P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 06-11-19, 07:16 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - November 9th, ’19

Since 2002































November 9th, 2019




Netflix Isn't Cool With Password Sharing Anymore. Why Piracy Is About to Be the Next Battle in the Streaming War

Streaming services are going high-tech to crack down on people who share their accounts.
Jason Aten

There was a time when Netflix's CEO said that password sharing was "something you have to get used to." Which made sense at the time, since pretty much everyone did it in some form or another. Basically, Netflix's position has been that it doesn't condone password sharing, it just isn't going to do anything about it.

Until now.

The streaming wars are starting to heat up in a big way, especially with the launch last week of Apple TV+, the upcoming debut of Disney+ next week, and future services from HBO and NBC. Despite the fact that all of those major players are doing battle, there's one fight where they're all on the same side: stopping password sharing.

Or, as they call it, "piracy."

We've certainly come a long way since the days where the MPAA and RIAA were fighting against Napster and other file-sharing services to stop people from ripping their CDs and DVDs and sharing them online. I don't even know anyone who still buys DVDs, and my children don't even know what CDs are.

But as a service reaches a saturation point of subscribers, at some point two things happen: people stop signing up for new streams because their budget can only take so much, and they share their accounts with others. If you're trying to build an audience, the last thing you want is for people to freeload off their parents, friends, roommate, or neighbor.

And, if you're an established player like Netflix, Hulu, or Amazon Prime, you recognize that at some point, some percentage of those freeloaders represent real lost revenue. Which, in the long run, is the entire point, if you're spending billions and billions of dollars a year to license or create content and deliver it to people's homes and phones.

Up to this point, no one seems to have cared, especially since Netflix already has an enormous subscription base and pretty much dominated the game, and Amazon gives away its service with a Prime Membership. But as heavy hitters like Apple and Disney are getting into the game, the stakes are suddenly much higher.

Which is why, as The Hollywood Reporter points out, the Alliance for Creativity and Entertainment (ACE) is looking at ways to "reduce unauthorized access to content, specifically mentioning improper password sharing as a top concern." First, you have to admire the moxy of a group that calls itself the Alliance for Creativity and Entertainment. They clearly suffer from no lack of confidence.

The ACE is made up of all of the major studios, including Warner Bros., Disney, Netflix, Sony, and Paramount along with Amazon and Comcast, and says it doesn't plan to take action against individuals, but instead will work on technological solutions that prevent password sharing. That could involve location and device tracking technology which would likely raise additional privacy, and not just piracy, concerns.

Look, it's totally reasonable for Netflix to say, "We'd really rather that college students pay for their own subscriptions, but we know they won't, so we've put up with them freeloading. But now you're a grown up and it's time to pay up." The trick is that I'm sure companies have no interest in making a bunch of people mad, because mad people don't usually rush out to sign up for your service.

Still, these moves show just how important it is to streaming service companies to maximize every opportunity to build a paying audience. Especially when the new players (Apple and Disney in particular) plan to offer year-long free trials to entice viewers to stick around.

The bottom line is this: The day is coming soon when you might have to actually decide whether it's worth paying for Stranger Things and The Handmaid's Tale or Star Wars and The Morning Show. When that day comes, you'll have to decide whose stream--revenue stream, that is--you want to contribute to.
https://www.inc.com/jason-aten/netfl...aming-war.html





Netflix, HBO and Cable Giants Are Coming for Password Cheats

Password resets and thumbprints are among the tactics being considered
Gerry Smith

A coalition that includes Netflix Inc., HBO and cable-industry titans is stepping up efforts to crack down on password sharing, discussing new measures to close a loophole that could be costing companies billions of dollars in lost revenue each year.

Programmers and cable-TV distributors are considering an array of tactics to cut off people who borrow credentials from friends and relatives to access programming without paying for it. The possible measures include requiring customers to change their passwords periodically or texting codes to subscribers’ phones that they would need to enter to keep watching, according to people familiar with the matter.

Some TV executives want to create rules governing which devices can be used to access a cable-TV subscription outside the home. While someone logging in from a phone or tablet would be fine, someone using a Roku device at a second location could be considered a likely freeloader, one person said.

If none of those tactics work, pay-TV subscribers could someday be required to sign into their accounts using their thumbprints.

“I feel like I’m beating my head against the wall,” Tom Rutledge, the chief executive officer of Charter Communications Inc., said during an earnings call last month. “It’s just too easy to get the product without paying for it.”

But taking more aggressive measures poses risks. The people using services for free — especially younger consumers — may never agree to sign up for a subscription, no matter how many hassles they endure. That means companies would mostly just be alienating paying customers, who could get frustrated and stop using an app or cancel their service. In other words, there’s plenty of downside and possibly little upside.

“If you ask any cohort of young people if they will ever pay for Netflix or video services, the answer is unequivocally no,” said Mike McCormack, an analyst at Guggenheim Securities.

The pay-TV industry is projected to lose $6.6 billion in revenue from password sharing and piracy this year, according to Parks Associates. By 2024, the number could grow to $9 billion, the research firm said.

Two years ago, some of the biggest names in entertainment and technology formed a group called the Alliance for Creativity and Entertainment, which was devoted to reducing online piracy. Last month, the group announced that it’s turning its attention to password sharing. Participants include Netflix, Amazon.com Inc., Walt Disney Co., Viacom Inc., AT&T Inc.’s HBO, Comcast Corp. and Charter.

There’s no consensus on where to draw the line.

Consumers can access streaming programming via apps from both distributors like Charter and programmers like Fox. As a result, both sides of the industry need to work together to solve the problem. Charter, which sells cable-TV service under the Spectrum brand, has said its recent distribution deals with Fox and Disney will help them address password sharing, but didn’t specify which measures they’d be taking.

While industry executives widely agree password sharing is a problem, there’s no consensus on where to draw the line. Programmers and distributors blame each other for being too lenient in how many people can simultaneously stream from one account. DirecTV and Comcast allow five streams. Fox and ESPN generally allow three.

Online TV services also vary in how generous they are about password sharing. Apple TV+, which launched Nov. 1, allows up to six people to stream from one family plan. Two upcoming services — AT&T’s HBO Max and NBCUniversal’s Peacock — aren’t ready to announce how many streams to allow, according to representatives for both companies. A spokeswoman for Disney+, which launches Nov. 12, didn’t respond to a request for comment.

