P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 25-12-19, 08:47 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - December 28th, ’19

Since 2002































December 28th, 2019




Not Even ‘Star Wars’ Can Save This Year’s Box Office
Brooks Barnes and Nicole Sperling

Cue the sad trombone: Movie ticket sales in the United States and Canada will total roughly $11.45 billion for the year, a 4 percent decrease from 2018.

That preliminary estimate, released by Comscore on Sunday, took into account the $175.5 million collected by “Star Wars: The Rise of Skywalker” (Disney) over the weekend. “Rise of Skywalker” got off to a soft start compared to “The Last Jedi,” which took in $220 million over its first few days in domestic theaters in 2017.

Hollywood’s 2019 lineup included one behemoth fantasy after another, including “Frozen II” (Disney), “The Lion King” (Disney), “Toy Story 4” (Disney), “Aladdin” (Disney), “Captain Marvel” (Disney) and “Avengers: Endgame” (Disney), which broke attendance records.

But moviegoers also rejected an astounding amount of what Hollywood served up.

Tom Hooper’s critically reviled “Cats” collapsed over the weekend, collecting $6.5 million at North American theaters after costing roughly $100 million to make, not including marketing expenses. At Hooper’s request, Universal sent theaters a version of “Cats” with slight special effects improvements over the weekend. Ticket buyers gave “Cats” a C-plus grade in CinemaScore exit polls.

Misfires from earlier in the year included “Dark Phoenix,” the latest in the threadbare “X-Men” series; Ang Lee’s ill-advised “Gemini Man,” starring Will Smith; “UglyDolls,” an animated clunker based on a toy line; and a pop-feminist reboot of “Charlie’s Angels,” with Kristen Stewart.

Nine movies from Warner Bros. stumbled out of the gate, including “The Goldfinch,” “The Kitchen,” “Shaft,” “Motherless Brooklyn” and “Richard Jewell,” which gave Clint Eastwood his worst opening weekend as a filmmaker in four decades.

“It’s hard to know if this is a secular, permanent phenomenon related to audience viewing habits or movie title-specific,” said David Gross, who runs Franchise Entertainment Research, a film consultancy.

The movie business is cyclical, and ending the year a few hundred million dollars behind 2018 is hardly a catastrophe — not when theaters are competing with a fast-growing array of streaming services. One of the most discussed films of the year, Martin Scorsese’s “The Irishman,” largely bypassed theaters, playing instead on Netflix. “The Irishman” and two other Netflix films, “Marriage Story” and “The Two Popes” were showered with Golden Globe nominations. Those three films are also seen as major Oscar contenders.

Just four percent down? At a time when the “Star Wars” franchise expanded into live-action television for the first time with “The Mandalorian” on Disney Plus?

“Hallelujah,” you can almost hear film executives saying.

Joe Drake, the chairman of the Lionsgate Motion Picture Group, said the competition for intellectual property and talent “is more heated than ever, but we doubled our box office this year and increased our market share.”

Lionsgate found success by deploying Keanu Reeves in “John Wick: Chapter 3 — Parabellum,” Gerard Butler in “Angel Has Fallen,” Tyler Perry in “A Madea Family Funeral” and a bevy of stars in “Knives Out.” (Seth Rogen and Charlize Theron couldn’t save the Lionsgate comedy “Long Shot” from living up to its title, however.)

To compete in theaters, non-franchise films have to be definitive — what Drake called “great stories well told that announce themselves.” “Knives Out,” starring Daniel Craig and Ana de Armas, did not bring anything particularly new — it’s an old-fashioned whodunit — but it was a perfectly executed example of the genre.

“We genuinely believe that there is a false narrative about midrange movies,” Drake said. “They are not going extinct.”

But if a movie has flaws, there is no longer a floor. No amount of marketing hocus-pocus could convince people that “The Sun Is Also a Star,” a middling romantic comedy starring Yara Shahidi (“grown-ish”), was worth the hassle and expense of trekking to a theater.

Every studio ended the year with a few hits, including Warner, which struck a cultural nerve with “Joker” ($1.1 billion worldwide). Jennifer Lopez and her savvy stripper friends (“Hustlers,” $157 million) propped up STX. “Rocketman” ($195 million) helped Paramount return to annual profitability for the first time in memory. Jordan Peele’s cerebral horror film “Us” ($255 million), Danny Boyle’s Beatles-oriented “Yesterday” ($151 million) and the “Fast and Furious” spinoff “Hobbs & Shaw” ($759 million) kept Universal competitive.

When all ticket sales are counted, Sony Pictures is expected to be the only studio — aside from Disney — to land two movies in the top 10. “Spider-Man: Far From Home,” riding on “Avengers” coattails, collected $391 million in North America and $1.13 billion worldwide. “Jumanji: The Next Level,” released on Dec. 13, is performing like “Jumanji: Welcome to the Jungle,” which earned $404 million at domestic theaters in 2017. Sony also struck gold with Quentin Tarantino’s “Once Upon a Time … in Hollywood” ($372 million worldwide).

“This year was dominated by major franchises, but we’ve also seen the hunger for original content,” said Shawn Robbins, chief analyst for BoxOffice.com, citing Tarantino’s comedic drama as an example.

Even so, calling the film business healthy would be a stretch.

The box office is increasingly divided into haves — franchises, mostly aging ones — and have-nots (everything else). Studios churned out a whopping 58 franchise films this year, which consumed 82 percent of the worldwide Hollywood box office, according to Gross’s film consultancy. Eighty-one non-franchise films got the scraps.

Some franchises declined sharply. “The Secret Life of Pets 2” was down 51 percent from its series predecessor. “Terminator: Dark Fate” fell 41 percent.

“Story lines need to move forward, and worlds need to expand,” Gross said. “New characters and conflicts need to emerge.”

Because moviemaking relies on personal judgment calls, studios try to reduce risk by adhering to rules of thumb. But few choices seem safe anymore.

Original animation used to be a relatively sure bet. This year, mythical creatures (“Missing Link”), an amusement park run by talking animals (“Wonder Park”) and a fox named Swifty (“Arctic Dogs”) got the cold shoulder.

Stephen King sequels are hot (“It: Chapter 2”). Until they’re not (“Doctor Sleep”).

“The market is still very dynamic, but what works is more unpredictable,” said Stephen Gilula, the co-chairman of Fox Searchlight. “The costs have gone up, and the success rate has gone down.”

Searchlight, the Disney-owned art film studio, scored with the summertime horror flick “Ready or Not” ($29 million). Taika Waititi’s “JoJo Rabbit,” a Nazi satire, has earned $20 million and could generate another $5 million to $10 million based on its awards fate. But Searchlight had a very quiet year over all. “Lucy in the Sky” ($320,000), starring Natalie Portman, was an outright flop. Frequent contributors like Wes Anderson were between films.

Between January and Aug. 25, combined ticket sales for the 20 largest art film distributors — Fox Searchlight, Magnolia and the like — fell 45 percent from the same period last year, according to Box Office Mojo data.

A handful of art house offerings ultimately managed to get noticed, including Lulu Wong’s China-set family drama “The Farewell” ($18 million), the elevated A24 horror film “Midsommar” ($27 million), the quirky Huck Finn-style tale “The Peanut Butter Falcon” ($21 million) and Bong Joon Ho’s genre-defying “Parasite” ($21 million).

For the third year running, Focus Features topped the specialty box office. The Universal Pictures subsidiary saw films like “Downton Abbey” ($97 million) and “Harriet” ($42 million) over-perform in ways that seemed to startle even the studio.

