Peer-To-Peer News - The Week In Review - July 29th, ’23

[JackSpratts]

Since 2002































July 29th, 2023




69% of Russian Gamers are Pirating after Ukraine Invasion Pushback

Russian game development jobs also dry up after Russia's actions.

Kevin Purdy

Russian gamers were not introduced to piracy by the backlash to their country's invasion of Ukraine—far from it. But piracy is ramping up, and it likely won't back down any time soon.

That's the takeaway from a survey by Russian game development training platform School XYZ, covering the whole country and all game formats. Sixty-nine percent of gamers surveyed said they'd played at least one pirated game copy in 2022, while 51 percent said they're pirating more games now than they did in 2021.

Piracy as a whole may be up, but enthusiasm and motivations differ somewhat. Roughly 20 percent of those surveyed said they had pirated more than 10 games, and 27 percent had grabbed at least three in 2022. But 31 percent said they had pirated nothing, and nearly the same responded that they were opposed to piracy. And only 7 percent said they had not purchased anything through official channels, suggesting that 93 percent of surveyed Russian gamers, even admitted pirates, had bought at least something last year.

The survey (spotted by TorrentFreak) points to a widening of Russian game piracy, not necessarily a deepening. The Office of the US Trade Representative said back in 2013 that Russia was "dominating the field as the far-and-away leader in peer-to-peer piracy" of games. A 2019 survey by security firm ESET found that among 2,000 Russians, 91 percent preferred pirated content across mediums, that cracked games were the most popular pirated content, and that just 9 percent of respondents bought content exclusively from official sources. The survey did not cover those who both purchased and pirated content. [Update, 7:30pm 7/21: An ESET spokesperson tells Ars that the 2019 survey was conducted by ISET Softvea LLC, a Russian distributor with which ESET terminated its relationship after Russia's invasion of Ukraine.]

One reason Russian enthusiasm for piracy may be increasing is that there aren't many avenues left for legitimate content. After Ukraine called on all game companies to block Russian and Belorussian accounts in early March 2022, a large number followed through. CD Projekt Red was early to respond, followed soon after by Microsoft, then Ubisoft, Take-Two, EA, Activision, and Epic. Sony and Nintendo joined Microsoft soon after. This was compounded by MasterCard and Visa suspending services, then PayPal, while Google and Nintendo have also since shut off payments in their app stores.

Pushback and exits from Russia have hit game developers, too. Russian publication Kommersant (translated) suggests that, based on data from a Russian jobs site, vacancies at game developers in Russia decreased by almost 40 percent in the first half of 2022. A good number of those likely come from non-Russian-based studios departing after Russia's invasion of Ukraine.
https://arstechnica.com/gaming/2023/...sion-pushback/





People Are Pirating GPT-4 By Scraping Exposed API Keys

Why pay for $150,000 worth of OpenAI access when you could just steal it?
Joseph Cox

People on the Discord for the r/ChatGPT subreddit are advertising stolen OpenAI API tokens that have been scraped from other peoples’ code, according to chat logs, screenshots and interviews. People using the stolen API keys can then implement GPT-4 while racking up usage charges to the stolen OpenAI account.

In one case, someone has stolen access to a valuable OpenAI account with an upper limit of $150,000 worth of usage, and is now offering that access for free to other members, including via a website and a second dedicated Discord server. That server has more than 500 members.

People who want to use OpenAI's large language models like GPT-4 need to make an account with the company and associate a credit card with the account. OpenAI then gives them a unique API key which allows them to access OpenAI's tools. For example, an app developer can use code to implement ChatGPT or other language models in their app. The API key gives them access to those tools, and OpenAI charges a fee based on usage: “Remember that your API key is a secret! Do not share it with others or expose it in any client-side code (browsers, apps),” OpenAI warns users. If the key is stolen or exposed, anyone can start racking up charges on that person's account.