Netflix allows just one stream for its basic plan and four streams for its most expensive service. Three years ago, CEO Reed Hastings said password sharing is “something you have to learn to live with, because there’s so much legitimate password sharing — like you sharing with your spouse, with your kids.”

Recently, there have been indications that the company may be reconsidering its tolerance. On an earnings call last month, Netflix Chief Product Officer Greg Peters said it is “looking at the situation” and seeking “consumer-friendly ways to push on the edges of that.”
https://www.bloomberg.com/news/artic...assword-cheats





Netflix and HBO Shows are Getting Pirated on this App that’s Been Bankrolled by Advertisers Such as Pandora, BET+ and TikTok
Megan Graham

• A service called TeaTV lets people watch seemingly pirated content from HBO or Netflix for free with ads.
• TeaTV appears to be tapping into the murky digital advertising ecosystem to get ad revenue from legit advertisers.
• This type of piracy globally is believed to cost the U.S. economy $29.2 billion a year.

Watching a bootleg version of “Joker” — albeit one that was obviously recorded from the back of a movie theater — is as easy as downloading an app from a website, finding the movie and clicking the play button.

There is one catch. Even though the content appears to be pirated, you’ll still have to sit through ads.

Among the more popular places to find this sort of unauthorized content is a site called TeaTV. The online service offers a wide swath of pirated movies from major networks such as HBO and streaming services including Netflix as well as current releases from top movie studios. Video ads have shown up from brands including TikTok, streaming service BET+, the Madden Mobile video game, music streaming service Pandora, Pluto TV, Hulu, Yahoo Mail and many more.

Ads also were appearing for major advertisers including Walgreens, Amazon’s Fire TV and Kia on the website through Google, The Trade Desk, Adroll and more but had stopped as of early October after CNBC began reaching out to advertisers and ad-tech companies. Most brand advertisers contacted by CNBC did not respond to requests for comment or did not comment on the record. A Walgreens spokesperson said the company wasn’t aware of the issue and prohibits ads on sites with pirated content. The company added it was working to understand and resolve the matter.

Consumers are given the option of downloading the app to Android, Windows or MacOS, where they can watch “free 1080p movies.”

And even though many companies in the advertising space know it’s an issue, the ads keep coming, on the app at least. At a recent meeting of major industry players in New York on the subject of ad-supported pirated content, TeaTV was one topic of conversation, according to a person in attendance.
watch now

Good luck trying to find who’s behind the service. On TeaTV’s website, there’s no detail about where the company is located, or if it’s even a company at all. There’s no location or phone number provided, no individual’s name included and the only contact information is a Gmail address. (CNBC reached out and didn’t get a response.) The company does maintain an active Twitter profile, where it shares new releases and helps troubleshoot problems.

TeaTV isn’t alone. Apps and websites providing pirated content proliferate at a pace that experts say make the problem difficult to manage. Those trying to take down the sites find themselves in a game of “whack-a-mole.” Meanwhile, the digital content supply chain is so complex that it can be a challenge to keep track of where and why the ads are surfacing.

In the rapidly expanding and hypercompetitive world of content streaming, the industry is getting hammered by fraud. CreativeFuture, an advocacy organization that aims to combat content theft and protect intellectual property, citing a U.S. Chamber of Commerce figure says $29.2 billion is lost in the U.S. economy each year to global online piracy. That’s a huge chunk of change considering the total digital ad spending market worldwide is expected to reach $333.3 billion this year, according to eMarketer.

Cesar Fishman, a senior vice president at CreativeFuture, said the scammy sites pull in ads from legitimate brands both to generate revenue and to make their service appear legitimate.

“All you need is a server in some undisclosed location where you store all this stuff, and you mask your IP address so you don’t get taken down,” said Fishman. “Your overhead is peanuts.”

There’s plenty of finger-pointing going on. Some in the industry argue that ad-tech players aren’t scrupulous enough about where ads can be placed, and others suggest that brands need to more clearly lay out which sites are acceptable and unacceptable for showing their ads. And some say the entire digital advertising ecosystem in its sprawling state makes it nearly impossible to expect safety.

Augustine Fou, an independent ad fraud researcher and consultant, said despite the industry’s supposed concern about having ads show up next to pirated and other content, the problem has just intensified.

“It is clear that despite industry trade bodies’ talk at conferences and brand safety tech that advertisers have paid for for years, the problem of ads supporting piracy, porn, child abuse and hate has only gotten worse,” he said. “And more dollars are at stake than ever before because digital ad dollars are at their highest point ever.”

Asked why the advertising could still be so pervasive even after the TeaTV issue was brought up at that meeting in New York, Mike Zaneis, CEO of the Trustworthy Accountability Group, or TAG, said the industry is making substantial progress but that piracy is a problem that will never be completely fixed. TAG says it works to eliminate fraud, malware and piracy in advertising but has also been the recent subject of criticism for its strategies to combat issues like this.

“We’re not perfect,” Zaneis told CNBC. “We’re never going to be perfect. We just want to solve as much of the problem as we can.”

The supply chain

One tool that’s supposed to help make the supply chain more transparent is a file called “ads.txt,” which was created by the IAB Tech Lab, a nonprofit research and development consortium. It gives publishers and distributors working in the programmatic ad universe a way to declare who is authorized to sell their inventory.

This tool wasn’t built to prevent piracy specifically but to help combat issues such as the sale of counterfeit inventory, where someone pretends to be selling inventory on a site and is actually putting it somewhere else, like a porn site or other scammy location. But it does give some clues about who could be monetizing TeaTV.

TeaTV’s “ads.txt” until recently claimed inventory on its site was being sold by a variety of “sellers” and “resellers,” listing AT&T’s Appnexus, Google and OpenX as well as lesser-known players such as Vidoomy or Beachfront. The file also claimed TeaTV was working with Opt Ad 360, a Polish company that helps publishers manage ads and generate revenue.

An “ads.txt” is not always accurate. Publishers can hypothetically copy the contents or parts of an “ads.txt” file from another site and hope no one notices. Sam Tingleff, the IAB Tech Lab’s chief technology officer, said this can help a site appear more legitimate to attract advertising. When contacted by CNBC, many of these companies said that was the case.

But at least some of these companies listed on TeaTV’s “ads.txt” played a role in having ads appear on the site, where TeaTV’s various apps can be downloaded.

For instance, Adform said the site had “slipped through a very small loophole” and saw a “total of less than 10 euros transacted before we shut it down” after being contacted by CNBC.

