested and captivated by the idea. We have a great conversation, and then talk to spouse or a friend who will say, ‘What the fuck?!’ and all of a sudden the dialogue just disappears,” Gallop says.

The tech world’s reluctance to invest in sex tech has led some, like Brian Shuster, to pursue their own futures. Shuster has been involved in the adult world since online porn’s beginnings. Currently, he runs Utherverse, an online virtual community that looks a lot like The Sims and allows real people to create alter egos and live second — and oftentimes seedier — lives online. Only in Utherverse, possible and frequent goings-on include but are not limited to buying drinks, chatting about the weather, going to strip clubs, and doling out blow jobs in digital club bathrooms. For a growing number in the adult industry, this sort of virtual reality sex is the last major frontier in the adult space. And Shuster is their guide.

Shuster believes that the adult industry’s woes have little to do with tubes and piracy. “We’ve always had piracy of some kind since the beginning. What really happened is the adult industry online grew exponentially; revenues soared in a compressed period of time,” he says. He argues that porn’s shrinking middle class is largely due to the natural maturation of internet porn as a business. Basically, according to Shuster, when companies put beautiful naked people having sex online, it “rained a huge amount of money on the industry” and, ultimately, that growth was unsustainable.

Over the phone his voice never wavers as he discusses what he has named the dawn of the sexual singularity. Shuster believes that this convergence of virtual reality, through something like the Oculus Rift headset coupled with haptic touch sensors and more invasive penetrable/penetrative devices — known in the biz as “fucking machines” — represent an entirely new paradigm for porn, where physical barriers to sex, including meeting people, erode away. He expects it to arrive in the next four years. “It’s like no opportunity in the history of man,” he says enthusiastically. “For the majority of people, they’ll prefer to have sexual experiences be networked as opposed to being real.”

Like Gallop, Shuster approaches this frontier as not only a new business model but a seismic cultural shift. There’s been no shortage of buzz around this fringe technology, but when it comes to connected sex, hype tends to overshadow actual pleasure. Shuster is undeterred.

His vision is a hell of a lot for even a savvy internet-faring human to process. Without a hint of sarcasm, irony, or even doubt, he argues that “if governments allow it to happen properly, then borders don’t matter. You could fall in love with somebody living in a country that your country has a problem with. But still, we’re meeting each other’s friends and we aren’t limited by geographical boundaries.”

VR’s appeal to porn is simple. Strap on a few wires, turn a few knobs, and you’re a set of goggles away from engaging with your favorite star or fantasy from the comfort of your home. Best of all, the ability to pirate a real-time, real-world physical experience is virtually zero, at least for now. Industry observers like Alec Helmy, founder and publisher of adult trade magazine XBiz, sees Shuster’s work as “game-changing.” “I believe Brian stands alone and there’s really nobody else in terms of the complexity of what he’s doing to make a foray into the future,” he told me.

This language, at the very least, isn’t exactly new. Virtual sex — known in the industry as teledildonics — has long been billed as the savior of pornography as well as the future of sex. Twenty-five years ago, tech pundits boldly declared that “portable telediddlers” would be ubiquitous by 2010. That future never arrived. And even Shuster admits that it will probably take another decade for the physical sensation of teledildonics to be comparable to actual sex. Still, VR and teledildonics may be the best bet for porn to reclaim its technological dominance. Shuster calls it “the last major disruption in the adult space” and, as such, there’s a lot at stake, including cash.

“This time around, let’s not be stupid,” Shuster says, alluding to how the porn helped lay the foundation of the modern web, only to be forced out when it came of age. Shuster wants to develop and patent virtual reality tech and then license it over to mainstream media. “This is the merger of adult entertainment and sex and human relations,” he says. “We have to own it.”

The sexual singularity, from a casual internet user’s vantage point in 2015, feels about as probable as a three-way with your Roomba and Siri. And Gallop’s quest to socialize and turn hardcore sex bloopers into the next “Gangnam Style,” and eventually help to build the next Y Combinator for fucking machines, flies in the face of hundreds of years of good old-fashioned American repression. Searching for answers leaves only a series of frustrating, if not contradictory dilemmas.

If the smaller revenue plays — plugging Monster energy drinks during a hardcore sex scene, starting your own search engine — don’t seem like enough to keep porn’s bottom lines healthy in a free-content era, then VR and socialized sex seem too far-fetched to be feasible. But as the moonshooters Gallop and Shuster are quick to point out, the sexual singularity (or at least passably enjoyable and worth-paying-for and normal-to-use sexual services) in the next seven years doesn’t sound any less realistic than a description of an iPhone did in 2001.

There’s also opportunity. As I walked around the XBiz conference last January, I saw little flash or excess or even any shocking, sexy booths to speak of. Save for a few Fleshlight and Ashley Madison advertisements, it was hard to distinguish the second floor of the Andaz hotel from your average trade show. Eavesdropping on conversations yielded reserved banter about CPMs and purchasing affiliate traffic. Porn’s uncertain, technology-driven, piracy-laden years have, in a weird way, forced the industry to grow up, creating the conditions for the Rowntrees, Vains, Gallops, and Shusters of the world to make their mark on the business.

“It’s work. It’s a job,” one conference attendee tells me outside the smokers’ lounge that overlooks the Sunset Strip amid a sea of custom-made golf shirts and cell phone holsters. He sighs. “No more crazy parties,” he says. “Now you have to develop business plans. It’s not as exciting, but it’s better for the industry that we’re not resting on our laurels. People want quality and are tired of just seeing the same girl getting railed again and again.”
http://www.buzzfeed.com/charliewarze...trepreneurs-tr





India Replaces China as Next Big Frontier for U.S. Tech Companies
Vindu Goel

American technology companies desperately want to win over people like Rakesh Padachuri and his family.

Mr. Padachuri, who runs a construction business in this city, the center of India’s technology industry, uses his smartphone to reserve movie seats through BookMyShow and to order pizzas from Domino’s. His wife, Vasavi, orders clothes from Myntra and Amazon.com, and downloads videos and games from YouTube and the Google Play store to entertain their 4-year-old daughter. His sister-in-law, Sonika, enjoys posting selfies on Facebook and follows the YouTube musings of Lilly Singh, an Indo-Canadian comedian.

They all stay in touch via a group chat they have set up on WhatsApp, a free messaging service owned by Facebook. “There’s no need to call each other,” Mr. Padachuri said during a visit last month at his family’s home, which is next to a Best Western hotel. There’s barely a need to leave the house — groceries, a birthday cake, even a hairdresser can be summoned via an app.

The Padachuri family’s love of technology helps explain why India and its 1.25 billion residents have become the hottest growth opportunity — the new China — for American Internet companies. Blocked from China itself or frustrated by the onerous demands of its government, companies like Facebook, Google and Twitter, as well as start-ups and investors, see India as the next best thing.