“We always thought there would be an excited core audience for ‘Harriet,’ those who have a natural interest in an American icon who shockingly had never had her life story told onscreen,” said Peter Kujawski, the chairman of Focus Features. “But it crossed well past that core audience and broke into the broader culture.”

“Harriet,” directed by Kasi Lemmons, may also figure into the coming Oscar race. Cynthia Erivo, who stars in the film as Harriet Tubman, is a favorite for a best actress nomination.
https://www.nytimes.com/2019/12/22/m...ox-office.html





'Cats' is Getting New Special Effects While it's Still in Theaters

It's the first time a movie has been 'patched' mid-release.
Jon Fingas

You've seen movies receive visual touch-ups in special edition re-releases, but Universal is trying something new: it's updating a movie while it's still in the middle of its initial theatrical run. The media giant has informed theaters that it's giving them a new version of Cats that delivers "some improved visual effects," according to a memo Hollywood Reporter saw. Insiders talking to the publication said that director Tom Hooper wanted to alter some of the effects after rushing to get the movie ready in time for its December 16th premiere screening.

Reportedly, the updated movie is available for theaters to download today (December 22nd) from a satellite server, while those theaters that can't download it will get a hard drive by December 24th. Universal declined to comment.

The tweaks aren't likely to change the general outlook on the movie, which has been... less than favorable. Many viewers are still likely to experience the uncanny valley as they watch anthropomorphized felines dance on screen. However, the edits do ensure that what you see on screen is (probably) Hooper's definitive take on the Andrew Lloyd Webber musical without having to wait months for downloads, streams or Blu-ray discs.

The question is whether or not you'll see this happen going forward. Like game developers (who all too often release day one patches), movie studios are under pressure to release major titles before the holidays and other key moments. It may be tempting to rush out a holiday movie or summer blockbuster knowing that it can be fixed later. However, many people will only see a movie in theaters once -- a flawed special effect could sour crowds on a given title and reduce the chances they'll watch at home.
https://www.engadget.com/2019/12/22/...s-in-theaters/





Why Big Data Has Been (Mostly) Good for Music
Allyson McCabe

In the late 1970s, Robert Hazard had a problem. He’d been tooling around Philadelphia’s music scene for more than a decade, trying out any sound that might put him on the map, to no avail. Then, in 1981, he finally recorded a demo of catchy new wave songs, which his manager passed along to an influential radio DJ. The songs went into heavy rotation and Hazard’s shows started selling out, attracting the attention of Kurt Loder—who gave him an appearance in Rolling Stone.

RCA signed Hazard to multi-album deal and redistributed his self-financed, self-produced 1982 EP. Glowing reviews propelled the single “Escalator of Life” onto Billboard’s Hot 100 chart, locked in MTV airplay, and led to sales of more than 300,000 copies. Two years later, Hazard’s first LP failed to meet sales projections and his label dropped him. He died in 2008, largely an unknown. Two months after he died, Spotify's app launched; if it had been around when Hazard peaked, his career might've looked much different.

In the late 1980s, signings and firings became the norm as business-minded labels sought to reduce risk and maximize profit. In the '90s, the industry embraced CDs, which cost less to manufacture and sold at higher price points than vinyl, but failed to see the coming impact of peer-to-peer file sharing networks and new systems for digital music storage and playback. Downloading digital music brought in only a fraction of the money made on physical media. From 1999 to 2009, sales of recorded music tumbled, from $14.6 billion to a mere $6.3 billion.

Over the past decade, the industry has experienced a surprising rebound thanks to the breakneck growth of music streaming services. The Recording Industry Association of America reports 80 percent of industry revenue now comes from streaming, and the number of paid subscriptions has surpassed 60 million. Following four consecutive years of double-digit growth, total year-end revenues are expected to break the $10 billion mark this year, inching ever closer to the sales numbers the industry hit during the glory days of CDs.

With all that money back on the table, record labels are scouting new talent again. But this time around, they’re hedging their bets with real-time metrics. Every day, millions of bits of data are tracked across Spotify, Pandora, and Apple Music, in addition to sources such as YouTube and RadioWave. Aggregators like Chartmetric and Soundcharts provide stakeholders with a comprehensive overview of an artist’s radio airplay, streaming playlist adds and positions, social media engagement, and geolocated listener demographics.
https://www.wired.com/story/big-data-music/





Russian Court Sentences Pirate Website Owner to Two Years in Prison
Bill Toulas

• A court in Moscow becomes the first one ever to convict a Russian pirate over copyright infringement.
• The man was arrested in spring and confessed that he owned and operated three pirating domains.
• The piracy scene in Russia is going through difficult times after major CDNs were shut down, and the attention passed to streamers.

The Kransogorsk City Court in Moscow has sentenced a man named “Stanislav Saigin” to two years in prison after the man was convicted for offenses of copyright infringement. This is the very first time that a court in Russia has convicted someone due to piracy, so judicial history was made. Stanislav Saigin, however, is not just a casual pirate, nor even one of the hundreds if not thousands of pirate website owners. He was a “whale” in the local copyright-infringing community and a person who caused significant damage to the legitimate business of rightsholders.

More specifically, Mr. Saigin owned the ‘Kinogb.guru’, ‘kinokot.biz’, and ‘fosa.me’ websites, which were enjoying the support of dozens of mirror sites each. These platforms offered thousands of films and TV series episodes to the public free of charge. The content to these three streaming domains was provided by the Moonwalk CDN, which was taken down in October after ACE, BREIN, and the MPA managed to take successful coordinated action against it. Moonwalk had a deal with websites like Kinogb, paying them $0.6 per 1000 views, and that is why Saigin’s platforms didn’t charge the visitors anything. In addition to the Moonwalk deal, Saigin also pushed ads from online casinos, so he made revenue this way too.

According to details provided by Group-IB, who carried out an investigation on Stanislav Saigin, the man tried to be cautious instead of publicly promoting his services as others do. So, he doesn’t have any social media accounts, was not posting links to his on platforms on pirating forums, and generally tried his best not to leave an electronic trace. Still, the authorities managed to track him down and arrest him in the spring of 2019, with the man confessing his wrongdoings immediately. Later, on the court, he decided not to plead guilty, but a two-year suspended sentence and three years on probation were still handed.

With all that is going on lately in Russia, piracy in the country has taken a considerable and measurable blow. According to Group-IB estimates, 2019 was the first year to see a pirate market shrink by 27% compared to 2018. This is a huge percentage, and while piracy may be far from being dead, it is definitely going through rough times right now. Certainly, the prosecution of S. Saigin will further damage the community and scare the streaming website owners and operators.
https://www.technadu.com/russian-cou...-prison/88270/





Russia 'Successfully Tests' its Unplugged Internet
Jane Wakefield

Russia has successfully tested a country-wide alternative to the global internet, its government has announced.

Details of what the test involved were vague but, according to the Ministry of Communications, ordinary users did not notice any changes.

The results will now be presented to President Putin.

Experts remain concerned about the trend for some countries to dismantle the internet.

"Sadly, the Russian direction of travel is just another step in the increasing breaking-up of the internet," said Prof Alan Woodward, a computer scientist at the University of Surrey.

"Increasingly, authoritarian countries which want to control what citizens see are looking at what Iran and China have already done.

"It means people will not have access to dialogue about what is going on in their own country, they will be kept within their own bubble."

How would a domestic internet work?

The initiative involves restricting the points at which Russia's version of the net connects to its global counterpart, giving the government more control over what its citizens can access.