Opt Ad 360 said in an email that it stopped its cooperation with TeaTV after a review prompted by a CNBC inquiry and asked to be removed from its “ads.txt” file. Opt Ad 360 appears on a list of sellers for AppNexus as an intermediary. Another seller that TeaTV claimed to be working with recently, Bebi, didn’t respond to requests for comment.

As of last month, Google was receiving supply from Opt Ad 360, which was in turn receiving supply from TeaTV, according to an inventory quality manager at an ad-tech platform who asked not to be named because of the company’s professional relationships. He said that supply was available to buy, and that if it had been blocked it wouldn’t have been showing bid requests.

Google was not running auctions on the site a short time later, according to Ratko Vidakovic, of ad tech consultancy AdProfs, who reviewed the auction activity in September for CNBC.

Google wouldn’t comment on the specific situation, but a spokeswoman said when the sub-account of a partner is violating its policies, it will take action on that sub-account. The company said its policies prohibit running ads against pirated content.

“We regularly review sites for policy compliance, and have thousands of people dedicated to protecting our ads systems and safeguarding our advertisers’ brands,” a Google spokeswoman said. “If we find a page or website that violates our policies, we take immediate action.”

OpenX said it officially banned TeaTV in September, but prior to that claimed it hadn’t made money from the site. AppNexus declined to comment. Vidakovic and the other inventory manager both said they were able to see from a demand-side platform, which lets ad buyers manage their ad exchange accounts, that AppNexus was running auctions for the site as of September, though it wasn’t clear how many of those actually ended up with ads being served. As of earlier this month, Vidakovic said AppNexus was no longer running the auctions.

There’s a version of “ads.txt” that’s specific to apps, but TeaTV didn’t appear to have one set up. However, CNBC viewed ads on TeaTV’s app that claimed to be coming from mobile ad companies such as Vungle, StartApp, Unity Ads, AdColony, IronSource, Tapjoy and more. Vungle’s spokesperson said TeaTV wasn’t a customer and was investigating the presence of ads on the app. AdColony acknowledged a “limited number” of its ads were served “via a non-direct supply source” and said it took immediate action to halt exposure after being contacted by CNBC.

Unity Ads, which showed ads for advertisers including Pandora, was contacted by CNBC in September and was still showing ads this week. The company declined to comment on the record.

The other companies didn’t respond to requests for comment.

On mobile apps, advertisers can sometimes become plugged into the ecosystem when fraudsters use a legitimate app as a Trojan horse to get inside an app that later becomes criminal, said Rachel Nyswander Thomas, COO of TAG. She said a developer can build an innocuous app and use standard approaches to start to work with advertising companies. Once those relationships are in place, the developer can rebuild the app to contain pirated content, yet the ads remain, she said.

“It’s not that these legitimate companies are working with a criminal entity,” said Thomas.

What this all means about the ecosystem

With industry initiatives such as “ads.txt,” the IAB Tech Lab’s hopes are for more transparency and more safety in the programmatic ecosystem. Tingleff said the cooperation of the industry will mean a “safer, more secure environment for advertisers and a better experience for all of us.”

But as long as the confusing web of online ad sellers continues to operate, this kind of activity is hard to prevent. Even though the system has antibodies to detect sites like this, Vidakovic said that behavior tends to be reactive instead of proactive. He noted that initiatives such as MediaMath’s new “Source” project, which aims to bring transparency to the supply chain, could be the kind of thing that would help.

For now, services such as TeaTV are making money ripping movies like “Joker,” because consumers can just download a free app and hit “play” instead of coughing up the $15 to see it in a theater or to stream it legitimately. Dozens of YouTube videos promise to teach people how to watch TeaTV using their Amazon Fire Stick so they can watch on their televisions (the app also lets users cast videos to a connected screen).

And every day, consumers share on Twitter how they’ve watched shows or movies on TeaTV because they can’t — or don’t want to — watch legitimately.

Ironically, what might turn them off is all the ads.

“Don’t know about anyone else but i’m beginning to want to switch off from TeaTV out of sheer frustration with the amount of ads which are littering this app,” one Twitter user shared in early October.
https://www.cnbc.com/2019/10/20/netf...her-sites.html





The U.S. Department of Justice Warns of the Dangers of Advanced Piracy
Bill Toulas

• The U.S. DOJ warns that piracy is starting to get out of hand, due to advanced technological tools.
• Piracy has gone from individual small-scale infringements to massive illicit content sharing operations.
• The DOJ doesn’t think the law will ever be adequate, so they call for a focus on chasing the big players.

The U.S. Department of Justice (DOJ) issued a warning, analyzing the rising threat of advanced pirating streaming services. The warning focuses on how the sophisticated tools that are quickly becoming available to a broader audience are generating millions of dollars in illegal profits for criminal groups. As the DOJ points out, a decade ago, the piracy scene was a lot different than what it has grown to become today. Back then, individual downloads weren’t causing such a rip on so many different levels in the system.

The DOJ points to BitTorrent and describes how peer to peer networks remain a huge and unresolved problem for copyright holders and the legitimate media distribution platforms. As the Assistant Attorney General, Brian A. Benczkowski points out: “Copyright pirates have moved from peddling individual copies of movies, music, and software on street corners or offering individual downloads online, to operating technologically advanced, multi-national streaming services that generate millions of dollars in illicit profits. One of the services – known as Jetflicks – allegedly obtained infringing television programs by using sophisticated computer scripts to scour pirate websites around the world and collect the television shows.”

The issue for the DOJ is that piracy has broken from its “small-scale” shell and is now taking place at humongous scales. Possibly, the DOJ fears that if nothing is done to stop it at this point, the consequences of having it grow further will be both unpredictable and non-manageable. So, what are they planning to do about it? According to Benczkowski, the plan is to continue to pursue “high-impact” cases that will help deter the pirating community from intensifying their activities in general. The spokesman calls for the strengthening of international collaborations against “the worst actors,” which is something that we are already witnessing through ACE.

But the laws need to be amended too according to the warning, as the existing ones are deemed inadequate. The DOJ representative claims that smart criminals always consider the existing legal context and try to find ways to avoid serious repercussions. The legal context is always one step behind, trying to catch up with technological developments. Right now, we could say that it is multiple steps behind, and Benczkowski stated that law enforcement will never be in a position to solve IP crime problems solely through prosecution.
https://www.technadu.com/us-justice-...dangers/84503/





Why Microsoft and Warner Bros. Archived the Original ‘Superman’ Movie on a Futuristic Glass Disc (EXCLUSIVE)
Janko Roettgers

Microsoft has teamed up with Warner Bros. to store a copy of the 1978 movie “Superman” on a small glass disc about the size of a coaster. The collaboration, which will be officially unveiled at Microsoft’s Ignite 2019 conference in Orlando, Florida Monday, is a first test case for a new storage technology that could eventually help safeguard Hollywood’s movies and TV shows, as well as many other forms of data, for centuries to come.