The method by which the pirate gained access highlights a security consideration that paying users of OpenAI need to consider. The person says they scraped a website that allows people to collaborate on coding projects, according to screenshots. In many cases, it appears likely the authors of code hosted on the site, called Replit, did not realize they had included their OpenAI API keys in their publicly accessible code, exposing them to third-parties.

“My acc [account] is still not banned after doing crazy shit like this,” the pirate, who goes by the handle Discodtehe, wrote in the r/ChatGPT Discord server Wednesday.

Do you know anything else about how people are maliciously using AI? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.

In the past few days, Discodtehe’s use of at least one stolen OpenAI API key appears to have ramped up. They shared multiple screenshots of the account usage increasing over time. One recent screenshot shows usage this month of $1,039.37 out of $150,000.

“If we have enough people they might not ban us all,” Discodtehe wrote on Wednesday.

Discodtehe appears to have been scraping exposed API keys for longer, though. In one Discord message from March, they wrote “the other day I scraped repl.it and found over 1000 working openai api keys.”

“I didn’t even do a full scrape, I only looked at about half of the results,” they added.

Replit is an online tool for writing code collaboratively. Users can make projects, what Replit calls “Repls,” which are public by default, Cecilia Ziniti, Replit’s general counsel and head of business development, told Motherboard in an email. Replit offers a mechanism for handling API keys called Secrets, Ziniti added.

“Some people accidentally do hard code tokens into their Repl's code, rather than storing them in Secrets. Ultimately, users are responsible for safeguarding their own tokens and should not be storing them in public code,” Ziniti said.

Ziniti said the company scans projects for popular API key types, such as those from Github. After being alerted to this new API key issue by Motherboard, Ziniti said “Going forward, Replit will be reviewing our token scanning system to ensure that users are warned about accidentally exposing ChatGPT tokens.”

“If we have enough people they might not ban us all.”

A ChatGPT community member told Motherboard that Discodtehe “should definitely stop.”

“This is a steadily growing industry and so of course there’ll be crime in it sooner or later, but I’m shocked at how quickly it’s become an issue. The theft of corporate accounts is bad for sure, but I’m personally more bothered about the way these guys are willing to rob regular people who posted their keys by mistake,” they added. Motherboard granted the person anonymity so they didn’t face retaliation from other community members.

Discodtehe went a step further than just scraping tokens. Another Discord server, called ChimeraGPT, is offering “free access to GPT-4 and GPT-3.5-turbo!,” according to chat logs viewed by Motherboard. Discodtehe said in another message that ChimeraGPT is using the same organization as the stolen API key discussed in the r/ChatGPT Discord server. Motherboard found a Github repository that recommends using ChimeraGPT for getting a free API key. At the time of writing this server has 531 members.

Discodtehe said in another message they also created a website where people can request free access to the OpenAI API. (Ironically, this site is also hosted on Replit; shortly before publication the site became inaccessible).

The site tells users to enter their email address, click on a link sent by OpenAI and accept the invite, set their default billing address to the organization “weeeeee” which Discodtehe appears to be using.

“enjoy free gpt-4 api access,” the website concludes. On Wednesday the organization linked to the OpenAI account had 27 members, according to one screenshot. By Thursday, that number had jumped to 40, according to another.

“My acc [account] is still not banned after doing crazy shit like this.”

Discodtehe did not respond to a request for comment. A manager of the r/ChatGPT Discord server called “Dawn” told Motherboard their volunteer mods can not check every project, and “we are issuing a ban on the user.”

An OpenAI spokesperson told Motherboard in an email that “We conduct automated scans of big open repositories and we revoke any OpenAI keys discovered. We advise that users not reveal their API key after they are generated. If users think their API key may have been exposed, we urge them to rotate their key immediately.”

The community member, however, said “I think OpenAI holds a little bit of culpability here for how their authentication process works too though.”

“You don’t hear about API access to Google Cloud accounts getting stolen like this because Google has better auth[entication] procedures. I hope OpenAI’s integration with Microsoft brings some better security for users going forward,” they said.