"That would effectively get ISPs [internet service providers] and telcos to configure the internet within their borders as a gigantic intranet, just like a large corporation does," explained Prof Woodward.

So how would the government establish what some have dubbed a "sovereign Runet"?

Countries receive foreign web services via undersea cables or "nodes" - connection points at which data is transmitted to and from other countries' communication networks. These would need to be blocked or at least regulated.

This would require the co-operation of domestic ISPs and would be much easier to achieve if there were just a handful of state-owned firms involved. The more networks and connections a country has, the more difficult it is to control access.

Then Russia would need to create an alternative system.

In Iran, the National Information Network allows access to web services while policing all content on the network and limiting external information. It is run by the state-owned Telecommunication Company of Iran.

One of the benefits of effectively turning all internet access into a government-controlled walled garden, is that virtual private networks (VPNs), often used to circumvent blocks, would not work.

Another example of this is the so-called Great Firewall of China. It blocks access to many foreign internet services, which in turn has helped several domestic tech giants establish themselves.

Russia already tech champions of its own, such as Yandex and Mail.Ru, but other local firms might also benefit.

The country plans to create its own Wikipedia and politicians have passed a bill that bans the sale of smartphones that do not have Russian software pre-installed.
Technical challenges

One expert warned that the policy could help the state repress free speech, but added that it was not a foregone conclusion that it would succeed.

"The Russian government has run into technical challenges in the past when trying to increase online control, such as its largely unsuccessful efforts to block Russians from accessing encrypted messaging app Telegram," Justin Sherman, a cyber-security policy fellow at the New America think tank, told the BBC.

"Without more information about this test though, it's hard to assess exactly how far Russia has progressed in the path towards an isolatable domestic internet.

"And on the business front, it remains to be seen just how much domestic and foreign pushback Russia will get."

Local news agencies, including Pravda, reported the deputy head of the Ministry of Communications had said that the tests of the scheme had gone as planned.

"The results of the exercises showed that, in general, both the authorities and telecoms operators are ready to effectively respond to emerging risks and threats, to ensure the stable functioning of both the internet and unified telecommunication network in the Russian Federation," said Alexey Sokolov.

The state-owned Tass news agency reported the tests had assessed the vulnerability of internet-of-things devices, and also involved an exercise to test Runet's ability to stand up to "external negative influences".
https://www.bbc.com/news/technology-50902496





India Suspends Internet and Phone Services to Quell Protests
Sheikh Saaliq

Indian authorities have stepped up phone and mobile internet shutdowns in some parts of the country in an effort to thwart a groundswell of protests over a new citizenship law that excludes Muslims.

Student-led protests that have galvanized a large section of the Indian public have been met with communications blocks in areas of New Delhi, in the eastern state of West Bengal, the northern city of Aligarh and the entire state of Assam in the days since the contentious law was passed in Parliament.

In Aligarh, where police beat students and fired tear gas shells inside a university last week, internet services on Saturday were suspended for the sixth straight day. The services were also barred in the capital of northern Uttar Pradesh, where nine people have been killed statewide in protests since Friday.

Internet services were restored in the northeastern border state of Assam, the center of a decades-old movement against migrants from Bangladesh and where the protests began last week.

Internet shutdowns are a favored tactic for the government of Prime Minister Narendra Modi. Authorities have interrupted internet services at least 102 times so far this year, according to a public online tracker maintained by the New Delhi-based Software Freedom Law Centre.

In 2018, the #KeepItOn coalition, which works with the support of 191 organizations globally, and the nonprofit group Access Now reported that of the 196 internet shutdowns reported from 25 countries, India was responsible for the majority, with 134 incidents — almost 67% of the world’s documented shutdowns.

Since Modi’s Hindu nationalist-led government first came into power in 2014, the internet has been suspended more than 360 times.

Authoritarian regimes across the world have used similar tactics. In Egypt, for example, the government has blocked more than 500 websites in recent years to try to stifle dissent.

As Iran faced nationwide protests over government-set gasoline prices rising in November, the government shut down internet access to the outside world amid violence and a security-force crackdown that reportedly killed over 300 people. That’s as Iran’s Shiite theocracy already has created a so-called “halal net,” a controlled set of local websites and services.

Iran already bans Facebook, Twitter, YouTube and other sites after protests surrounding its disputed 2009 presidential election, but tech-savvy Iranians long have circumvented those restrictions with virtual private networks and other means. In November, however, the shutdown blocked even those methods.

In Pakistan, India's archrival, the military and government have routinely restricted cellphone service and had Twitter and Facebook shutter accounts that they said contravene the country’s laws.

As part of its restrictions on millions of Uighur Muslims and other ethnic minorities, China, notorious for operating the world’s most extensive system of censorship, has snapped internet access in the western region of Xinjiang to block access to material deemed “subversive or obscene.”

The ruling Communist Party, which is trying to promote the notion of "internet sovereignty," or the right of governments to restrict what their people see and do online, cited India's shutdown as support for Chinese controls.

India's action "proved that the necessary regulation of the internet is a reasonable choice" and an extension of "internet sovereignty," the party newspaper People's Daily said on Dec. 17.

Critics have pointed to the rise of internet shutdowns in India as a mechanism of censorship and repression in response to growing opposition to the government.

“These shutdowns not only violate the fundamental rights of the people but are a well-crafted response by the state to curb forms of speech,” said Apar Gupta, executive director of India Freedom Foundation, a digital rights advocacy group.

Vasudha Gupta, a spokesman for India's Ministry of Home Affairs, which handles internal security matters, did not immediately respond to a message seeking comment Saturday.

The suspension of internet and phone services isn't always carried out statewide or even citywide. Some, such as the one in New Delhi, are instituted across a few districts for a short period of time.

The government says it uses internet blackouts to maintain law and order, and emphasizes that the restrictions are temporary.

India's Ministry of Information and Broadcasting issued an advisory Friday night asking broadcasters across the country to refrain from using content that could inflame further violence, or that “promotes anti-national attitudes."

But broadband and mobile internet services have been blocked for more than four months in Indian-administered Kashmir amid an ongoing crackdown in the country's only Muslim-majority region, which was stripped of its semi-autonomous status and demoted from a state into a federal territory in August.

The blackout there has derailed the economy, medical services and education.

“Such sweeping measures are more like collective punishment than a tactical response,” Akshaya Kumar of Human Rights Watch wrote earlier in the week.

For students and other demonstrators who have been marching in India’s streets, the internet is a tool to assemble masses.

Akruti Gupta, a college student, has been participating in the protests against the new citizenship law, mobilizing other students to take part through multiple WhatsApp groups.

That was until Thursday, when she found her internet service barred at New Delhi’s Jantar Mantar, a 17th century monument where thousands had gathered to demand the revocation of the controversial law.

“The government is trying to put a lid on our voices by banning communication as it fears the calls for equality and justice are growing louder,” said Gupta.

From graffiti to leaflets to knocking on doors, protesters are using traditional methods to bypass internet disruptions.

“We have resorted to door-to-door campaigning as we know that this government can anytime ban the internet as it did in Kashmir,” said Raza Hassan, a student protesting outside New Delhi’s Jamia Millia Islamia University.

On Thursday, when internet services were snapped in parts of the Indian capital, Arvind Kejriwal, New Delhi's chief official, inaugurated a free public WiFi network, promising 11,000 free WiFi hotspots to cover the whole city in the next six months.

“It is an irony that the day we started the free internet scheme, the internet services are being shut in the city,” Kejriwal, a Modi critic, told reporters.