“They are looking at India, and they are thinking, ‘Five years ago, it was China, and I probably missed the boat there. Now I have a chance to actually do this,’” said Punit Soni, a former Google executive who was lured back to India recently to become the chief product officer of Flipkart, a Bangalore e-commerce start-up similar to Amazon.

The increasing appeal of India, now the world’s fastest growing major economy, was underscored in recent days.

During a meeting in Seattle on Wednesday with American technology executives, China’s president, Xi Jinping, was unwavering on his government’s tough Internet policies.

India’s prime minister, Narendra Modi, on the other hand, was on a charm offensive during his own American tour.

After a stop in New York City, he headed to Silicon Valley, where he visited Tesla and attended a dinner with tech chieftains like Satya Nadella of Microsoft and Sundar Pichai of Google.

On Sunday, Mr. Modi will join a town hall discussion with Mark Zuckerberg, Facebook’s chief executive. He also plans to drop by Google and Stanford University, mingle with start-up entrepreneurs and address a sold-out arena of 18,000 people, mostly Indo-Americans, in San Jose, Calif.

On Monday, he will be back in New York to meet with President Obama.

The message to Silicon Valley from Mr. Modi, who tweets and posts regularly on Facebook: Help India become an Internet powerhouse.

Two years ago, India’s rise as a digital nation was hard to imagine. Internet penetration was modest, mobile phone networks were glacially slow, and smartphones were a blip in a sea of basic phones.

Since 2013, however, the number of smartphone users in India has ballooned and will reach 168 million this year, the research firm eMarketer predicts, with 277 million Internet users in India expected over all.

India already conducts more mobile searches on Google than any country besides the United States. Yet “we are barely scratching the surface of availability of Internet to the masses,” said Amit Singhal, Google’s senior vice president in charge of search, who emigrated from India to the United States 25 years ago.

Indians have long loved to connect with each other online, accounting for much of the growth of early social networks like Friendster. So it’s not surprising that Facebook already has 132 million Indian users on its social network, trailing only the United States.

But Facebook’s presence in India runs even deeper. WhatsApp, the messaging service that Facebook bought last year for nearly $22 billion, has become the most popular app in the country, offering free texting and free phone calls in a place where many people earn just a few dollars a day. Facebook’s Messenger app is No. 2, according to the analytics firm App Annie.

And that only touches on Facebook’s ambitions in India. “We need to focus on the billion people who are not connected,” said Kevin D’Souza, head of growth and mobile partnerships for Facebook India.

To reach those people, Facebook is offering basic versions of its service that work on simple phones and slow networks. Under an umbrella initiative called Internet.org, Facebook is also working with a local cellphone operator to offer a package of free services, including news, job listings and text-only versions of Messenger and its social network aimed at those who can’t afford a data plan.

India still poses many challenges. Internet.org has come under fire from regulators and activists who are concerned that Facebook is favoring its own services. And despite Mr. Modi’s outreach, government agencies are trying to censor content they consider unfavorable or offensive. Last year, Facebook received 10,792 requests from the Indian government to remove information, far more than from any other country.

Making money is also difficult in India, where the amount spent on digital advertising is expected to total about $940 million this year, according to eMarketer — a fraction of the $58 billion that is expected to be spent in the United States.

While revenue is tiny so far, Internet companies say they are playing the long game, focusing on getting more people online now and profiting later.

Google, for example, wants 500 million Indians online by 2017. Most of these newcomers will be using phones powered by Google’s Android operating system, which accounts for most of the Indian smartphone market. That will let Google expose these users to its other services, like search and YouTube, as well as plenty of ads.

“We’ve always believed that what’s good for the Internet is good for Google,” Sandeep Menon, Google’s head of marketing in India, said in an interview at the company’s offices in Gurgaon, outside New Delhi.

The effort to get more Indians online, however, has forced tech companies to re-examine some fundamental assumptions.

Only one in six Indians know enough English to surf the web in the language. But there are few web pages in Hindi or India’s 21 other official languages. “There are more web pages in Estonian than in Hindi,” Mr. Menon said.

Google, Facebook and Twitter have all added support for more Indian languages and are prodding developers and users to create more local-language content.

To deal with India’s poor mobile data connections, which can run at a hundredth of the speed that Americans expect, Google is compressing web pages on its servers so that they use 80 percent less data and load four times as fast.

Similarly, Indians can download YouTube videos while they have a high-speed connection, such as Wi-Fi at school or work, and save them to watch later when they are offline.

Of course, none of this matters to those who have never used the Internet. To reach them, Google has formed a partnership with Intel and a local charity to send female tutors, who travel by bicycle, to thousands of villages to teach rural women about the Internet. So far, 200 bikes equipped with solar-powered tablets and smartphones are on the road, and Google hopes to increase that number to 10,000.

The immaturity of India’s Internet market allows companies like Twitter, which has just 20 million users in the country, to treat it as a laboratory.

“If you are starting from a clean slate, what should Twitter look like?” asked Valerie Wagoner, Twitter’s senior director for growth, who joined Twitter after it acquired her India-based start-up, ZipDial.

Hundreds of millions of Indians still use basic phones that cannot run apps, but they can receive text messages free. Using technology pioneered by ZipDial, Twitter allows people to view the tweets of cricket stars, politicians or brands by calling a special phone number, then immediately hanging up. The subsequent tweets are delivered as texts. In March, Twitter joined with the government to allow anyone with a cellphone that is capable of receiving texts to get tweets from Mr. Modi and a dozen other officials and ministries this way.

Last month, Twitter began testing a new idea in India — a tab of tweets made up entirely of news stories. The idea is to reposition Twitter as a real-time news service, instead of a collection of random items from random accounts.

Twitter hopes such experiments will help it figure out how to educate newcomers globally about the value of its service, said Amiya Pathak, co-founder of ZipDial and a director of product management at Twitter.

“This is a market where we can do tests,” said Mr. Pathak. “Prove it out in India first, and as you prove it out, take it to other markets.”
http://www.nytimes.com/2015/09/28/te...companies.html





Smaller, Faster, Cheaper, Over: The Future of Computer Chips
John Markoff

At the inaugural International Solid-State Circuits Conference held on the campus of the University of Pennsylvania in Philadelphia in 1960, a young computer engineer named Douglas Engelbart introduced the electronics industry to the remarkably simple but groundbreaking concept of “scaling.”

Dr. Engelbart, who would later help develop the computer mouse and other personal computing technologies, theorized that as electronic circuits were made smaller, their components would get faster, require less power and become cheaper to produce — all at an accelerating pace.

Sitting in the audience that day was Gordon Moore, who went on to help found the Intel Corporation, the world’s largest chip maker. In 1965, Dr. Moore quantified the scaling principle and laid out what would have the impact of a computer-age Magna Carta. He predicted that the number of transistors that could be etched on a chip would double annually for at least a decade, leading to astronomical increases in computer power.

His prediction appeared in Electronics magazine in April 1965 and was later called Moore’s Law. It was never a law of physics, but rather an observation about the economics of a young industry that ended up holding true for a half-century.