“Glass has a very, very long lifetime,” said Microsoft Research principal researcher Ant Rowstron in a recent conversation with Variety. “Thousands of years.”

The piece of silica glass storing the 1978 “Superman” movie, measuring 7.5 cm x 7.5 cm x 2 mm. The glass contains 75.6 GB of data plus error redundancy codes.

Microsoft began to investigate glass as a storage medium in 2016 in partnership with the University of Southampton Optoelectonics Research Centre. The goal of these efforts, dubbed “Project Silica,” is to find a new storage medium optimized for what industry insiders like to call cold data — the type of data you likely won’t need to access for months, years, or even decades. It’s data that doesn’t need to sit on a server, ready to be used 24/7, but that is kept in a vault, away from anything that could corrupt it.

Turns out that Warner Bros. has quite a bit of this kind of cold data. Founded in the 1920s, the studio has been safekeeping original celluloid film reels, audio from 1940s radio shows and much more, for decades. Think classics like “Casablanca,” “The Wizard of Oz” or “Looney Tunes” cartoons.

Warner Bros. stores film in cold storage vaults, where temperature and humidity are tightly controlled and air sniffers look for signs of chemical decomposition that could signal problems

“Our mission is to preserve those original assets in perpetuity,” said Brad Collar, who is leading these efforts at Warner Bros. as the studio’s senior vice president of global archives and media engineering. And while the studio is deeply invested in these classics, it also keeps adding an ever-increasing number of modern assets to its archives, ranging from digitally-shot films and television episodes to newer forms of entertainment, including video games.

To date, the Warner Bros. archive contains some 20 million assets, with tens of thousands of new items being added every year. Each of them is being stored in multiple locations, explained Collar. “We want to have more than one copy.”

And to this date, Warner Bros. is storing most of its movies and TV shows on film, even if they’re being shot digitally. For archival purposes, the studio splits a film into its YCM color components, resulting in three distinct copies that are then written on black-and-white film. The results are being stored away in a cold vault, which is kept between 35 and 45 degrees Fahrenheit.

Hollywood studios have been storing films like this for decades, explained Collar. “This process is tried and true.” And it works: When Warner Bros. recently decided to reissue “The Wizard of Oz” in 4K, employees just had to go back into the studio’s vault, retrieve those 3 color-isolated copies, digitize each, and reassemble them to the color master copy. “It is an evolved process,” said Collar.

However, the process doesn’t work for all kinds of assets. Video games, for instance, need to be stored digitally. Light field video captures, holograms, or whatever else the future may hold for next-generation entertainment, will likely also require different solutions. And with recent visual improvements like 4K and HDR, there is an ever-increasing need for petabytes of storage, said Warner Bros. chief technology officer Vicky Colf. “It’s the quality of the content that we are dealing with.”

The studio has been researching novel storage solutions for some time. When Collar first heard about Microsoft’s Project Silica, he was instantly intrigued. After all, the idea to store media on glass sounded awfully familiar: Collar had stumbled across old audio recordings in Warner’s archives a while back, which were being stored on glass discs slightly larger than regular vinyl records.

His team had to first find special players to access the recordings, but was then able to digitize them, unlocking a “Superman” radio play from the 1940s. So when the Warner started talking to Microsoft about collaborating on Project Silica, it was immediately clear that “Superman” was the right film to store on glass. Said Collar: “It’s a beautiful full circle.”

But Microsoft’s approach is based on very different technology than what was used by 1940s-era archivists. Project Silica relies on lasers similar to those used for Lasik eye surgeries to burn small geometrical shapes, also known as voxels, into the glass. “We can encode multiple bits in each voxel,” explained Rowstron. And unlike traditional optical media like CDs or DVDs, Project Silica actually encodes data in multiple layers. Microsoft used 74 such layers to capture “Superman” in glass, but has since advanced the technology to add many more layers.

Once data is stored this way, it can be accessed by shining light through the glass disc, and capturing it with microscope-like readers. In fact, in Project Silica’s early days, the company simply bought off-the-shelf microscopes for this process, which also benefits from machine learning to make sense of the captured light.

The process of storing and accessing data with Project Silica is still in early stages, but it works: After burning the copy of “Superman,” Collar’s team checked to make sure the data was not corrupted. “We did a bit-by-bit check,” he said. The result: The movie was there, safe for future generations. “We have that glass now here in our vaults,” he said.

Microsoft Project Silica senior optical scientist Patrick Anderson loads the system that writes data onto glass using lasers that are similar to those used in Lasik surgeries.

Microsoft also did extensive tests to make sure that Project Silica storage media didn’t easily damage. “We baked it in very, very hot ovens,” said Rowstron. His team submerged the glass in boiling water, microwaved it, and even scratched it with steel wool — all without any damage to the stored data. Sure, it is breakable if you try hard enough, admitted Rowstron. “If you take a hammer to it, you can smash glass.” But absent of such brute force, the medium promises to be very, very safe, he argued: “I feel very confident in it.”

And while Microsoft partnered with Warner Bros. for this first proof-of-concept, the use cases for Project Silica may ultimately extend far beyond Hollywood. Other known examples for cold data include medical data and banking information, explained Rowstron, adding that many other applications may not even be known yet.

To illustrate the potential, Rowstron referenced the way consumers used to treat photos taken on their phones. A few years ago, before cloud storage became ubiquitous, a consumer may have taken a burst of photos of one motive, and then deleted all but one of those pictures. Fast forward a few years, and machine learning algorithms have gotten really good at combining these burst photo sequences, and turning them into better-looking composite images. “There is a lot of value to keep data around,” Rowstron said.

This also explains why Microsoft is interested in storage solutions like Project Silica to begin with. The company’s own Azure cloud business already safekeeps vast amounts of data for its customers, including both “hot,” frequently accessed data, as well as “cold” data. For some of its long-term storage needs, Azure still uses tape, which frequently has to be checked, and even re-copied, to maintain data integrity. Glass could one day be a more secure solution to safekeep data for the company and its customers.