___

Associated Press writers Joe McDonald in Beijing, Kathy Gannon in Islamabad and Jon Gambrell in Dubai, United Arab Emirates, contributed to this report.
https://www.newstimes.com/news/world...o-14923620.php





Chinese Apps are Losing their Hold on India to Local Developers
Manish Singh

Apps from Chinese developers have been gaining popularity on Indian app stores for sometime. Last year, as many as 44 of the top 100 Android apps in India were developed by Chinese firms.

But things have changed this year as local developers put on a fight. According to app analytics and marketing firm AppsFlyer, Indian apps as a whole have recaptured their original standing.

41% of top 200 apps in Indian editions of Google’s Play Store and Apple’s App Store in Q2 and Q3 this year were developed by Indian developers and local firms, up from 38% last year, the report said. Data from App Annie, another research firm, corroborates the claim.

“This uptick happened chiefly at the expense of Chinese apps, which fell from their lead position to 38% from 43% in 2018. Altogether, Chinese and Indian apps make up almost four-fifths (79%) of the list,” the report said.

The shift comes as scores of Indian firms have launched payments, gaming, news, and entertainment apps in the last year and a half, said AppsFlyer, which analyzed 6.5 billion installs in the second and third quarters of this year.

But Chinese developers are not giving up and continue to maintain an “impressive” fight in each category, the report said.

India — which is home to more than 450 million smartphone users and maintains relatively lax laws to support an open market — has naturally emerged as an attractive battleground for developers worldwide.

Many Chinese firms including Xiaomi and ByteDance count India as one of their largest markets. TikTok app has amassed over 200 million users in India, for instance. Xiaomi, which leads the Indian smartphone market, is quickly building a portfolio of services for users in India. It launched a lending app in the country earlier this month.

Gaining traction among first time internet users, most of whom have lower financial capacity, can prove challenging. Those developing travel apps had to spend about 170 Indian rupees ($2.4) for each install, for instance. Food and drink app makers spent 138 Indian rupees ($1.9) per install during the aforementioned period, while games cost 13.5 Indian rupees.
https://techcrunch.com/2019/12/24/ch...al-developers/





China Internet Rules Call for Algorithms that Recommend 'Positive' Content

It wants automated systems to echo state policies.
Jon Fingas

China is once more tightening its grip on internet content, and this time algorithms are in the spotlight. The Cyberspace Administration of China has published upcoming rules that dictate how internet companies manage content, including a push for recommendation algorithms that promote "positive" ideas (read: government policies) while excluding "bad" material. The measure explicitly forbids content that "endangers national security, leaks state secrets, subverts state power [and] undermines national unity." In other words, internet companies can't challenge the political status quo.

The new rules are due to take effect on March 1st, and also call for tighter management of accounts, sign-ups, moderation and "rumors."

Governments have lately stepped up attempts to regulate algorithms, although China's approach is very different than that from other countries. A recent US Senate bill aimed to eliminate bias in algorithms, but China is explicitly advocating bias -- it sees this automated code as a vehicle for the party agenda. The country is clearly concerned that recommendation engines could suggest 'dangerous' material that censors might otherwise catch, and it doesn't want to take any chances.
https://www.engadget.com/2019/12/22/...on-algorithms/





New York Governor Promises Net Neutrality Legislation in 2020

Andrew Cuomo is following the lead of California and promising a law to reinstate net neutrality protections in New York state.
Marguerite Reardon

New York Gov. Andrew Cuomo is joining states like California in proposing a law to ensure his state's internet users have access to a free and open internet. On Thursday, he called for a New York state net neutrality law as part of his 2020 legislative agenda.

Cuomo's plan comes two years after the Federal Communications Commission repealed Obama-era net neutrality protections, which ensured that broadband companies couldn't block or slow down access to the internet or favor their own content or services over a competitor's.

"A free and open internet is one of the great equalizers -- allowing every person the same access to information and helping protect freedom of speech," Cuomo said in a statement. He said his proposed legislation would ensure that "big corporations can't control what information we access or stymie smaller competitors."

Net neutrality is the idea that all traffic on the internet should be treated equally, regardless of whether you're checking Facebook, posting pictures to Instagram or streaming movies from Netflix or Amazon. It also means companies like AT&T, which bought Time Warner, or Comcast, which owns NBC Universal, can't favor their own content over a rival's.

Supporters of net neutrality say rules are necessary to ensure broadband companies aren't abusing their power as gatekeepers. But the current FCC and broadband companies say the old rules gave the FCC too much power and stifled broadband investment.

In 2017, the Republican-led FCC rolled back protections adopted just two years earlier. As part of its order, the FCC also forbade states from passing laws that imposed similar restrictions, saying a patchwork of regulations would create a de facto federal standard because internet service doesn't stop at state borders.

Internet company Mozilla, several public interest groups, and public safety officials in Santa Clara, California, sued. In October, a federal appeals court ruled that the FCC could roll back the rules. But in a victory for net neutrality supporters and states, the court also said the FCC couldn't prevent states from adopting their own protections.

Several states, including California, Vermont and Maine, have already passed net neutrality legislation.

After the federal rules were repealed in late 2017, Cuomo was among several governors who issued an executive order barring state agencies from signing contracts with internet service providers that don't practice net neutrality.

The law Cuomo is proposing would go beyond the executive order and apply to any internet service provider offering services in the state. Specifically, it would require internet service providers to disclose how they manage internet traffic and certify that they comply with New York's net neutrality rules. If companies break the rules, they could be fined by the state and also sued by consumers.

The proposed New York state law would also outlaw so-called "zero-rating" -- a practice that lets broadband companies exclude usage of certain apps and services from customers' monthly data allotments, while other apps and services are counted.

Fight for the Future, a grassroots organization that's been pushing for the reinstatement of net neutrality protections, said it's encouraged by the news that New York is drafting its own law. But it said that "with net neutrality the devil is in the details."

Big internet companies "employ an army of lawyers and lobbyists who will be pushing for loopholes or weaknesses they can exploit," said Evan Gree, deputy director for Fight for the Future. "In order to restore the protections that millions of people fought for in the 2015 Open Internet Order, state level legislation needs to include not only the bright line rules against blocking, throttling, and paid prioritization, but also the essential protections from the text of the order itself."
https://www.cnet.com/news/new-york-g...ation-in-2020/





New Law Finally Bans Bullshit Cable TV Fees
Karl Bode

For a decade we've talked about how the broadband and cable industry has perfected the use of utterly bogus fees to jack up subscriber bills -- a dash of financial creativity it adopted from the banking and airline industries. Countless cable and broadband companies tack on a myriad of completely bogus fees below the line, letting them advertise one rate -- then sock you with a higher rate once your bill actually arrives. These companies will then brag repeatedly about how they haven't raised rates yet this year, when that's almost never actually the case.

Despite this gamesmanship occurring for the better part of two decades, nobody ever seems particularly interested in doing much about it. The government tends to see this as little more than creative marketing, and when efforts to rein in this bad behavior (which is really false advertising) do pop up, they tend to go nowhere, given this industry's immense lobbying power.

But something quietly shifted just before the holidays. After a longstanding campaign by Consumer Reports, The Television Viewer Protection Act of 2019 passed the House and the Senate last week buried inside a giant appropriations bill that now awaits President Trump’s signature.

The bill bans ISPs from charging you extra to rent hardware you already own (something ISPs like Frontier have been doing without penalty for a few years). It also forces cable TV providers to send an itemized list of any fees and other surcharges to new customers within 24 hours of signing up for service, and allows users shocked by the higher price to cancel service without penalty.