One transistor, about as wide as a cotton fiber, cost roughly $8 in today’s dollars in the early 1960s; Intel was founded in 1968. Today, billions of transistors can be squeezed onto a chip the size of a fingernail, and transistor costs have fallen to a tiny fraction of a cent.

That improvement — the simple premise that computer chips would do more and more and cost less and less — helped Silicon Valley bring startling advances to the world, from the personal computer to the smartphone to the vast network of interconnected computers that power the Internet.

In recent years, however, the acceleration predicted by Moore’s Law has slipped. Chip speeds stopped increasing almost a decade ago, the time between new generations is stretching out, and the cost of individual transistors has plateaued.

Technologists now believe that new generations of chips will come more slowly, perhaps every two and a half to three years. And by the middle of the next decade, they fear, there could be a reckoning, when the laws of physics dictate that transistors, by then composed of just a handful of molecules, will not function reliably. Then Moore’s Law will come to an end, unless a new technological breakthrough occurs.

To put the condition of Moore’s Law in anthropomorphic terms, “It’s graying, it’s aging,” said Henry Samueli, chief technology officer for Broadcom, a maker of communications chips. “It’s not dead, but you’re going to have to sign Moore’s Law up for AARP.”

In 1995, Dr. Moore revised the doubling rate to two-year intervals. Still, he remains impressed by the longevity of his forecast: “The original prediction was to look at 10 years, which I thought was a stretch,” he said recently at a San Francisco event held to commemorate the 50th anniversary of Moore’s Law.

But the ominous question is what will happen if that magic combination of improving speeds, collapsing electricity demand and lower prices cannot be sustained.

The impact will be felt far beyond the computer industry, said Robert P. Colwell, a former Intel electrical engineer who helped lead the design of the Pentium microprocessor when he worked as a computer architect at the chip maker from 1990 to 2000.

“Look at automobiles, for example,” Dr. Colwell said. “What has driven their innovations over the past 30 years? Moore’s Law.” Most automotive industry innovations in engine controllers, antilock brakes, navigation, entertainment and security systems have come from increasingly low-cost semiconductors, he said.

These fears run contrary to the central narrative of an eternally youthful Silicon Valley. For more than three decades the industry has argued that computing will get faster, achieve higher capacity and become cheaper at an accelerating rate. It has been described both as “Internet time” and even as the Singularity, a point at which computing power surpasses human intelligence, an assertion that is held with near religious conviction among many in Silicon Valley.

When you’re thinking that big, bumping into the limits of physics could be a most humbling experience.

“I think the most fundamental issue is that we are way past the point in the evolution of computers where people auto-buy the next latest and greatest computer chip, with full confidence that it would be better than what they’ve got,” Dr. Colwell said.

Chips are made from metal wires and semiconductor-based transistors — tiny electronic switches that control the flow of electricity. The most advanced transistors and wires are smaller than the wavelength of light, and the most advanced electronic switches are smaller than a biological virus.

Chips are produced in a manufacturing process called photolithography. Since it was invented in the late 1950s, photolithography has constantly evolved. Today, ultraviolet laser light is projected through glass plates that are coated with a portion of a circuit pattern expressed in a metal mask that looks like a street map.

Each map makes it possible to illuminate a pattern on the surface of the chip in order to deposit or etch away metal and semiconducting materials, leaving an ultrathin sandwich of wires, transistors and other components.

The masks are used to expose hundreds of exact copies of each chip, which are in turn laid out on polished wafers of silicon about a foot in diameter.

Machines called steppers, which currently cost about $50 million each, move the mask across the wafer, repeatedly exposing each circuit pattern to the surface of the wafer, alternately depositing and etching away metal and semiconducting components.

A finished computer chip may require as many as 50 exposure steps, and the mask must be aligned with astonishing accuracy. Each step raises the possibility of infinitesimally small errors.

“I’ve worked on many parts of the semiconductor process,” said Alan R. Stivers, a physicist whose career at Intel began in 1979 and who helped introduce a dozen new semiconductor generations before retiring in 2007. “By far, lithography is the hardest.”

To build devices that are smaller than the wavelength of light, chip makers have added a range of tricks like “immersion” lithography, which uses water to bend light waves sharply and enhance resolution. They also have used a technique called “multiple pattern” lithography, which employs separate mask steps to sharpen the edges and further thin the metal wires and other chip components.

As the size of components and wires have shrunk to just a handful of molecules, engineers have turned to computer simulations that require tremendous computational power. “You are playing tricks on the physics,” said Walden C. Rhines, chief executive of Mentor Graphics, a Wilsonville, Ore., design automation software firm.

If that scaling first described by Dr. Engelbart ends, how can big chip companies avoid the Moore’s Law endgame? For one, they could turn to software or new chip designs that extract more computing power from the same number of transistors.

And there is hope that the same creativity that has extended Moore’s Law for so long could keep chip technology advancing.

If silicon is, in the words of David M. Brooks, a Harvard University computer scientist, “the canvas we paint on,” engineers can do more than just shrink the canvas.

Silicon could also give way to exotic materials for making faster and smaller transistors and new kinds of memory storage as well as optical rather than electronic communications links, said Alex Lidow, a physicist who is chief executive of Efficient Power Conversion Corporation, a maker of special-purpose chips in El Segundo, Calif.

There are a number of breakthrough candidates, like quantum computing, which — if it became practical — could vastly speed processing time, and spintronics, which in the far future could move computing to atomic-scale components.

Recently, there has been optimism in a new manufacturing technique, known as extreme ultraviolet, or EUV, lithography. If it works, EUV, which provides light waves roughly a tenth the length of the shortest of the light waves that make up the visible spectrum, will permit even smaller wires and features, while at the same time simplifying the chip-making process.

But the technology still has not been proved in commercial production.

Earlier this year ASML, a Dutch stepper manufacturer partly owned by Intel, said it had received a large order for EUV steppers from a United States customer that most people in the industry believe to be Intel. That could mean Intel has a jump on the rest of the chip-making industry.

Intel executives, unlike major competitors such as Samsung and Taiwan Semiconductor Manufacturing Company, or TSMC, insist the company will be able to continue to make ever-cheaper chips for the foreseeable future. And they dispute the notion that the price of transistors has reached a plateau.

Yet while Intel remains confident that it can continue to resist the changing reality of the rest of the industry, it has not been able to entirely defy physics.

“Intel doesn’t know what to do about the impending end of Moore’s Law,” said Dr. Colwell.

In July, Intel said it would push back the introduction of 10-nanometer technology (a human hair, by comparison, is about 75,000 nanometers wide) to 2017. The delay is a break with the company’s tradition of introducing a generation of chips with smaller wires and transistors one year, followed by adding new design features the next.

“The last two technology transitions have signaled that our cadence is closer to two and a half years than two years,” Brian Krzanich, Intel’s chief executive, said in a conference call with analysts.