Discodtehe referred to the usage as “just borrowing” in another message. They wrote that the usage is “just quote, no bills have been paid yet.”

“In the end, OpenAI will likely foot the bill,” they said.

OpenAI did not immediately respond to a follow up question asking if it would foot the bill.
https://www.vice.com/en/article/93kk...penai-api-keys





Man Found Guilty of Child Porn, Because He Ran a Tor Exit Node (The Story of William Weber)
Sir Foxy

@William Weber has been a long-term LowEndTalk member, joining way back in 2011. A veteran you could say.

He’s a rather intelligent self-admitted high school dropout that loves his choice of drugs and guns… plus, he has a thing for operating in the grey area of the law.

That combination makes for a perfect storm… and that it did.

You see, William’s notoriety reaches further than just LowEndTalk… for a while, William was a bit of an Internet celebrity.

Way back in the early 2010s, William was directly responsible for an infamous Austrian court case revolving around Tor, specifically running Tor exit nodes.

It rang bells around the internet, particularly sites that revolve around hosting (like us!), torrenting, Tor, privacy, and beyond. Even reaching NBC news.

Why? Because it centered around child porn, and the moral argument that exists surrounding decentralized internet, plus, the people that help make that happen (running exit nodes).

Quite a bit of time has passed since this all went down, and it’s time this story gets revisited…

So, let’s take it from the top:

It All Starts With The Raid

(Austrian court order dated November 12th, 2012.)

Back in 2012, another LowEndTalk veteran named @joepie91 created a (now defunct) site simply titled: “Raided For Operating A Tor Exit Node,” revolving around the case.

It was only thanks to the WayBackMachine that I was able to get a bit of information surrounding the case from Joepie91’s old site.

Here’s how it all starts:

On Wednesday morning, around 10:00 AM local time, the apartment of the Austrian William Weber was raided by the Styrian Landeskriminalamt (LKA), a government agency, as a part of their investigation into a child pornography ring operating on/over the TOR anonymity network. During the raid, numerous computers and other electronic devices, as well as legal and registered firearms and some other items, were seized. William is likely to be charged with distribution and possible production of child pornography.

The TOR network, originally created by the United States Naval Research Laboratory, allows internet users to remain anonymous on the internet, and is used by journalists, activists, and military organizations around the world, to bypass censorship and communicate securely. To accomplish this, the network routes all traffic through a number of relay nodes before delivering the traffic to its final destination, making it infeasible to detect where the traffic originated from. William is the operator of several “exit nodes” (final hops) on the network, and this is an interview with him.

The site continues with an interview between @joepie91 and William:

What are your reasons for running a TOR node, and fighting this accusation?

I believe in freedom of information; I mainly run the exit nodes to make it possible for the not so privileged folks to have uncensored access to the internet, without fear of government prosecution. There are currently not many countries with a clear legal standpoint on TOR nodes. Some countries, like Germany, have complicated legal constructs regarding liability for software like TOR, but this only really applies to registered companies (such as the Telemediengesetz, the German telecommunications law). I’d like to establish a legal base – at least in Austria, and probably for the entire EU. Additionally, I was accused of sharing (and possibly producing) child pornography on a clearnet forum via an image hosting site that was probably tapped. If convicted, this could land me in jail for 6 to 10 years.

What hardware has been taken?

My colocated servers have not been taken, most likely as they are outside of EU jurisdiction (Liechtenstein, US, Hong Kong). It is of course possible that they are being wiretapped by now. The server running the exit node in question, was in Poland, and was already disabled since I moved to a different ISP. Only my flat was raided, which resulted in confiscation of around 20 computers (mainly barebone PCs, HP storage MicroServers and thin clients), external hard drives and USB thumbdrives, my main computer, gaming consoles, tablets (2 iPads) and my phones (Samsung Galaxy Note and a HTC PDA).

What was the raid like?