The bill's not perfect. Because of the act itself it largely only applies to cable TV, not broadband service where the problem is just as bad. And cable TV providers can still falsely advertise a lower rate, thanks to what appears to be some last minute lobbying magic on the part of the cable TV sector:

"Initial versions of the legislation actually had the provision as truth in advertising, so you had to advertise the entire fees,” said Jenna Leventoff, senior policy counsel at Public Knowledge, a Washington-based public-interest group. “But it’s still an improvement over what currently exists, because you have a right to cancel after signing up."

The trick now will be enforcement by a government and FCC that has routinely shown it's entirely cool with industry repeatedly ripping consumers off with bullshit fees to the tune of around $28 billion annually:

"We seriously hope the cable industry doesn't try to game its way out of complying with a very straightforward disclosure requirement: let consumers know what they will actually pay each month once all the fees are tacked on to the advertised price,” emailed Jonathan Schwantes, senior policy counsel with Consumer Reports, which lobbied for this bill. “And we hope cable operators can do so well before the six month enactment date, and not ask the FCC for an extension for doing something so simple."
https://www.techdirt.com/articles/20...-tv-fees.shtml





Mobile Carriers Left Out of Home Automation Party
Dan Jones

Amazon, Apple and Google, along with the Zigbee Alliance, have started a new working group to develop a royalty-free connectivity standard to increase compatibility among the various smart home devices from Amazon and others.

Despite the multitude of companies involved in this Connected Home over IP project, it doesn't include any mobile operators.

Companies involved include IKEA, Legrand, NXP Semiconductors, Resideo, Samsung SmartThings, Schneider Electric, Signify (formerly Philips Lighting), Silicon Labs, Somfy and Wulian, as well as the major connected home players.

"By building upon Internet Protocol (IP), the project aims to enable communication across smart home devices, mobile apps, and cloud services, and to define a specific set of IP-based networking technologies for device certification," reports a joint statement on the project.

The working group says it will launch a preliminary specification in late 2020. This spec "aims to make it easier for device manufacturers to build devices that are compatible with smart home and voice services such as Amazon's Alexa, Apple's Siri, Google's Assistant, and others," says the consortium. The forthcoming protocol will work across multiple networks, such as WiFi, Bluetooth Low Energy and cellular.

The project is a rare moment of agreement for three of the top tech companies in the world. The working group deal is especially unusual for Apple and Google, which appear to be putting aside years of heated competition to create this smart device standard.

At present, however, it appears that there will be no mobile operators involved in crafting this smart device protocol. Major carriers, like AT&T, have certainly taken part in their own connected home efforts, but are not involved in this effort.

AT&T appears to be working to somewhat similar aims through its project with ex-Microsoft man Ray Ozzie and his startup Blue Wireless. "Notecard will enable developers of a broad range of commercial and industrial products to embed connectivity that just works, near globally," says AT&T of its work with the startup.

The carrier, as well as many operators in the smart home and IoT areas, is still focused on delivering purely cellular connectivity and doesn't deal in the IP layer, as the tech giants' latest project does.

— Dan Jones, Mobile Editor, Light Reading

https://www.lightreading.com/iot/mob.../a/d-id/756431





What does Your Car Know about You? We Hacked a Chevy to Find Out.
Geoffrey A. Fowler

Behind the wheel, it’s nothing but you, the open road — and your car quietly recording your every move.

On a recent drive, a 2017 Chevrolet collected my precise location. It stored my phone’s ID and the people I called. It judged my acceleration and braking style, beaming back reports to its maker General Motors over an always-on Internet connection.

Cars have become the most sophisticated computers many of us own, filled with hundreds of sensors. Even older models know an awful lot about you. Many copy over personal data as soon as you plug in a smartphone.

But for the thousands you spend to buy a car, the data it produces doesn’t belong to you. My Chevy’s dashboard didn’t say what the car was recording. It wasn’t in the owner’s manual. There was no way to download it.

To glimpse my car data, I had to hack my way in.

We’re at a turning point for driving surveillance: In the 2020 model year, most new cars sold in the United States will come with built-in Internet connections, including 100 percent of Fords, GMs and BMWs and all but one model Toyota and Volkswagen. (This independent cellular service is often included free, or sold as an add-on.) Cars are becoming smartphones on wheels, sending and receiving data from apps, insurance firms and pretty much wherever their makers want. Some brands even reserve the right to use the data to track you down if you don’t pay your bills.

When I buy a car, I assume the data I produce is owned by me — or at least is controlled by me. Many automakers do not. They act like how and where we drive, also known as telematics, isn’t personal information.

Cars now run on the new oil: your data. It is fundamental to a future of transportation where vehicles drive themselves and we hop into whatever one is going our way. Data isn’t the enemy. Connected cars already do good things like improve safety and send you service alerts that are much more helpful than a check-engine light in the dash.

But we’ve been down this fraught road before with smart speakers, smart TVs, smartphones and all the other smart things we now realize are playing fast and loose with our personal lives. Once information about our lives gets shared, sold or stolen, we lose control.

There are no federal laws regulating what carmakers can collect or do with our driving data. And carmakers lag in taking steps to protect us and draw lines in the sand. Most hide what they’re collecting and sharing behind privacy policies written in the kind of language only a lawyer’s mother could love.

Car data has a secret life. To find out what a car knows about me, I borrowed some techniques from crime scene investigators.

What your car knows

Jim Mason hacks into cars for a living, but usually just to better understand crashes and thefts. The Caltech-trained engineer works in Oakland, California, for a firm called ARCCA that helps reconstruct accidents. He agreed to help conduct a forensic analysis of my privacy.

I chose a Chevrolet as our test subject because its maker GM has had the longest of any automaker to figure out data transparency. It began connecting cars with its OnStar service in 1996, initially to summon emergency assistance. Today, GM has more than 11 million 4G LTE data-equipped vehicles on the road, including free basic service and extras you pay for. I found a volunteer, Doug, who let us peer inside his two-year-old Chevy Volt.

I met Mason at an empty warehouse, where he began by explaining one important bit of car anatomy. Modern vehicles don’t just have one computer. There are multiple, interconnected brains that can generate up to 25 gigabytes of data per hour from sensors all over the car. Even with Mason’s gear, we could only access some of these systems.

This kind of hacking isn’t a security risk for most of us – it requires hours of physical access to a vehicle. Mason brought a laptop, special software, a box of circuit boards and dozens of sockets and screwdrivers.

We focused on the computer with the most accessible data: the infotainment system. You might think of it as the car’s touch screen audio controls, yet many systems interact with it, from navigation to a synced-up smartphone. The only problem? This computer is buried beneath the dashboard.

After an hour of prying and unscrewing, our Chevy’s interior looked like it had been lobotomized. But Mason had extracted the infotainment computer, about the size of a small lunchbox. He clipped it into a circuit board, which fed into his laptop. The data didn’t copy over in our first few attempts. “There is a lot of trial and error,” said Mason.

(Don’t try this at home. Seriously – we had to take the car into a repair shop to get the infotainment computer reset.)

It was worth the trouble when Mason showed me my data. There on a map was the precise location where I’d driven to take apart the Chevy. There were my other destinations, such as the hardware store I’d stopped at to buy some tape.

Among the trove of data points were unique identifiers for my and Doug’s phones, and a detailed log of phone calls from the previous week. There was a long list of contacts, right down to people’s address, emails and even photos.