The glass-is-half-full view of these problems is that the slowdown in chip development will lead to more competition and creativity. Many semiconductor makers do not have the state-of-the-art factories now being designed by four chip manufacturers, GlobalFoundries, Intel, Samsung and TSMC.

The delays might allow the trailing chip makers to compete in markets that don’t require the most bleeding-edge performance, said David B. Yoffie, a professor at Harvard Business School.

And even if shrinking transistor size doesn’t make chips faster and cheaper, it will lower the power they require.

Ultra-low-power computer chips that will begin to appear at the end of this decade will in some cases not even require batteries — they will be powered by solar energy, vibration, radio waves or even sweat. Many of them will be sophisticated new kinds of sensors, wirelessly woven into centralized computing systems in the computing cloud.

What products might those chips lead to? No one knows yet, but product designers will be forced to think differently about what they’re building, rather than play a waiting game for chips to get more powerful. Thanks to Moore’s Law, computers have gotten smaller and smaller but have essentially followed the same concept of chips, hardware and software in a closed box.

“In the past, designers were lazy,” said Tony Fadell, an electrical engineer who headed the team that designed the original iPod, and led the hardware design of the iPhone before founding Nest Labs, a maker of smart home devices like thermostats and smoke alarms.

Carver Mead, the physicist who actually coined the term Moore’s Law, agrees. “We’ve basically had a free ride,” he said. “It’s really nuts, but that’s what paid off.”

Indeed, a graying Moore’s Law could be alive and well for at least another decade. And if it is not, humans will just have to get more creative.
http://www.nytimes.com/2015/09/27/te...ter-chips.html





Cogent CEO: Interconnection Congestion Has Magically Disappeared
Karl Bode

A year ago, companies like Cogent and Level3 claimed AT&T, Verizon and Comcast were letting peering points saturate to kill settlement free peering and extract new direct interconnection tolls from the likes of Netflix. You probably experienced this kerfuffle as a Netflix slowdown. But after the FCC voted to approve new net neutrality rules and Cogent and Level 3 hinted they'd use the new rules to file complaints about this behavior, everybody is just getting along famously.

Cogent recently proclaimed companies like Comcast are added capacity wherever needed, and Cogent CEO Dave Schaeffer this week stated that the FCC's net neutrality rules have resulted in all of the previously-problematic congestion magically disappearing.

"The adoption of the Open Internet order and Title II jurisdictional authority were mirrored in the EU and on June 30 the European Commission adopted a set of regulations that were passed by the parliament and the council," Schaeffer said. "As a result of that we have seen significant port augmentations."

According to Schaeffer, its connections with AT&T and Verizon "are nearly congestion free and will be completely congestion free sometime in the fourth quarter." The CEO notes he continues to have successful negotiations with other ISPs as well.

"We are in active negotiations with Time Warner Cable and CenturyLink and we believe we will get deals done based on the threat of litigation under the current regulatory rules," Schaeffer said.

That's fairly impressive for net neutrality rules most of these companies claimed would destroy the Internet.
https://www.dslreports.com/shownews/...ppeared-135287





The Cost of Mobile Ads on 50 News Websites
Gregor Aisch, Wilson Andrews and Josh Keller

Ad blockers, which Apple first allowed on the iPhone in September, promise to conserve data and make websites load faster. But how much of your mobile data comes from advertising? We measured the mix of advertising and editorial on the mobile home pages of the top 50 news websites – including ours – and found that more than half of all data came from ads and other content filtered by ad blockers. Not all of the news websites were equal.

The amount of data each website uses can vary. To get these figures, we loaded each home page on an iPhone 6 at least five times over two days and repeated the test with an ad blocker enabled.

The difference was easy to spot: many websites loaded faster and felt easier to use. Data is also expensive. We estimated that on an average American cell data plan, each megabyte downloaded over a cell network costs about a penny. Visiting the home page of Boston.com every day for a month would cost the equivalent of about $9.50 in data usage just for the ads.

Of course, news websites are supported by online ads, and if enough people block the ads the sites may struggle. Ad blockers can also have technical downsides, sometimes causing websites to load erratically. In one of our tests, one website crashed repeatedly when an ad blocker was turned on.
http://www.nytimes.com/interactive/2...obile-ads.html





Apple Gives iFixit App the Boot
Bob Brown

Apple might be spiting itself by giving the iFixit app the boot from its App Store this week.

iFixit, if you don't know, is a really great site for hands-on people who dare to dive into the innards of their iPhones, tablets and other gear in order to fix them, tweak them or just because they're curious. In fact, the company even issued a manifesto to encourage people to fix their own stuff and prevent so many electronics from filling up landfills. We and other media outlets regularly cover the company's "teardowns" of products from Apple, Google and others.

iFixit provides a ton of free repair manual content, and helps pay for its services by selling tools and parts.

Overall, I find iFixit's reviews of the fixability of Apple and other products to be quite fair, though I'm sure Apple didn't love it when iFixit came up with a workaround for the tricky screws Apple uses in some products to keep customers from opening them up.

Neither apparently was Apple enamored of iFixit's recent teardown of the Apple TV and Siri remote. As iFixit's Kyle Wiens writes in a blog post this week:

The developer unit we disassembled was sent to us by Apple. Evidently, they didn’t intend for us to take it apart. But we’re a teardown and repair company; teardowns are in our DNA—and nothing makes us happier than figuring out what makes these gadgets tick. We weighed the risks, blithely tossed those risks over our shoulder, and tore down the Apple TV anyway.

A few days later, we got an email from Apple informing us that we violated their terms and conditions—and the offending developer account had been banned. Unfortunately, iFixit’s app was tied to that same account, so Apple pulled the app as well. Their justification was that we had taken “actions that may hinder the performance or intended use of the App Store, B2B Program, or the Program.”


Wiens goes on to explain that iFixit has been bolstering its mobile website, so redoing its Apple app isn't a priority right now. But for those of you with Android or Windows devices, iFixit Repair Manual apps are still at your disposal...
http://www.networkworld.com/article/...-the-boot.html





Drop-Dead Simple Exploit Completely Bypasses Mac’s Malware Gatekeeper

A key limitation makes it trivial for attackers to skirt Gatekeeper protections.
Dan Goodin

Since its introduction in 2012, an OS X feature known as Gatekeeper has gone a long way to protecting the Macs of security novices and experts alike. Not only does it help neutralize social engineering attacks that trick less experienced users into installing trojans, code-signing requirements ensure even seasoned users that an installer app hasn't been maliciously modified as it was downloaded over an unencrypted connection.

Now, a security researcher has found a drop-dead simple technique that completely bypasses Gatekeeper, even when the protection is set to its strictest setting. The hack uses a binary file already trusted by Apple to pass through Gatekeeper. Once the Apple-trusted file is on the other side, it executes one or more malicious files that are included in the same folder. The bundled files can install a variety of nefarious programs, including password loggers, apps that capture audio and video, and botnet software.