Warner Bros. isn’t expected to replace its existing archival strategy entirely with glass any time soon, said Colf. “It’s just another arrow in our quiver,” she said. “We hope that film is an option for us for many years to come.”

There is also still a lot of work to be done before Project Silica can become a real product. Read- and write-operations need to be unified in a single device, and the amount of data stored on one piece of glass needs to increase. Microsoft isn’t revealing how much it has been able to squeeze onto the latest generations of the medium, but it is apparently not in the terabyte range just yet. Still, Rowstron is confident that Project Silica will lead to a break-through in storage technology. “I believe the future is glass,” he said.
https://variety.com/2019/film/news/p...ft-1203390459/





Shocker: ISPs Cut Back 2020 Investment Despite Tax Breaks, Death Of Net Neutrality
Karl Bode

Why it's almost as if you can't take telecom giants (and their lawyers, consultants, and political allies) seriously.

If you recall, the broadband industry and the Trump FCC repeatedly proclaimed that modest consumer protections like net neutrality had dramatically stifled telecom sector investment, and were we to ease regulatory oversight of giants like AT&T and Verizon, it would result in a wave of new sector investment the likes of which we'd never seen before. Ignore the fact that data routinely disproved this claim; this "net neutrality stifled investment" claim was made almost daily by the telecom sector and the wide variety of mouthpieces paid (one way or another) to support them.

Funny thing about that. Despite just having received billions in tax breaks and regulatory favors, AT&T, Comcast, and Charter are all slated to lower their CAPEX and network investment significantly in 2020. Others 2020 CAPEX projections, like Verizon, were entirely flat. This static or reduced investment arrives despite the slow but steady deployment of 5G, the accelerated deployment of which was also a big cornerstone of the net neutrality repeal's justification:

"Comcast and Charter missed 3Q expectations for capex and guided 2019 lower than previously planned," wrote the analysts at Nomura's Instinet in a recent note to investors. "We have lowered our combined 2019 capex forecast for Comcast and Charter from $14.6 billion to $14.2 billion."

And AT&T...surprised Wall Street analysts with a significantly lower-than-expected capex for 2020. The operator said it expects to spend around $20 billion on capex next year, which is way down from the $23 billion it expects to spend this year and the $22 billion that most Wall Street analysts had expected AT&T to spend in 2020."

Fewer jobs, higher prices, and lower investment was not what we were promised. It's the precise opposite of what the endless parade of telecom-linked think tankers, academics, consultants, and other hired mouthpieces claimed would happen. And it's certainly not what Ajit Pai said would happen when he recently told Congress net neutrality had a disastrous impact on sector investment, despite the fact that biggest study of its kind on the subject ever undertaken just last month showed that net neutrality had no meaningful impact on broadband investment levels whatsoever.

It's simply no longer debatable, and it's fairly telling to see which groups and individuals are still trying to push this line of debunked detritus.

Granted this is a con AT&T has been running on the American public for decades now. The company will proclaim that immense broadband deployment and employment gains can be made if the government just lobotomizes itself and does whatever AT&T is demanding at the moment (lower tax rate, fewer regulations, new regulations AT&T supports, merger approval, etc.). When the government inevitably follows through, AT&T's promises then mysteriously disappear. And like Lucy and Charlie Brown football, nobody in the US seems particularly interested in learning from the experience.
https://www.techdirt.com/articles/20...utrality.shtml





AT&T Fined $60 Million for Throttling ‘Unlimited’ Data Plans
Unlimited should mean unlimited!
Makena Kelly

On Tuesday, the Federal Trade Commission announced that AT&T will pay $60 million to settle a case with the agency. It alleges that the company lied to customers about its “unlimited” data plans because it throttled their data if they ever went over a certain threshold.

The settlement requires AT&T to deposit that $60 million into a fund that will be used to provide “partial refunds” to customers who signed up for unlimited data plans before the year 2011 (when the company’s throttling policy first went into effect). The company is also barred from marketing plans off of their suggested speed or amount of data without disclosing any restrictions those plans may have.

“For example,” the FTC writes, “if an AT&T website advertises a data plan as unlimited, but AT&T may slow speeds after consumers reach a certain data cap, AT&T must prominently and clearly disclose those restrictions.”
"“The issue here is simple: ‘unlimited’ means unlimited”"

Tuesday’s settlement resolves a 2014 lawsuit from the FTC. At the time, the agency filed a complaint alleging that AT&T misled consumers over its data plans and how much data they would be allotted each month before having their access slowed down. “AT&T promised its customers ‘unlimited’ data, and in many instances, it has failed to deliver on that promise,” said former FTC Chairwoman Edith Ramirez back in 2014. “The issue here is simple: ‘unlimited’ means unlimited.”

“Even though it has been years since we applied this network management tool in the way described by the FTC, we believe this is in the best interests of consumers,” an AT&T spokesperson told The Verge.

In the summer of 2015, the Federal Communications Commission fined AT&T $100 million for similar deceptive marketing practices involving its data plans. According to the FCC, the agency received thousands of consumer complaints that led them to investigate the throttling allegations.

“AT&T promised unlimited data—without qualification—and failed to deliver on that promise,” Andrew Smith, the FTC’s Bureau of Consumer Protection director said in a statement. “While it seems obvious, it bears repeating that Internet providers must tell people about any restrictions on the speed or amount of data promised.”
https://www.theverge.com/2019/11/5/2...ake-throttling





ISPs Lied to Congress to Spread Confusion about Encrypted DNS, Mozilla Says

ISPs lobby against DNS encryption, but Mozilla tells Congress not to trust them.
Jon Brodkin

Mozilla is urging Congress to reject the broadband industry's lobbying campaign against encrypted DNS in Firefox and Chrome.

The Internet providers' fight against this privacy feature raises questions about how they use broadband customers' Web-browsing data, Mozilla wrote in a letter sent today to the chairs and ranking members of three House of Representatives committees. Mozilla also said that Internet providers have been giving inaccurate information to lawmakers and urged Congress to "publicly probe current ISP data collection and use policies."

DNS over HTTPS helps keep eavesdroppers from seeing what DNS lookups your browser is making. This can make it more difficult for ISPs or other third parties to monitor what websites you visit.

"Unsurprisingly, our work on DoH [DNS over HTTPS] has prompted a campaign to forestall these privacy and security protections, as demonstrated by the recent letter to Congress from major telecommunications associations. That letter contained a number of factual inaccuracies," Mozilla Senior Director of Trust and Security Marshall Erwin wrote.