For a broader view, Mason also extracted the data from a Chevrolet infotainment computer that I bought used on eBay for $375. It contained enough data to reconstruct the Upstate New York travels and relationships of a total stranger. We know he or she frequently called someone listed as “Sweetie,” whose photo we also have. We could see the exact Gulf station where they bought gas, the restaurant where they ate (called Taste China) and the unique identifiers for their Samsung Galaxy Note phones.

Infotainment systems can collect even more. Mason has hacked into Fords that record locations once every few minutes, even when you don’t use the navigation system. He’s seen German cars with 300 gigabyte hard drives – five times as much as a basic iPhone 11. The Tesla Model 3 can collect video snippets from the car’s many cameras. Coming next: face data, used to personalize the vehicle and track driver attention.

In our Chevy, we likely glimpsed just a fraction of what GM knows. We didn’t see what was uploaded to GM’s computers, because we couldn’t access the live OnStar cellular connection. (Researchers have done those kinds of hacks before to prove connected vehicles can be remotely controlled.)

My volunteer car owner Doug asked GM to see the data it collected and shared. The automaker just pointed us to an obtuse privacy policy. Doug also (twice) sent GM a formal request under a 2003 California data law to ask who the company shared his information with. He got no reply.

GM spokesman David Caldwell declined to offer specifics on Doug’s Chevy, but said the data GM collects generally falls into three categories: vehicle location, vehicle performance and driver behavior. “Much of this data is highly technical, not linkable to individuals and doesn’t leave the vehicle itself,” he said.

But there were clues to what more GM knows on its website and app. It offers a Smart Driver score – a measure of good driving – based on how hard you brake and turn, and how often you drive late at night. They’ll share that with insurance companies, if you want. With paid OnStar service, I could, on demand, locate the car’s exact location. It also offers in-vehicle WiFi and remote key access for Amazon package deliveries. An OnStar Marketplace connects the vehicle directly with third-party apps for Domino’s, IHOP, Shell and others.

The OnStar privacy policy, possibly only ever read by yours truly, grants the company rights to a broad set of personal and driving data without much detail on when and how often it might collect it. It says: “We may keep the information we collect for as long as necessary” to operate, conduct research or satisfy GM’s contractual obligations. Translation: pretty much forever.

It’s likely GM and other automakers only keep just a slice of the data cars generate. But think of that as a temporary phenomenon. Coming 5G cellular networks promise to link cars to the Internet with ultra-fast, ultra-high-capacity connections. As wireless connections get cheaper and data becomes more valuable, anything the car knows about you is fair game.

Protecting yourself

GM’s view, echoed by many other automakers, is that we gave them permission for all of this. “Nothing happens without customer consent,” said GM’s Caldwell.

When my volunteer Doug bought his Chevy, he didn’t even realize OnStar basic service came standard. (I don’t blame him – who really knows what all they’re initialing on a car purchase contract?) There is no button or menu inside the Chevy to shut off OnStar or other data collection, though GM says it has added one to newer vehicles. Customers can press the console OnStar button and ask a representative to remotely disconnect.

What’s the worry? From conversations with industry insiders, I know many automakers haven’t totally figured out what to do with the growing amounts of driving data we generate. But that’s hardly stopping them from collecting it.

Five years ago, 20 automakers signed onto volunteer privacy standards, pledging to “provide customers with clear, meaningful information about the types of information collected and how it is used” as well as “ways for customers to manage their data.” But when I called eight of the largest automakers, not even one offered a dashboard for customers to look at, download and control their data.

Automakers haven’t had a data reckoning yet, but they’re due for one. GM ran an experiment in which it tracked the radio music tastes of 90,000 volunteer drivers to look for patterns with where they traveled. According to the Detroit Free Press, GM told marketers that the data might help them persuade a country music fan who normally stopped at Tim Horton’s to go to McDonald’s instead.

GM would not tell me exactly what data it collected for that program but said “personal information was not involved” because it was anonymized data. (Privacy advocates have warned that location data is personal because it can be re-identified with individuals because we follow such unique patterns.)

GM’s privacy policy, which the company says it will update before the end of 2019, says it may “use anonymized information or share it with third parties for any legitimate business purpose.” Such as whom? “The details of those third-party relationships are confidential,” said Caldwell.

There are more questions. GM’s privacy policy says it will comply with legal data demands. How often does it share our data with the government? GM doesn’t offer a transparency report like tech companies do.

Automakers say they put data security first. But I suspect they’re just not used to customers demanding transparency. They also probably want to have sole control over the data, given that the industry’s existential threats – self-driving and ride-hailing technologies – are built on it.

But not opening up brings problems, too. Automakers are battling with repair shops in Massachusetts about a proposal that would require car companies to grant owners – and mechanics – access to telematics data. The Auto Care Association says locking out independent shops could give consumers fewer choices, and make us end up paying more for service. The automakers say it’s a security and privacy risk.

In 2020, the California Consumer Privacy Act will require any company that collects personal data about the state’s residents to provide access to the data and give people the ability to opt out of its sharing. GM said it would comply with the law but didn’t say how.

Are any carmakers better? Among the privacy policies I read, Toyota’s stood out for drawing a few clear lines in the sand about data sharing. It says it won’t share “personal information” with data resellers, social networks or ad networks – but still carves out the right to share what it calls “vehicle data” with business partners.

Until automakers put even a fraction of the effort they put into TV commercials into giving us control over our data, I’d be wary about using in-vehicle apps or signing up for additional data services. At least smartphone apps like Google Maps let you turn off and delete location history.

And Mason’s hack brought home a scary reality: Simply plugging a smartphone into a car could put your data at risk. If you’re selling your car or returning a lease or rental, take the time to delete the data saved on its infotainment system. An app called Privacy4Cars offers model-by-model directions. Mason gives out gifts of car-lighter USB plugs, which let you charge a phone without connecting it to the car computer. (You can buy inexpensive ones online.)

If you’re buying a new vehicle, tell the dealer you want to know about connected services — and how to turn them off. Few offer an Internet “kill switch,” but they may at least allow you turn off location tracking.

Or, for now at least, you can just buy an old car. Mason, for one, drives a conspicuously non-connected 1992 Toyota.
https://www.seattletimes.com/busines...y-to-find-out/





We Need to Move Beyond the Car
Dan Ammann

Imagine if someone invented a new transportation system and said, “I’ve designed a new way of getting around: It’s powered by fossil fuels that will pollute our air. It will congest our cities to the point of inciting rage in its users. Its human operators will be fallible, killing 40,000 Americans — and more than a million people around the world — every year. Most of the time, the equipment will sit unused, occupying prime real estate and driving up housing costs. If you’re young, old, or living with a disability, then you can’t use it. And for those who can, the privilege will cost $9,000 a year and suck up two years of your life.”

You’d say, “You’re crazy.” And yet, here we are, living in a state of cognitive dissonance with exactly this — the human-driven, gasoline-powered, single-occupant car — as our primary mode of transportation.

As we work to earn trust in communities ahead of the launch of our self-driving service, I have been spending time with city leaders, including recently at CityLab, an annual conference that brings together mayors and other city officials to share the latest in urban innovation. What I heard there further validated my belief that the status quo of transportation is broken, and that our need to find better solutions grows more urgent every day.

Yet, despite the best efforts of government, regulators and industry, very little has fundamentally changed in recent decades in terms of how we get around.

More than three in four of us still drive to work in single-occupant vehicles, which is basically unchanged over the past twenty years. Electric vehicle adoption remains stubbornly stuck at under 1%. And, most importantly, traffic accidents are still the leading cause of death for 5- to 29-year olds, globally.