Patrick Wardle, director of research of security firm Synack, said the bypass stems from a key shortcoming in the design of Gatekeeper rather than a defect in the way it operates. Gatekeeper's sole function is to check the digital certificate of a downloaded app before it's installed to see if it's signed by an Apple-recognized developer or originated from the official Apple App Store. It was never set up to prevent apps already trusted by OS X from running in unintended or malicious ways, as the proof-of-concept exploit he developed does.

"If the application is valid—so it was signed by a developer ID or was (downloaded) from the Mac App Store—Gatekeeper basically says 'OK, I'm going to let this run,' and then Gatekeeper essentially exits," Wardle told Ars. "It doesn't monitor what that application is doing. If that application turns around and either loads or executes other content from the same directory... Gatekeeper does not examine those files."

Putting it into practice

Wardle has found a widely available binary that's already signed by Apple. Once executed, the file runs a separate app located in the same folder as the first one. At the request of Apple officials, he and Ars have agreed to withhold the names of the two files, and instead will refer to them only as Binary A and Binary B. His exploit works by renaming Binary A but otherwise making no other changes to it. He then packages it inside an Apple disk image. Because the renamed Binary A is a known file signed by Apple, it will immediately be approved by Gatekeeper and be executed by OS X.

From there, Binary A will look for Binary B located in the same folder, which in this case is the downloaded disk image. Since Gatekeeper checks only the original file an end user clicks on, Wardle's exploit swaps out the legitimate Binary B with a malicious one and bundles it in the same disk image under the same file name. Binary B needs no digital certificate to run, so it can install anything the attacker wants.

Wardle said there are similar ways to bypass Gatekeeper. One alternate method involves renaming an installer for an app such as Photoshop and bundling it with booby-trapped plugins that the app automatically opens. Because Gatekeeper will only check the first installer app, it won't warn users of the malicious plugins. Such an attack lacks practicality, however, since most end users would suspect something is amiss if the file they just downloaded installed Photoshop.

The Gatekeeper bypass could conceivably be exploited both by opportunistic criminals pushing banking trojans or similar crimeware lookalikes or state-sponsored hackers who inject malicious code into unencrypted downloads. Once an Apple-signed binary is discovered, it would require only a handful of extra lines of code to fold the bypass into an existing exploit. From then on, the exploit would be completely free of Gatekeeper intervention. Wardle said he suspects there are other Apple-trusted binaries besides the one he discovered that will also allow attackers to bypass Gatekeeper.

Help on the way

The researcher said he privately alerted Apple officials to his discovery more than 60 days ago and believes they are working on a way to fix the underlying cause or at least lessen the damage it can do to end users. An Apple spokesman confirmed that company developers are working on a patch. Wardle plans to present his findings on Thursday at the Virus Bulletin Conference in Prague, Czech Republic.

"If I can find it, you have to assume groups of hackers or more sophisticated nation states have found similar weaknesses," he said. "I'm sure there are other Apple-signed apps out there" that can also be abused to bypass Gatekeeper.
http://arstechnica.com/security/2015...re-gatekeeper/





New Stagefright Bugs Leave More Than 1 Billion Android Users Vulnerable
Lorenzo Franceschi-Bicchierai

In July, a security researcher revealed that Android phones could be hacked with a simple text, thanks to a series of bugs in the Android operating system that are now commonly known as Stagefright.

On Thursday, the same security researcher warned that two new Stagefright bugs can allow hackers to break into your phone by tricking you into visiting a website containing a malicious multimedia file, either mp3 or mp4. These two new bugs were also found in the Android media playback engine called Stagefright, just like the first series of bugs disclosed in late July.

Joshua Drake, a researcher at Zimperium zLabs, and also author of the Android’s Hacker Handbook, found that one vulnerability affects “almost every Android device” since the first version of the operating system, released in 2008. The second vulnerability allows hackers to trigger the first, even in newer version of Android, such as 5.0 and above.

Researchers at Zimperium zLabs estimate that at least 950 million Android users, and likely more are vulnerable to these these bugs. Zuk Avraham, the company’s founder and Chief Technology Officer, said that it’s likely that 1.4 billion people are affected.

“I cannot tell you that all of the phones are vulnerable, but most of them are,” he told Motherboard in a phone call.

Drake put it more bluntly: “All Android devices without the yet-to-be-released patch contain this latent issue,” he told Motherboard in an email.

To take advantage of these bugs, a hacker can trick a potential victim into opening a website where he has planted a malicious mp3 audio file, or a malicious mp4 video file, or by tricking the victim to open them in a third party application, say a multimedia player, that depends on the vulnerable Android libraries.

“Merely previewing the song or video would trigger the issue,” Drake wrote in a blog post.

A more remote possibility is if the hacker is on the same network as the victim (say, they’re both connected to the coffee shop’s Wi-Fi). In that case, Drake explained, the hacker can inject the exploit code intercepting the victim’s unencrypted network traffic. In this case, the hacker doesn’t need the victim to click on links or open any files. Zimperium is not releasing the full technical details to exploit these vulnerabilities yet.

A Google spokesperson said that a patch for these new vulnerabilities will be rolled out to users of its Nexus phones on October 5. The internet giant also shared the patch privately to partners on Sept ember 10, and is working with manufacturers and carriers “to deliver updates as soon as possible.”

We have reached out to Samsung, HTC, Sony, Motorola, Lenovo, LG, and Huawei to know when they plan to push out patches for these new Stagefright bugs.

A Motorola spokesperson said that the company will “address” these bugs, and other security issues already patched by Google “with our upcoming Android M upgrades, and with maintenance releases for certain devices not getting Android M.” The spokesperson did not specify a date, but said more details on this will come out “soon.”

The other companies have yet to respond to our request for comment, but we will update this story when they do.

Stagefright, more than any other bug before it, exposed Android’s faulty update strategy, as most manufacturers needed several weeks, if not months, to patch the first Stagefright bug.

In the wake of the first series of Stagefright bugs, Google and several phone manufacturers pledged to release security updates more frequently. But before that, Android users with non-Nexus phones were at the whims of their manufacturers and carriers, who often stopped offering updates, or pushed even critical security patches months after the vulnerabilities were published.

Just an aside here: That’s the main reason I wrote a rant about abandoning Android and jumping ship to the iPhone.

Again, if you care about security, perhaps you should think about switching to another operating system. But if you want to stay with Android, the Nexus phones get quick patches from Google. Another option is the little-know, privacy-minded, Black Phone, which is manufactured by Silent Circle. The Black Phone patched the first batch of Stagefright bugs even before Zimperium zLabs revealed them publicly. (Silent Circle did not respond to my request for comment related to these new bugs.)

Drake wrote that Zimperium notified Google of these bugs on August 15. But the Stagefright nightmare might not be over yet. A couple of weeks ago, Drake tweeted that he had reported another 8 bugs to Google.