This part of Erwin's letter referred to an Ars article in which we examined the ISPs' claims, which center largely around Google's plans for Chrome. The broadband industry claimed that Google plans to automatically switch Chrome users to its own DNS service, but that's not what Google says it is doing. Google's publicly announced plan is to "check if the user's current DNS provider is among a list of DoH-compatible providers, and upgrade to the equivalent DoH service from the same provider." If the user-selected DNS service is not on that list, Chrome would make no changes for that user.

ISPs complain about “a plan that doesn’t exist”

Mozilla actually is planning to switch Firefox users to a different DNS provider by default, specifically Cloudflare's encrypted DNS service. But ISPs are apparently less concerned about Firefox than Chrome because of Firefox's smaller market share.

In addition to the broadband-industry letter to Congress, Comcast has been giving members of Congress a lobbying presentation that claims the encrypted-DNS plan would "centraliz[e] a majority of worldwide DNS data with Google" and "give one provider control of Internet traffic routing and vast amounts of new data about consumers and competitors." Comcast and other ISPs are urging Congress to intervene.

But a number of the arguments ISPs made to lawmakers are "premised on a plan that doesn't exist," Erwin told Ars last week, referring to the ISPs' claims about Google.

"The focus of the lobbying effort has been on using Google as a boogeyman, given a lot of the antitrust concerns that exist today, to drive a lot of uncertainty about the potential implications of DNS over HTTPS," Erwin said.

Mozilla's letter to Congress said the ISP lobbying against encrypted DNS amounts to telecom associations "explicitly arguing that ISPs need to be in a position to collect and monetize users' data. This is inconsistent with arguments made just two years earlier regarding whether privacy rules were needed to govern ISP data use."

Mozilla was referring to ISPs lobbying Congress to kill broadband privacy rules in 2017. The federal government's decision to eliminate privacy rules at the broadband industry's request means that home and mobile Internet providers are not prohibited from using customers' browsing histories to sell targeted ads or from sharing customers' browsing histories with third parties.

Mozilla cites ISPs’ history of abusing data

ISPs have consistently claimed such rules aren't necessary because they aren't violating users' privacy. But their objections to DNS over HTTPS "has raised questions about how ISPs collect and use sensitive user data in their gatekeeper role over Internet usage," Mozilla told Congress. Mozilla said it believes the privacy upgrade has "become necessary to protect users in light of the extensive record of ISP abuse of personal data."

That ISP abuse includes mobile providers selling real-time location data "to third parties without user knowledge or meaningful consent;" ISPs such as Comcast "manipulat[ing] DNS to serve advertisements to consumers;" Verizon's use of "supercookies" to track Internet activity; and AT&T charging customers an extra $29 per month to avoid "the collection and monetization of their browsing history for targeted ads," Mozilla told Congress.

Web users are tracked by Google, Facebook, and other advertising companies, of course. ISPs, though, have "privileged access" to users' browsing histories because they act as the gateway to the Internet, Erwin said to Ars.

There is already "remarkably sophisticated micro-targeting across the Web," and "we don't want to see that business model duplicated in the middle of the network," he said. "We think it's just a mistake to use DNS for those purposes."

Mozilla’s plan for Firefox

When Mozilla's plan is implemented, Firefox users will be automatically switched to a DNS provider that uses encrypted DNS and has a strong privacy policy. So far, Cloudflare is the only such provider that Mozilla is working with. Erwin said Cloudflare's privacy policy is "best in class" but said Mozilla is trying to bring on other "trusted" providers to give users a choice of which encrypted DNS service to use.

Mozilla is rolling encrypted DNS out to a small percentage of its user base for testing and intends to deploy it to all users in the US later on. The browser will notify users when encrypted DNS is turned on and provide a method for opting out, Erwin said. Users who don't want to wait can already opt in to DNS over HTTPS by following these instructions.

"We think the default approach is the right one because consumers don't have the technical sophistication or even the time to make an opt-in decision on something like this," Erwin told Ars. "We think it's the appropriate role for the browser to set a strong privacy default."

Firefox won't automatically enable encrypted DNS in some cases, however. When Firefox detects parental controls, it will leave the user's existing DNS service in place, Erwin said. Firefox will also leave the existing DNS service in place for certain business users.

"Firefox will detect whether enterprise policies have been set on the device and will disable DoH in those circumstances. If an enterprise policy explicitly enables DoH, which we think would be awesome, we will also respect that," Mozilla said in an announcement in September.

Mozilla answers other questions about how DNS over HTTPS will work in Firefox in this FAQ.

Mozilla has established specific policy requirements that DNS providers have to meet to earn a spot in Firefox's encrypted-DNS program. For example, DNS resolvers must delete data that could identify users within 24 hours and only use that data "for the purpose of operating the service." Providers also "must not retain, sell, or transfer to any third party (except as may be required by law) any personal information, IP addresses or other user identifiers, or user query patterns from the DNS queries sent from the Firefox browser."

Mozilla's policy also forbids blocking or filtering content except when authorized by users or required by law. Mozilla further requires a public privacy notice that details the DNS provider's data-retention practices as well as annual transparency reports that document how the DNS provider "will handle law enforcement requests for user data and that documents the types and number of requests received and answered, except to the extent such disclosure is prohibited by law."

Mozilla's letter to Congress said that "ISPs often do not maintain privacy notices for their DNS services," so "it is unclear what data is being retained, how it is being used, or who it is being shared with." (Comcast said last month that it does not track its broadband users' Web-browsing histories and that it deletes DNS queries generated by its Internet customers every 24 hours.)

Because there's so little regulation of broadband providers' privacy practices, Mozilla says it is up to browser makers to protect users. "Our approach with DoH attempts to close part of this regulatory gap through technology and strong legal protections for user privacy," Erwin wrote in the letter to Congress. But he urged Congress to act, too, writing that "to truly protect privacy, a combination of technical and regulatory solutions must be put in place."
https://arstechnica.com/tech-policy/...-mozilla-says/





What Poses a Greater Privacy Threat Than Facebook? Spyware

WhatsApp’s lawsuit against the spyware company NSO Group is a smart move for Facebook and an important defense of privacy and civil liberties.
Josephine Wolff

Facebook is under fierce scrutiny for its decisions about political advertisements and consumer privacy, and its foray into developing a new cryptocurrency. So it makes sense that the company would try to drum up a little positive publicity and remind people that there are tech firms out there that pose much greater threats to privacy, democracy and civil liberties.