At 10AM, I was picked up at my workplace by the Styrian Landeskriminalamt (LKA), basically the Austrian equivalent of the FBI for local matters (state police). I was handed a copy of the court order for the search and confiscation of any computer-related hardware and storage media. Since I was not allowed to touch any computers anymore, I had to have a co-worker get me the phone number of the lawyer, who advised me not to say anything. My work laptop was confiscated, and the LKA brought me to my flat, where I had to allow them entry. If I refused, they would probably have forced open the door.

Seven LKA officers, two police offers, and a court-appointed expert witness started a search of the flat, without respecting my privacy or property whatsoever. Paper documents in a cupboard were read, and no care was taken of my cat (who I was allowed to lock into another room later). My storage cubes (HP MicroServers) were confiscated without any regard for the hardware – the power cords were simply ripped out / hard shutdown, instead of properly shutting them down by the operating system. My main PC was shut down normally, as far as i could determine. After finishing the search in my living room, they continued in my bedroom, where they confiscated my legal firearms, as well as my cable TV receiver, and my Xbox 360. Despite my statement that all firearms and ammunition were legally owned and registered, having passed all background checks, this was doubted by one of the LKA officers due to the caliber.

I was asked to open my safe, which I did, where more legal firearms were found (3 handguns), plus a few hundred Euros in cash, some rare coins, and around 3 grams of Hashish and 10 grams of Marijuana for personal use. After finding the drugs, I was asked where I purchased them, without explaining my rights. I replied that I did not wish to answer this question, and repeatedly stated that they were exclusively for personal use. The handguns and drugs were confiscated as a “Zufallsfund” (a German term for something that was not expected to be found during a search – a literal translation would be “coincidence find”). After this, I was allowed to lock my cat into the bathroom – which was either not searched, or searched without me noticing.

Some other things that were confiscated, were my pocket knife and a machete – both of which are fully legal to own under Austrian law. Larger and more threatening kitchen knives, however, did not get confiscated. I was not arrested and free to go after the search; I was however told by police that I had a temporary weapons ban for now, due to drug usage. One of the LKA officers informed me that I should show up for question at the LKA office in Graz, at 13:30 that day. I was also given her number, which was quite ironic, given they just confiscated my phones.

After the search finished, I first took care of my cat, who was extremely scared at that point, and then went to my bank to pick up an emergency phone and cash from a bank deposit box. These deposit boxes are explicitly protected under Austrian law. I used this money to purchase a new laptop. At this time, I was likely being followed by civil police on the street (who were under the impression I didn’t notice them), but they let me off after entering the bank building – again, probably because of laws preventing them from going any further.

Is it common for someone accused of such a crime not to be arrested immediately?

No, not as far as i know; I expected to be arrested as well, but seeing as they came to my workplace first, they don’t seem to have enough proof to even break into my flat by force. I do however expect that I am being monitored, it is possible that they are just waiting for me to contact someone regarding the raid.

What do you believe the legal consequences will be for drug possession?

In the best case, none, as I have no previous convictions, and I am not on probation. As the amount is very low, the sentence must be converted into 2 years of probation (§ 35 SMG). The only way around that would be convincing the judge that I sold them, but I believe that even in that case, it will most likely just be a fine and a probation due to the amount (approximately 4 grams of pure THC in total, I’d guess). The drugs are the least of my concerns right now.

Have you been in contact with the LKA? Have they contacted you since? Do you have any information from the lawyer, or any idea what’s going to happen next?

At 13:30, I showed up as appointed, at the LKAs Graz office. They let me wait outside for 20 minutes before someone finally escorted me to the officer in charge. Again, I was not immediately informed of my rights at this time.

I was handed two copies of the search warrant, with a list of confiscated items – one of them for my hardware, the other one for my guns and the drugs – which I agreed to sign. It was only at this time that I was informed of my right to consult a lawyer or to not say anything at all. I declined, as I had already gotten into contact with a lawyer before that. I, once again, told them where my firearms were purchased and that they were legal, and that the confiscated drugs were only for my personal use. I again declined to answer questions regarding the source of the drugs.