So, where to from here?

To be sure, public transit can and must help address some of these issues. But public transit often requires massive investment that many cities simply cannot afford. Even then, it only reaches a fraction of the population.

And while micro-mobility may offer some creative solutions, it only solves first/last mile problems for a small segment of the population, and only in certain communities.

Even the much-ballyhooed rise of ride-sharing hasn’t solved the problem. In fact, what was intended to upend has only served to further entrench the status quo. Despite making up less than 1% of all vehicle miles traveled, ride-sharing has added further congestion, more emissions, and potentially even decreased safety in our cities from over-tired and overworked drivers. That’s because this “disruption” is mostly built out of what’s causing the fundamental problem — the human-driven, gasoline-powered, single-passenger car. The result is that what we call ride-sharing isn’t really ride-sharing — it’s actually just ride-hailing. So while these apps have disrupted the taxi industry with subsidized rides at the push of a button, they haven’t fixed transportation.

To make order-of-magnitude — rather than incremental — improvements in transportation, we need to build alternatives that are superior to the status quo in every way.

That’s why at Cruise it is our mission to improve safety by removing the human driver, reduce emissions by being all-electric, and reduce congestion through making shared rides more compelling by providing an awesome experience at a radically lower cost. Only then will we truly move beyond the car to the transportation system that we deserve — one that is safer, more affordable, and better for us, for our cities, and for our planet.

More to come.
https://medium.com/cruise/we-need-to...r-ad065eb800e3





We Tested Ring’s Security. It’s Awful

Ring lacks basic security features, making it easy for hackers to turn the company's cameras against its customers.
Joseph Cox

It's not so much being watched. It's that I don't really know if I'm being watched or not.

From across the other side of the world, a colleague has just accessed my Ring account, and in turn, a live-feed of a Ring camera in my apartment. He sent a screenshot of me stretching, getting ready for work. Then a second colleague accessed the camera from another country, and started talking to me through the Ring device.

"Joe can you tell I'm watching you type," they added in a Slack message. The blue light which signals someone is watching the camera feed faded away. But I still couldn't shake the feeling of someone may be tuning in. I went into another room.

My colleagues were only able to access my Ring camera because they had the relevant email address and password, but Amazon-owned home security company Ring is not doing enough to stop hackers breaking into customer accounts, and in turn, their cameras, according to multiple cybersecurity experts, people who write tools to break into accounts, and Motherboard's own analysis with a Ring camera it bought to test the company's security protections.

Last week a wave of local media reports found hackers harassed people through Ring devices. In one case a hacker taunted a child in Mississippi, in another someone hurled racist insults at a Florida family. Motherboard found hackers have made dedicated software for more swiftly gaining access to Ring cameras by churning through previously compromised email addresses and passwords, and that some hackers were live-streaming the Ring abuse on their own so-called podcast dubbed "NulledCast."

In response to the hacks, Ring put much of the blame for these hacks on its users in a blog post Thursday.

"Customer trust is important to us, and we take the security of our devices and service extremely seriously. As a precaution, we highly encourage all Ring users to follow security best practices to ensure your Ring account stays secure," it said. To be clear, a user who decides to use a unique password on their Ring device and two-factor authentication is going to be safer than one who is reusing previously hacked credentials from another website. But rather than implementing its own safeguards, Ring is putting this onus on users to deploy security best practices; time and time again we've seen that people using mass-market consumer devices aren't going to know or implement robust security measures at all times.

Ring is not offering basic security precautions, such as double-checking whether someone logging in from an unknown IP address is the legitimate user, or providing a way to see how many users are currently logged in—entirely common security measures across a wealth of online services.

"They are worth billions so where is the investment in security," Daniel Cuthbert, who is on the committee for annual cybersecurity conference Black Hat, and who is also a Ring owner, told Motherboard.

A Ring account is not a normal online account. Rather than a username and password protecting messages or snippets of personal information, such as with, say, a video game account, breaking into a Ring account can grant access to exceptionally intimate and private parts of someone's life and potentially puts their physical security at risk. Some customers install these cameras in their bedrooms or those of their children. Through an issue in the way a Ring-related app functions, Gizmodo found these cameras are installed all across the country. Someone with access can hear conversations and watch people, potentially without alerting the victims that they are being spied on. The app displays a user-selected address for the camera, and the live feed could be used to determine whether the person is home, which could be useful if someone were, for example, planning a robbery. Once a hacker has broken into the account, they can watch not only live streams of the camera, but can also silently watch archived video of people—and families—going about their days.

Or a hacker can digitally reach into those homes, and speak directly to the bewildered, scared, or confused inhabitants. That level of sensitivity should arguably encourage more robust security practices than an ordinary account.

Do you work at Ring? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

Ring doesn't appear to check a user's chosen password against known compromised user credentials. Although not a widespread practice, more online services are starting to include features that will alert a user if they're using an already compromised password.

Other steps Ring could take to better keep hackers out includes checking whether someone is logging in from an IP address Ring has never seen before, and if so, carrying out additional checks, Cuthbert said. Another is checking for concurrent sessions, such as seeing whether the user is simultaneously logged in from, say, both Germany and the U.K., Cuthbert added, in case one of those may be a hacker accessing the account.

One member of a hacking forum who codes cracking tools, and who Motherboard granted anonymity so they could speak more openly about the process, said, "just enabling SMS verification if there is a connection from an unknown IP would instantly kill each checker." A checker is a piece of software that grinds through credentials to see if they work on a particular site or service.

CRACKING RING

Motherboard purchased a Ring camera to test what sort of security protections are in place to stop or slow hackers trying to break into Ring accounts. After setting up an account, the Ring app, and the camera itself, we shared the email address and password to the camera interface with multiple reporters who used both virtual private network software to connect to the camera from IP addresses from all over the world as well as physically being located in other countries.

We logged into the Ring app and website from the U.S., U.K., Spain, and Singapore, in some cases simultaneously and from various devices and browsers that had never been used to log into the platform before. At no point did Ring trigger any sort of alert, such as an email notification, to check that the IP address the system had never seen did indeed belong to the legitimate camera owner. Gmail, for instance, may email you if it detects a suspicious login attempt from a new location, a new device, or a new browser.

On a desktop web browser, someone who is logged in is able to watch historical, archived footage. From a smartphone app, someone who is logged in can watch live and historical footage, listen through the camera's microphone, speak through the camera's speaker, play an alarm, see the name of the specific Wi-Fi network the camera is connected to, see the address the user originally registered the Ring camera with, see the phone number a user has entered into the app, and see nearby crime "incidents." This shows the specific, user-selected home address plotted on a map. Ring requires that a user input a home address to set up the camera.

Multiple Motherboard staffers accessed these services simultaneously. But Ring provides no way to see how many people are logged in at once, meaning if a hacker is logged into the app, a Ring owner has no way to tell. If a user is livestreaming the camera feed, a blue light on the front of the camera turns on; however, many Ring users may not constantly be checking whether this light is on or not. Ring also doesn't appear to provide users a list of previous login attempts, making it harder to see if a hacker had access.

Ring hackers' software works by rapidly checking if an email address and password on the Ring web login portal works; hackers will typically use a list of already compromised combinations from other services. If someone makes too many incorrect requests to login, many online services will stop them temporarily from doing so, mark their IP address as suspicious, or present a captcha to check that the user trying to login is a human rather than an automated program. Ring appears to have minimal protections in place for this though. Motherboard deliberately entered the wrong password to our account on the login portal while connecting from the Tor anonymity network dozens of times in quick succession. At no point did Ring try to limit our login attempts or present a captcha.