Whatever you may think of Facebook, the Israeli spyware company known as the NSO Group — whose products have been used to compromise devices belonging to lawyers, dissidents, journalists and diplomats around the world — is inarguably worse. So the decision by Facebook-owned WhatsApp to sue the NSO Group for compromising the mobile phones of WhatsApp users is a brilliant publicity move, casting Facebook as a staunch defender of its users’ privacy and a champion of internet freedom. Public-image rehabilitation aside, however, the lawsuit is also a genuine step forward for drawing attention to the spyware market and the need for stricter regulation of private surveillance companies like NSO.

Founded in 2010, the NSO Group sells a surveillance program called Pegasus that, in the company’s words, “enables law enforcement and intelligence agencies to remotely and covertly extract valuable intelligence from virtually any mobile device.” While NSO insists it does business only with government customers, it does not disclose which governments it works with and has repeatedly come under fire for targeting human rights activists and journalists — including at least one close confidant and colleague of Jamal Khashoggi, the Washington Post columnist who was assassinated in the Saudi consulate in Istanbul in 2018.

After Mr. Khashoggi’s assassination, one of his friends, Saudi dissident Omar Abdulaziz, filed a lawsuit charging the NSO Group with helping Saudi Arabia spy on his communications with Mr. Khashoggi. A slew of other lawsuits against NSO, including one filed this year by Amnesty International, have levied similar allegations that the company’s tools are used to surveil not just criminals and terrorists, as NSO insists, but also activists, journalists and dissidents. Those charges are backed up by a series of thoroughly researched reports published over the past three years by the University of Toronto’s CitizenLab tracing Pegasus to 45 countries and cataloging the ways the NSO Group enabled surveillance of Mr. Khashoggi, supporters of a proposed soda tax in Mexico, a human-rights activist in the United Arab Emirates and others.

But none of the researchers or activists who have gone up against the NSO Group in the past few years have had anything close to the reach or resources of Facebook. That doesn’t mean that WhatsApp will necessarily triumph in its lawsuit, which alleges that between April 29 and May 10 of this year, the NSO Group used WhatsApp to compromise roughly 1,400 mobile phones belonging to users in several countries, including Bahrain, the United Arab Emirates and Mexico. In fact, WhatsApp may have an uphill legal battle ahead especially given that part of its case rests on the Computer Fraud and Abuse Act, which makes it illegal to tap into computers without authorization, and that the devices that were compromised by NSO belong to WhatsApp users, not WhatsApp itself.

WhatsApp does its best to argue that NSO gained access to its own signaling and relay servers without authorization in the process of contacting WhatsApp users, but this is a dicey interpretation of the Computer Fraud and Abuse Act, akin to arguing that you need Google’s permission to send an email to a Gmail user through Google’s servers. And the lawsuit’s claims that the NSO Group’s operations “burdened” WhatsApp’s networks and injured the company’s “reputation, public trust, and good will” are unlikely to carry much weight — especially since many fewer people would have been aware of the Pegasus compromises had WhatsApp not publicized them in this suit.

But whether or not Facebook wins its case against the NSO Group, it’s doing an important service by bringing it in the first place. Just as the United States Department of Justice has filed a series of indictments against Chinese, Iranian and Russian hackers intended to “name and shame” the perpetrators even if they never stand trial and shed light on exactly how they operate, the Facebook lawsuit describes in detail how the NSO Group was able to compromise the phones of WhatsApp users even if those users never actually answered a call, clicked on a link or downloaded a file. The lawsuit lays out not just how NSO exploited WhatsApp software to compromise user phones, but also the underlying technical architecture that the NSO Group and its clients rely on to carry out their surveillance campaigns. For instance, the lawsuit identifies the operators of the malicious servers used by the NSO Group to distribute their spyware to WhatsApp user phones. According to the complaint, these servers were leased by NSO from Choopa, Quadranet and Amazon Web Services, three American-based companies.

Ideally, WhatsApp’s very public salvo against the NSO Group will garner enough attention to shame those companies into more carefully vetting their customers and cutting ties with clients that are using their infrastructure to distribute spyware. Even more important, the lawsuit could draw regulators’ attention to the NSO Group, as well as the larger problem of private firms’ hawking spyware programs like Pegasus that undermine the security and privacy of consumer devices. Recent reports that the NSO Group used WhatsApp to compromise senior government officials in multiple United States-allied countries may also help generate interest among lawmakers.

The Israeli government has, so far, stood behind the NSO Group and declined to revoke its export license, despite the best efforts of Amnesty International. But the United States and its allies should be leaning hard on the Israeli Ministry of Defense to reconsider this decision in light of how Pegasus is being used. Britain should also consider whether it can bring any pressure to bear on Novalpina Capital, the British private equity firm that purchased a majority stake in the NSO Group this year and promised a “significant enhancement of respect for human rights” at the company.

WhatsApp’s suing the NSO Group is, undoubtedly, a publicity ploy — but it’s also an important step forward for trying to stem the spread of corporate spyware across the globe by drawing attention to how it works, who is distributing it and who is helping prop up that industry by providing infrastructure or merely looking the other way. Whatever its motives, Facebook deserves some credit for refusing to be one of the many governments and tech companies that have chosen to quietly profit from the NSO Group’s business and tools. The United States and British governments would do well to follow suit.
https://www.nytimes.com/2019/11/06/o...group-spy.html





With a Laser, Researchers Say They Can Hack Alexa, Google Home or Siri

Researchers have found a way to take over voice-assisted devices like Apple’s Siri by shining a light at their microphones.
Nicole Perlroth

Since voice-controlled digital assistants were introduced a few years ago, security experts have fretted that systems like Apple’s Siri and Amazon’s Alexa were a privacy threat and could be easily hacked.

But the risk presented by a cleverly pointed light was probably not on anyone’s radar.

Researchers in Japan and at the University of Michigan said Monday that they had found a way to take over Google Home, Amazon’s Alexa or Apple’s Siri devices from hundreds of feet away by shining laser pointers, and even flashlights, at the devices’ microphones.

In one case, they said, they opened a garage door by shining a laser beam at a voice assistant that was connected to it. They also climbed 140 feet to the top of a bell tower at the University of Michigan and successfully controlled a Google Home device on the fourth floor of an office building 230 feet away. And by focusing their lasers using a telephoto lens, they said, they were able to hijack a voice assistant more than 350 feet away.