I reported 10 more Stagefright bugs a month ago and so far no word about any rewards :-/
Joshua J. Drake September 17, 2015


Drake told Motherboard that some of those bugs, some with “critical severity” and some with “low severity,” are currently going through the disclosure process. Some, however, were duplicates that Google security engineers had already found.

Avraham said he could not talk about these other bugs just yet, and that they are now disclosing only “the most dangerous ones.” But he also added that this “doesn’t necessarily mean that there aren’t more vulnerabilities” in Android’s Stagefright engine that no one has found yet.

“It’s likely that there are more,” he said.
http://motherboard.vice.com/read/new...ers-vulnerable





500 Million Users at Risk of Compromise Via Unpatched WinRAR Bug
Zeljka Zorz

A critical vulnerability has been found in the latest version of WinRAR, the popular file archiver and compressor utility for Windows, and can be exploited by remote attackers to compromise a machine on which the software is installed.

"The issue is located in the 'Text and Icon' function of the 'Text to display in SFX window' module," Vulnerability Lab explained in a post on on the Full Disclosure mailing list. "Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise."

The flaw is critical, as exploitation requires low user interaction without privilege system or restricted user accounts. Victims only have to open a booby-trapped file, which can be delivered easily via email, and the attack is executed successfully: the system is compromised.

Vulnerability Lab researcher Mohammad Reza Espargham, who discovered the flaw, also created and published a PoC exploit for it. You can see it in action here:

The bug affects only the latest version of WinRAR, v5.21. It has been publicly disclosed on Monday, and its unclear if WinRAR developers were informed about it before that.

As far as I can tell from the release notes of the various beta versions of WinRAR v5.30 released since February, there is no mention of this bug being fixed.

Malwarebytes researcher Pieter Arntz confirmed that the PoC exploit works (with minor tweaks). He advises users to be careful when handling uninvited compressed SFX files, and to update the software as soon as an update that plugs the hole is available.
http://www.net-security.org/secworld.php?id=18914





FBI and DEA Under Review for Use of NSA Mass Surveillance Data
Patrick Howell O'Neill

The Justice Department is investigating the FBI’s use of information taken directly from mass surveillance conducted by the National Security Agency (NSA)’s collection of telephone metadata.

The yield of that NSA spying program was described by a judge as a “staggering” amount of data when the agency's ability to collect it was struck down as illegal in court earlier this year. The program was resumed in June and will run until at least December.

Another ongoing Justice Department investigation is examining the Drug Enforcement Administration (DEA)'s use of “parallel construction."

Parallel construction is a controversial investigative technique that takes information gained from sources like the NSA's mass surveillance, covers up or lies about the sources, and then utilizes them in criminal investigations inside the United States. The information was passed to other federal agencies like the Internal Revenue Service (IRS).

The technique was described as “decades old, a bedrock concept” by a DEA official.

Critics at the Electronic Frontier Foundation (EFF) described the technique as "intelligence laundering" designed to cover up "deception and dishonesty" that ran contrary to the original intent of post-9/11 surveillance laws.

Both the FBI and DEA, which operate under the jurisdiction of the Justice Department, are under review by the department’s Office of Inspector General (OIG). The details of the NSA’s mass metadata collection program were first publicly revealed in 2013 by contractor Edward Snowden. The DEA’s use of parallel construction was revealed by Reuters a few months later.

The OIG is charged with identifying and investigating fraud, waste, abuse, and mismanagement. Although OIG reports cannot on their own force change, detailed information is always shared with Congress and often the public which can lead to the investigated party agreeing to the suggested changes and conclusions from the OIG or other entities.

The NSA sent daily metadata reports to the FBI from at least 2006 to 2011, according to the director of national intelligence.

The ongoing review will examine how the FBI processed the NSA’s information, how much information was passed along, and the results of the initiated investigations.

The NSA’s mass collection of telephone metadata was thought to be authorized under Section 215 of the Patriot Act. Both the George W. Bush and Barack Obama administrations argued for and renewed authorization until the program expired in Congress earlier this year.

The Justice Department’s Office of Inspector General is also investigating the FBI’s use of Patroit Act Section 215 from 2012 to 2014 that allowed it to obtain “any tangible thing” from any business or entity as part of investigations against international terrorism or spying.

A previous investigation revealed that every single Section 215 application submitted by the FBI to the secretive Foreign Intelligence Surveillance Court (FISA) was approved.

That amount data collected was a “staggering” amount of information, Judge Gerard E. Lynch wrote in his decision. “Such expansive development of government repositories of formerly private records would be an unprecedented contraction of the privacy expectations of all Americans.”
http://www.dailydot.com/politics/nsa...owden-doj-oig/





The Big Secret That Makes the FBI’s Anti-Encryption Campaign a Big Lie
Jenna McLaughlin

To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy.

But that’s just not true.

In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it’s called hacking.

Hacking — just like kicking down a door and looking through someone’s stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant.

And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects’ devices. Doing so gives them the same access the suspects have to communications — before they’ve been encrypted, or after they’ve been unencrypted.

Government officials don’t like talking about it — quite possibly because hacking takes considerably more effort than simply asking a telecom provider for records. Robert Litt, general counsel to the Director of National Intelligence, recently referred to potential government hacking as a process of “slow uncertain one-offs.”

But they don’t deny it, either. Hacking is “an avenue to consider and discuss,” Amy Hess, the assistant executive director of the FBI’s Science and Technology branch, said at an encryption debate earlier this month.

The FBI “routinely identifies, evaluates, and tests potential exploits in the interest of cyber security,” bureau spokesperson Christopher Allen wrote in an email.

Hacking In Action

There are still only a few publicly known cases of government hacking, but they include examples of phishing, “watering hole” websites, and physical tampering.

Phishing involves an attacker masquerading as a trustworthy website or service and luring a victim with an email message asking the person to click on a link or update sensitive information.

When a high school student made repeated bomb threats in Lacey, Washington, in 2007 — disguising his identity by routing his web traffic through Italy — FBI agents launched a phishing attack using the bureau’s in-house malware by sending a link to a fake news article to his MySpace inbox. When he clicked, he unknowingly installed the malware, which revealed his identity.

This was controversial and received widespread media attention because of the FBI’s choice of a faked news article as their vector of attack. But it also told us two things about FBI hacking: that the FBI has been using that particular kind of malware attack since at least 2007, and that it took the public until 2014 to find out.

A watering hole attack infects a website with malware, so that anyone who visits it is also infected, potentially allowing the attackers to identify and control the visitor’s devices.

In 2013, as part of a child-porn investigation, the FBI seized a large number of web servers and installed malware that reveals personally identifying information of online visitors to several different popular websites, including an email provider. The sites were “Tor hidden service sites,” or sites that reroute web traffic around the globe to cloak their destination. The FBI snuck in a piece of code on every single website hosted by the Freedom Hosting service, directing information about hacked visitors back to a server in northern Virginia.

This watering hole attack landed a large number of people in the FBI’s trap, most of them innocent people who hadn’t committed any crimes. And the FBI never told them about it, because it never subpoenaed their identities — even though their computers had been compromised.