After this, I had them show me the offending IP address, which I identified as belonging to me in the specified timeframe. I explained that this was a TOR exit node under my control at this time. I attempted to explain what TOR is, and they appeared to be familiar with it, as the atmosphere suddenly became more friendly. They probably understood that it was very unlikely they had a child pornographer sitting in their office.

Some questions about my motives followed, which I attempted to answer – but this seemingly failed. I could not make them understand why I would “waste” resources and bandwidth (translating into money) to run a TOR node. I informed them that I was already contacted by the Polish police in May about this IP, regarding hacking attempts originating from it. Back then I had already explained to Polish police that this was a TOR exit node, and that no logfiles were held. After the report of hacking attempts, I shut down the TOR node on this server, but apparently this was too late and they were investigating (and/or wiretapping) already.

I was handed the interrogation transcript, which I agreed to sign after reading it. I was free to go, but again they failed to inform me of something of critical importance – that I was not allowed to leave the country without consent of police. I was informed of this by my boss later. This was quite a surprise and very annoying, as my family and girlfriend live in Slovenia, and I frequently visit them on weekends which is now much harder if not impossible in the next months.

The Raid Aftermath

After William is raided and accused of distributing and/or producing child pornography… they don’t arrest him.

They then spend years trying to build a case and it results in a conviction of “supporting the transfer of underage pornography.”

It was at this point in researching the case I realized almost all of the different sources I was using contained inaccurate information or broken links.

He hadn’t been active over on LowEndTalk in a while, so, I decided to reach out to William directly on Telegram for answers to a couple of questions…

Luckily, he got back to me almost immediately:

Did you accept a plea deal or take it to court?

The Austrian legal system has no plea deals. I was charged and convicted with the support, not the ownership. There is ownership, sale, distribution for no monetary gain, and support of general distribution. The last is what I got and the lowest of all.

But you were found guilty of that and given probation, though?

Yes, as they had to give me the minimum sentence. By law they were right as the law only protected registered companies, unlike in Germany for example. The law was changed a few weeks later to include private persons and sole traders as protected lsps, not just companies, but they had to convict me. No choice in the end.

What was the sentence?

I received 5 years probation instead of a 3-month jail sentence, but I left Austria shortly after sentencing. There was no probation officer or anything similar. They let me leave without putting in an Inter or Europol warrant to return me. The probation was just on paper in the end.

I noticed they mentioned “logs” of you talking about hosting CP, can you elaborate?

They took a bunch of IRC logs where I stated what I can and can’t host at a web hosting provider I owned. The logs do exist but are taken out of context.

Why did they originally want to raid you? Did you know or was it random?

I rented a server in Poland and someone uploaded CP to an Austrian image hoster. They reported it to the Austrian police, which contacted the ISP, which gave them my WHMCS login IP and then subpoenaed UPC Austria for my address, then queried the weapons registry.

(William is pictured with an AK-74, ammo is 7.62mm not 5.45mm.)

It didn’t go to the cybercrime unit, but child abuse. They had no idea what Tor was.

A lot of the articles written about you call you Austrian, but you’re from Israel, right?

I am born there but have Austrian, Israeli, Kosovo, and Slovak passports. I grew up in Austria, my family had to leave around 1940 for obvious reasons.

How much did the court case cost you?

I paid my lawyer about 6k euros. I still owe him probably 3k.

What do you do now?

I left Austria and now work for a German company in IT, and have a data center in Kosovo… hosting grey area things there. Warez primarily.

Also, I do want to add that I have more backstory. The CP was not the only reason for the raid.

What do you mean?

Someone used the same exit to hack a NATO facility in Poland, which deals with chemical and biological weapons. Disarming, etc.

The US tried to extradite me from Croatia in 2017, with not much more info than national security.