Opening the garage door was easy, the researchers said. With the light commands, the researchers could have hijacked any digital smart systems attached to the voice-controlled assistants.

They said they could have easily switched light switches on and off, made online purchases or opened a front door protected by a smart lock. They even could have remotely unlocked or started a car that was connected to the device.

“This opens up an entirely new class of vulnerabilities,” said Kevin Fu, an associate professor of electrical engineering and computer science at the University of Michigan. “It’s difficult to know how many products are affected, because this is so basic.”

The computer science and electrical engineering researchers — Takeshi Sugawara at the University of Electro-Communications in Japan and Mr. Fu, Daniel Genkin, Sara Rampazzi and Benjamin Cyr at the University of Michigan — released their findings in a paper on Monday.

Mr. Genkin was also one of the researchers responsible for discovering two major security flaws, known as Meltdown and Spectre, in the microprocessors inside nearly all the world’s computers last year. Shares of the chip-maker Intel briefly dropped 5 percent on news of their discovery.

The researchers, who studied the light flaw for seven months, said they had discovered that the microphones in the devices would respond to light as if it were sound. Inside each microphone is a small plate called a diaphragm that moves when sound hits it.

That movement can be replicated by focusing a laser or a flashlight at the diaphragm, which converts it into electric signals, they said. The rest of the system then responds the way it would to sound.

The researchers said they had notified Tesla, Ford, Amazon, Apple and Google to the light vulnerability. The companies all said they were studying the conclusions in the paper released on Monday.

The researchers said most microphones would need to be redesigned to remedy the problem. And simply covering the microphone with a piece of tape wouldn’t solve it. Mr. Fu said the microphones on several digital assistants had dirt shields that didn’t block their commands.

Security researchers have a long history of revealing stunning vulnerabilities in internet-connected devices. Experts have often cautioned that while those weaknesses can be surprising, they are often worst-case scenarios that can be exploited only in the rarest circumstances. And there is no clear indication that the light vulnerability detailed on Monday has been used by hackers.

This is not the first discovery of a surprising vulnerability in digital assistants. Researchers in China and the United States have demonstrated that they can send hidden commands that are undetectable to the human ear.

With a tsunami of internet-connected devices coming onto the market, however, the researchers said the discovery was a reminder to consumers to remain vigilant about security.

“This is the tip of the iceberg,” Mr. Fu said. “There is this wide gap between what computers are supposed to do and what they actually do. With the internet of things, they can do unadvertised behaviors, and this is just one example.”

An Amazon spokeswoman said that the company had not heard of anyone other than the researchers using the light-command hack, and that its digital assistant customers could rely on a few easy safety measures. For one, they can set up voice PINs for Alexa shopping or other sensitive smart-home requests. They can also use the mute button to disconnect power to the microphones.

There is also a common-sense solution to the light vulnerability: If you have a voice assistant in your home, keep it out of the line of sight from outside, Mr. Genkin said. “And don’t give it access to anything you don’t want someone else to access,” he added. https://www.nytimes.com/2019/11/04/t...aser-hack.html





Android Bug Lets Hackers Plant Malware Via NFC Beaming

All Android 8 (Oreo) or later devices are impacted. Google released a patch last month, in October 2019.
Catalin Cimpanu

Google patched last month an Android bug that can let hackers spread malware to a nearby phone via a little-known Android OS feature called NFC beaming.

NFC beaming works via an internal Android OS service known as Android Beam. This service allows an Android device to send data such as images, files, videos, or even apps, to another nearby device using NFC (Near-Field Communication) radio waves, as an alternative to WiFi or Bluetooth.

Typically, apps (APK files) sent via NFC beaming are stored on disk and a notification is shown on screen. The notification asks the device owner if he wants to allow the NFC service to install an app from an unknown source.

But, in January this year, a security researcher named Y. Shafranovich discovered that apps sent via NFC beaming on Android 8 (Oreo) or later versions would not show this prompt. Instead, the notification would allow the user to install the app with one tap, without any security warning.

While the lack of one prompt sounds unimportant, this is a major issue in Android's security model. Android devices aren't allowed to install apps from "unknown sources" -- as anything installed from outside the official Play Store is considered untrusted and unverified.

If users want to install an app from outside the Play Store, they have to visit the "Install apps from unknown sources" section of their Android OS and enable the feature.

Until Android 8, this "Install from unknown sources" option was a system-wide setting, the same for all apps. But, starting with Android 8, Google redesigned this mechanism into an app-based setting.

In modern Android versions, users can visit the "Install unknown apps" section in Android's security settings, and allow specific apps to install other apps. For example, in the image below, the Chrome and Dropbox Android apps are allowed to install apps, similar to the Play Store app, without being blocked.

The CVE-2019-2114 bug resided in the fact that the Android Beam app was also whitelisted, receiving the same level of trust as the official Play Store app.

Google said this wasn't meant to happen, as the Android Beam service was never meant as a way to install applications, but merely as a way to transfer data from device to device.

The October 2019 Android patches removed the Android Beam service from the OS whitelist of trusted sources.

However, many millions of users remain at risk. If users have the NFC service and the Android Beam service enabled, a nearby attacker could plant malware (malicious apps) on their phones.

Since there's no prompt for an install from an unknown source, tapping the notification starts the malicious app's installation. There's a danger that many users might misinterpret the message as coming from the Play Store, and install the app, thinking it's an update.

How to protect yourself

There are good news and bad news. The bad news is that the NFC feature is enabled by default on mostly all newly-sold devices. Many Android smartphone owners may not even be aware that NFC is enabled even right now.

The good news is that NFC connections are initiated only when two devices are put near each other at a distance of 4 cm (1.5 inches) or smaller. This means an attacker needs to get his phone really close to a victim's, something that may not always be possible.

To stay safe, any user can disable both the NFC feature and the Android Beam service.

If they use their Android phones as access cards, or as a contactless payment solutions, they can leave NFC enabled, but disable the Android Beam service -- see image below. This blocks NFC file beaming, but still allows other NFC operations.

So, there's no need to panic. Just disable Android Beam and NFC if you don't need them, or update your phone to receive the October 2019 security updates and continue using both NFC and Beam as usual.

A technical report on CVE-2019-2114 is available here.
https://www.zdnet.com/article/androi...a-nfc-beaming/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

November 2nd, October 26th, October 19th, October 12th,

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - November 24th, '12 JackSpratts Peer to Peer 0 21-11-12 09:20 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 02:34 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)