The earliest reported case of the FBI using physical tampering dates back all the way to 2001, when agents broke in and installed a system to record keystrokes on Nicodemo Scarfo Jr.’s computer as part of their investigation of the American Mafia.

Confidential informants tipped the FBI off to Scarfo, the son of notorious Philly mob boss “Little Nicky,” and his alleged gambling and extortion operations in New Jersey in 1999. The FBI obtained a search warrant to enter his office and look through his computer. When they found an encrypted folder on his desktop, they installed a keystroke logger in order to get his passkey — which turned out to be Little Nicky’s prison identification number.

The Products

As Wired first reported in 2007, the FBI has its own brand of malware called the Computer and IP Address Verifier (CIPAV), which can capture information about a machine including browser activity, IP address, operating system details, and other activity. The FBI, for instance, used CIPAV to discover the identity of the teen in Washington making bomb threats.

The Electronic Frontier Foundation obtained documents from the FBI in 2011 revealing more about CIPAV, or the “web bug,” as some agents describe it in internal emails. According to the documents, the FBI and other agencies have widely used the tool since 2001 in cities including Denver, El Paso, Honolulu, Philadelphia, Houston, Cincinnati, and Miami.

In fact, EFF noted at the time: “If the FBI already has endpoint surveillance-based tools for internet wiretapping, it casts serious doubt on law enforcement’s claims of ‘going dark.'”

The FBI also uses non-proprietary hacker tools.

Wired reported in 2014 that the FBI has turned to a popular hacker app called Metasploit, which publishes security flaws. In 2012, the FBI’s “Operation Torpedo” used the app to monitor users of the Tor network. Metasploit is a sort of one-stop shop for putting together hacking code, complete with fresh exploits and payloads. Metasploit revealed that the Flash plug-in connected to the Internet directly instead of opening the secretive Tor browser, and developed code that revealed a user’s real IP address. The FBI used a watering hole attack through child porn websites to install the code on users’ computers.

Federal and local agencies have also consulted with outside contractors, including the controversial Italian firm Hacking Team, to develop and deploy malicious code. The FBI asked Hacking Team in 2012 to help it monitor Tor users. Hacking Team then updated its “Remote Control System” malware to do that.

And as the Washington Post recently reported, an Obama administration working group exploring possible approaches tech companies might use to let law enforcement unlock encrypted communications came up with one that involves the targeted installation of malware — through automatic updates.

“Virtually all consumer devices include the capability to remotely download and install updates to their operating system and applications,” the task force wrote. Law enforcement would use a “lawful process” to force tech companies to “use their remote update capability to insert law enforcement software into a targeted device.” That malware would then “enable far-reaching access to and control of the targeted device.”

The Post did not report who came up with that idea, or whether it was already in use.

And little is known about how much access the agency has to the extensive hacking capabilities developed by other government agencies, especially the National Security Agency.

The NSA has a separate program, revealed by documents provided by whistleblower Edward Snowden, that aims to hack into computers on a massive scale — automating processes to help decide which attack method to use to get into millions of computers.

The NSA has safeguards on its programs ostensibly designed to protect against hacking into Americans’ computers, but it’s unclear how those protocols work in practice.

And the national security complex has invested in malware, or “offensive” cybersecurity, on a massive scale, according to a 2013 Reuters report, in order to infiltrate computer systems overseas. Most famously, the government developed the Stuxnet virus, which was deployed to disrupt Iran’s nuclear systems.

The Time a Judge Said No

All the known cases of the FBI implementing hacking techniques so far have dealt with obtaining information about the location of a device, what programs are running, and its owner — metadata, rather than actual content of messages.

Only once, at least in the public view, has the FBI plainly asked a judge to let it hack everything: photos, messages, emails, and more. And the FBI was told no.

In that case, a hacker infiltrated a Texas resident’s email and got his bank information. The hacker used anonymizing software that made it look like he was in Southeast Asia. The FBI applied for a warrant to search the computer in a number of extremely intrusive ways, including continuous monitoring for 30 days, surreptitiously taking pictures through the computer’s webcam, obtaining photographs and logs of Internet use, and more. The judge denied the FBI’s request because the agency didn’t know where the computer was, a violation of Rule 41 of the Federal Rules of Criminal Procedure, and because the request was not specific enough to satisfy the Fourth Amendment.

It’s unclear whether or not the FBI has ever succeeded in securing a warrant to hack in such an intrusive way. But it does demonstrate that the FBI has the ability, or at least the confidence, to try.

In other warrant requests to use what it calls “Network Investigative Techniques,” the FBI has listed things it wants to access, including the computer’s IP address or the computer’s time zone information, and finished off the list by asking for “other similar identifying information on the activating computer that may assist in identifying the computer, its location, other information about the computer, and the user of the computer may be accessed by the NIT.”

The FBI does not go into details about what this other information might be.

Better Than a Back Door

Although it would seem self-evident that law enforcement shouldn’t hack into someone’s computer without a warrant, the FBI has internally debated whether that’s true, according to Jonathan Mayer, a PhD candidate in computer science at Stanford University and author of a recent academic paper titled “Constitutional Malware.”

Mayer analyzed the few public examples of law enforcement hacking he was able to find, most of them from the FBI and DEA: five public court orders and four judicial opinions.

He also looked through declassified FBI documents and found that officials there have “theorized that the Fourth Amendment does not apply” when investigators “algorithmically constrain the information that they retrieve from a hacked device, ensuring they receive only data that is — in isolation — constitutionally unprotected,” such as a name. Sometimes the FBI deploys malware on a device in order to find out who it belongs to.

Mayer said that in internal emails, federal investigators argued that targeted hacking might not constitute a search, and hinted at past times when officials may have hacked without getting a warrant first.

“I believe that hacking can be a legitimate and effective law enforcement technique,” Mayer concluded in his paper. “But appropriate procedural protections are vital, and present practices leave much room for improvement.”

“The FBI is extremely close-mouthed” about how often they hack, Steven Bellovin, a computer science professor at Columbia, told The Intercept. In a lengthy paper Bellovin co-wrote with fellow scholars Matt Blaze, Sandy Clark, and Susan Landau, the authors write that, compared to say the “installation of global wiretapping capabilities in the infrastructure,” hacking is “significantly more difficult — more labor intensive, more expensive, and more logistically complex” — which makes it harder to conduct “against all members of a large population.” They consider that a good thing.

And they argue that hacking is a much better solution for law enforcement than weakening encryption with back doors. This way, they write, law enforcement is motivated to find holes in security, rather than mandating a new one that weakens an already imperfect security system.
https://theintercept.com/2015/09/28/hacking/





Carly Fiorina: I Supplied HP Servers for NSA Snooping
Sam Gustin

When former National Security Agency director Michael Hayden reached out to Carly Fiorina with an urgent request in the weeks after 9/11, the HP CEO responded swiftly.