One source sent Motherboard a screenshot of a piece of Ring cracking software in action.

"Headers can tell the website how legitimate a request is," they wrote along with the screenshot, headers referring to information a web request can include to give more information about the machine logging in. Headers can include the browser or operating system the request comes from, which could indicate if a login attempt is automated by software. "But Ring's security is such that even with minimal headers, you can get by," they added.

"Ring is a physical thing, they could implement something to securely pair it with an app on your smartphone. Then, mobile app approves web logins from untrusted web browsers," Dino Dai Zovi, mobile security lead at Square, wrote in a tweet on Sunday.

Security is a trade-off with efficiency. Ring may not want to have stricter checks in place so as to not raise barriers for its users. Perhaps a customer is out of the country but still wants to log into their account and check what has happened in view of the camera, meaning they may connect from a new IP address. But even with this trade-off in mind, Ring has made decisions to not provide users alerts with new logins or other protections.

Ring does offer two-factor authentication, where a user is required to enter a second code sent to them as well as their password, but Ring does not force customers to use it. Motherboard verified that Ring's two-factor authentication does work as advertised, but multiple people who were logged into the app didn't have to log back in after it was enabled—Ring didn't eject them nor ask them to enter a two-factor token. Ring did log everyone out after a password change, however.

Motherboard asked Ring a series of specific and detailed questions, such as whether Ring limits the number of login attempts, or blocks an attempt if the connecting IP address is from a country the user is not usually located in. The company responded with a statement nearly identical to its earlier one, saying, "Ring understands what a big decision it is to pick a home security product, and we don’t take that decision lightly. Ring will continue to introduce additional security features to keep Ring accounts and devices secure, and we're working with our customers to ensure they have the knowledge and tools to practice good password habits."

The victims of Ring hacks have said themselves that they feel the company is putting too much burden on them to stop hackers. Ashley LeMay, one of the parents in Mississippi whose camera was hijacked to then spy on their children, told the New York Times she thought Ring's response provided scant information and shifted responsibility for the breaches onto customers.

"Auth [authentication] is still stuck in the '90s," Cuthbert said. "Username and password and very little other than that. That was ok back then but today we have a wealth of knowledge and experience to know that we need additional telemetry to make the [authentication] decision," he added.

Ring is advertised as a home security device which is supposed to make its customers safer by monitoring their homes. But its lack of certain security features shows how the device can work against its owners, and open them up to other risks. When I get home tonight, I'll put the Ring camera back into its box, regardless of whether that little blue light is on or not.

Jason Koebler, Emanuel Maiberg, and Lorenzo Franceschi-Bicchierai provided additional reporting for this piece.
https://www.vice.com/en_us/article/e...amera-security





Randy Suess, Computer Bulletin Board Inventor, Dies at 74

The messaging system that he and a friend created in 1978 was a forerunner of social media services like Twitter, Facebook and YouTube.
Cade Metz

Randy Suess, a computer hobbyist who helped build the first online bulletin board, anticipating the rise of the internet, messaging apps and social media, died on Dec. 10 in Chicago. He was 74.

His death, at a hospital, was confirmed by his daughter Karrie.

In late January 1978, Mr. Suess (rhymes with “loose”) was part of an early home computer club called the Chicago Area Computer Hobbyists’ Exchange, or CACHE. He and another club member, an IBM engineer named Ward Christensen, had been discussing an idea for a new kind of computer messaging system, but hadn’t had the time to explore it. Then a blizzard hit the Great Lakes region, covering Chicago in more than 40 inches of snow.

As the city shut down, Mr. Christensen phoned Mr. Suess to say that they finally had enough time to build their new system. Mr. Christensen suggested that they get help from the other members of the club, but, as he recalled in an interview, Mr. Suess told him that that would be a mistake because others would just slow the project down.

“Forget the club, it would just be management by committee,” Mr. Christensen recalled him saying, noting that Mr. Seuss had been a self-taught computer technician whose decisions typically came hard and fast. “It’s just me and you. I will do the hardware, and you will do the software.”

The idea was to build a central computer that club members could connect to using their own computers and telephone lines. They thought of it as an electronic version of the cork bulletin boards on the walls of grocery stores, where anyone could post paper fliers.

Two weeks later, their system was up and running, and the club was trading messages about meetings, new ideas and new projects.

“It was a ‘meta’ system,” Mr. Christiansen said. “It was all about computers.”

At first, Mr. Suess suggested that they call it C.E.C, short for Computer Elites’ Communication Project, but they settled on Computerized Bulletin Board System, or C.B.B.S.

In the late 1970s and on into the ’80s, as word of their system spread through trade magazines and by word of mouth, hobbyists across the country built their own online bulletin boards, offering everything from real-time chat rooms to video games. These grass-roots services were the forerunners of globe-spanning social media services like Twitter, Facebook and YouTube.

“Everything we do in terms of communicating with other people online can be traced back to Randy and his bulletin board,” said Jason Scott, a computer history archivist who made an online documentary about the creation of C.B.B.S. “The only difference is that now it is all a little slicker.”

Randy John Suess was born on Jan. 27, 1945, in Skokie, Ill., about 15 miles north of downtown Chicago. His father, Miland, was a police officer in nearby Lincolnwood, and his mother, Ruth (Duppenthaler) Suess, was a nurse.

After serving two years in the Navy and attending the University of Illinois at Chicago Circle, Mr. Suess held a variety of technical jobs in and around the city, including positions with IBM and Zenith. Like Mr. Christensen, he joined the new Chicago Area Computer Hobbyists’ Exchange in the summer of 1975. It was one of many such do-it-yourself computer clubs popping up around the country.

Mr. Suess and Mr. Christiansen built their electronic bulletin board using a personal computer called the S-100. After adding a modem that could send and receive data across a phone line, Mr. Suess soldered together some additional hardware that could automatically restart the machine and then load Mr. Christiansen’s software whenever someone dialed in.

“Randy pretty much built it from scratch,” Mr. Christiansen said. “It looked like it was put together with bailing wire and chewing gum.”

Mr. Christiansen offered to run the system from his home in Dolton, Ill., south of Chicago. But Mr. Suess, who lived in the Wrigleyville section of the city, insisted that it stay in his basement, so that anyone in the city could dial in without paying long-distance charges. By the time they retired the system in the 1980s, its single phone line had received more than a half million calls.

Mr. Suess had by then built a much larger system called Chinet — short for Chicago Network — which connected to the internet through a satellite radio. The internet was so small that he could download the whole thing onto his machine in a single evening. Others could then browse this global collection of data, including a new version of C.B.B.S., through 22 phone lines plugged into a bank of modems on a wall.

Some people dialed in from as far away as Australia and Singapore. Mr. Suess’s son, Ryan, remembered hearing the staticky whine of the modems at all hours of the day and night. “Eventually, it just becomes white noise,” he said.

In addition to his son and his daughter Karrie, Mr. Suess is survived by another daughter, Christine, and three grandchildren. His marriages to Agnes Kluck and Dawn Hendricks ended in divorce.

Forty years after its debut, a version of C.B.B.S. was still up and running, and anyone could access it, even from a laptop or a smartphone. This month, the bulletin board spread word about Mr. Suess’s death.
https://www.nytimes.com/2019/12/20/t...uess-dead.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

December 21st, December 14th, December 7th, November 30th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 07:12 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)