Hayden needed computer servers—a lot of them, and quickly—as part of his effort to build what would become the most wide-ranging domestic surveillance program in US history.

“Carly, I need stuff and I need it now,” Hayden recalled telling Fiorina, according to a report published Monday by Yahoo News.

Fiorina, who had been named HP CEO in 1999 and is now running for president as a Republican, promptly redirected truckloads of HP servers that had been destined for retail stores into the custody of federal officials who took them to NSA headquarters in Fort Meade, Md.

The servers were needed for a massive new warrantless surveillance program codenamed “Stellar Wind” that had been approved by President George W. Bush.

Fiorina acknowledged providing the HP servers to the NSA during an interview with Michael Isikoff in which she defended the Bush administration’s warrantless surveillance programs and framed her collaboration with the NSA in patriotic terms.

“I felt it was my duty to help, and so we did,” Fiorina said. “They were ramping up a whole set of programs and needed a lot of data crunching capability to try and monitor a whole set of threats... What I knew at the time was our nation had been attacked.”

The Stellar Wind program was a precursor to other secret NSA surveillance efforts that would eventually include initiatives designed to collect the call records of millions of Americans, and monitor internet and data traffic at critical telecommunications infrastructure points, including, perhaps most notoriously, at the now-legendary Room 641A inside an AT&T facility at 611 Folsom Street in San Francisco.

Fiorina’s disclosure of her assistance to the NSA comes as she seeks to position herself among the GOP presidential hopefuls as an aggressive foreign policy hawk and strong advocate of robust counterterrorism programs.

Fiorina’s compliance with Hayden’s request for HP servers is but one episode in a long-running and close relationship between the GOP presidential hopeful and US intelligence agencies. In 2006, Hayden, who by then had become CIA director, appointed Fiorina, who was forced to resign as HP CEO in 2005, as chair of the CIA External Advisory Board.

In this capacity, “Fiorina walked the corridors of the CIA and other high offices of government, assembling recommendations for national-security policy and developing a close working relationship with some of the most powerful officials in the administration,” according to a recent National Review article by Jim Geraghty.

On her campaign website, Fiorina touts her “top-secret security clearance,” which she says has “given her intricate institutional knowledge of the challenges facing America ahead—and how to solve them.”

In the interview, Fiorina also vigorously defended the CIA’s controversial use of waterboarding during so-called “enhanced” interrogations, which she said helped “keep our nation safe” after 9/11.

“I believe that all of the evidence is very clear—that waterboarding was used in a very small handful of cases [and] was supervised by medical personnel in every one of those cases,” Fiorina told Yahoo News. “And I also believe that waterboarding was used when there was no other way to get information that was necessary.”

Fiorina’s endorsement of aggressive surveillance and interrogation tactics is just the latest in a series of hawkish statements that offer a glimpse of the kinds of national defense policies she might pursue if elected president. Earlier this month, Fiorina proposed a substantial increase in military spending—$500 billion over ten years by one estimate—and an upgrade of “every leg of the nuclear triad,” which consists of intercontinental ballistic missiles, submarine-launched ballistic missiles, and airborne bombers capable of delivering nuclear warheads.
http://motherboard.vice.com/read/car...r-nsa-snooping





State Department 'Planted' Anti-Wikileaks Questions For 60 Minutes Interview With Julian Assange
Mike Masnick

The latest batch of Hillary Clinton emails have been revealed, and Trevor Timm, the Executive Director of the Freedom of the Press Foundation, points us to a particularly interesting one, in which then State Department spokesperson PJ Crowley tells Clinton that the State Department has successfully "planted" questions for the show, 60 Minutes, to ask Assange.

Indeed, if you watch the interview, the reporter, Steve Kroft, regularly repeats State Department talking points -- often prefaced with the sort of weak journalistic hedging "there are people who believe..."

Of course, this is not the first time 60 Minutes has been seen to be extra deferential to the government. You may recall the program's infomercial for the NSA, done by a guy who immediately went to work for law enforcement week's later.

And, while Kroft seems to want to present the supposed legal case against Assange to Assange, it's worth remembering that five years later and the DOJ still has not charged Assange with any crime, though apparently the grand jury investigation is still ongoing.

It also seems noteworthy that Crowley resigned from the State Department just a few weeks after this email, right after he publicly criticized the treatment of Chelsea Manning, who was being held in solitary confinement for leaking the State Department's documents to Wikileaks. Crowley publicly said that such treatment was "ridiculous and counterproductive and stupid" -- and within days, he no longer had a job.

None of this is to say that 60 Minutes or any other journalism program shouldn't be asking tough questions of Julian Assange or anyone else they interview. Of course they should. But the very idea that the government is "planting" one-sided or misleading and biased questions with journalists, to pin on a guy they're trying (and failing) to charge with criminal activity for embarrassing those in power, certainly seems pretty sketchy. The media is supposed to be questioning those in power, not to be used as a tool by those in power to question those who are actually exposing corruption.
https://www.techdirt.com/articles/20...-assange.shtml





Angela Merkel Caught on Hot Mic Griping to Facebook CEO Over Anti-Immigrant Posts
Javier E. David

German Chancellor Angela Merkel was overheard confronting Facebook CEO Mark Zuckerberg over incendiary posts on the social network, Bloomberg reported on Sunday, amid complaints from her government about anti-immigrant posts in the midst of Europe's refugee crisis.

On the sidelines of a United Nations luncheon on Saturday, Merkel was caught on a hot mic pressing Zuckerberg about social media posts about the wave of Syrian refugees entering Germany, the publication reported.

The Facebook CEO was overheard responding that "we need to do some work" on curtailing anti-immigrant posts about the refugee crisis. "Are you working on this?" Merkel asked in English, to which Zuckerberg replied in the affirmative before the transmission was disrupted.

In recent weeks, hundreds of thousands of Syrian refugees have washed up on Europe's shores, seeking asylum from the raging civil war in their homeland. As Europe's largest economy, Germany has sheltered the majority of them, leading to widespread objections within the country.

Earlier this month, Facebook vowed to clean up what it deemed was racist content on the German version of its website. At the time, the social network said it would partner with a non profit group to oversee hate postings.

Yet any action from Facebook is likely to stoke concerns about free speech. In the past, the social network has come under suspicion for suppressing or deleting posts and groups that advocate unpopular beliefs.
http://www.cnbc.com/2015/09/27/angel...ant-posts.html





Treefinder Revokes Software License For Users In Immigrant-Friendly Nations
dotancohen

The author of bioinformatics software Treefinder is revoking the license to his software for researchers working in eight European countries because he says those countries allow too many immigrants to cross their borders, effective 1 October. The author states, "Immigration to my country harms me, it harms my family, it harms my people. Whoever invites or welcomes immigrants to Europe and Germany is my enemy."
http://tech.slashdot.org/story/15/09...iendly-nations

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

September 26th, September 19th, September 12th, September 5th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 05:09 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)