They lost their case as I am married to a local and cannot be extradited outside the EU.

Interesting. Where do you stay now?

For most of the summer, I am in Croatia. Autumn is mostly in Kosovo/Albania, winter is mostly in Asia, don’t like the cold.

I asked him for some images for the article here and he sent me quite a few, one of them being him smoking a joint.

It led to a conversation about drug use, in which William says:

I can’t smoke anymore sadly, too much paranoia.

The Tor thing definitely left me damaged in some ways. I have an insanely high rivotril/klonopin (clonazepam) prescription for social phobia.

To a certain extent, the Tor situation also drove me further into the grey area life.

Would you do it again?

Sure, I still run 3Gbit of exits, but under an anonymous offshore company.

Do you have a website?

He sent me the following:

Ip6.im – free IPv6.
Basehost.eu – offshore hosting in Kosovo.
Adria-IX.org – Adriatic IX.

Why Kosovo?

I have very good relations with Serbia but like to keep options open, with my investment into Kosovo I received citizenship. It’s also not recognized by a lot of countries and not a UN member, which means I can ignore a lot of abuse for warez and even spam.

Do you have any future plans?

No idea, other than what I already mentioned. I work a lot on my internet exchange. I deal with IPs a lot and sell hosting on the side, too.

I’m always bankrupt but have no debt, drive a solid paid-off car and we own our house in Croatia and Kosovo.

Our conversation ended there with William sending me a picture about 5 minutes later…

He added, “Also take this, maybe it’s useful, much better than grey Austria. This is what my life looks like nowadays.”
It Goes Without Saying…

Child porn is bad. Very bad. It shouldn’t be produced nor shared, ever.

Ultimately no one will ever know if William was intentionally “supporting child porn” — but if you ask me?

I think it’s unlikely. As William said, he’s one of those free-speech Tor guys…

With the good of decentralized solutions also comes the bad. It creates an anonymous environment that someone involved in that kind of thing would thrive on.

The moral question really comes down to:

Is it Williams’s fault the server he hosted in Poland as a Tor exit node was the middleman for bad things?

Maybe, if intentionally ignored… but that’s kind of the point of Tor.

You can’t look, so you don’t look… and you ignore the bad things that happen under the surface.

How do you know he intentionally supported child porn, instead of just supporting free speech? It’s a catch-22.

Don’t get me wrong, either. William has his issues and is far from perfect.

He’s at fault in the sense he loves to operate in the grey area… he thrives in it.

You can tell because he’s still actively doing the same thing that caused him all of his issues in the past. But he doesn’t care.

If there’s one thing for certain?

It’s that William is going to be William regardless if you like him or not.
https://lowendbox.com/blog/man-found...william-weber/





Tor’s Shadowy Reputation Will Only End if We All Use it

It's not the criminal hacking browser you think it is.
Katie Malone

“Tor” evokes an image of the dark web; a place to hire hitmen or buy drugs that, at this point, is overrun by feds trying to catch you in the act. The reality, however, is a lot more boring than that — but it’s also more secure.

The Onion Router, now called Tor, is a privacy-focused web browser run by a nonprofit group. You can download it for free and use it to shop online or browse social media, just like you would on Chrome or Firefox or Safari, but with additional access to unlisted websites ending in .onion. This is what people think of as the “dark web,” because the sites aren’t indexed by search engines. But those sites aren’t an inherently criminal endeavor.

“This is not a hacker tool,” said Pavel Zoneff, director of strategic communications at The Tor Project. “It is a browser just as easy to use as any other browser that people are used to.”

That’s right, despite common misconceptions, Tor can be used for any internet browsing you usually do. The key difference with Tor is that the network hides your IP address and other system information for full anonymity. This may sound familiar, because it’s how a lot of people approach VPNs, but the difference is in the details.

VPNs are just encrypted tunnels hiding your traffic from one hop to another. The company behind a VPN can still access your information, sell it or pass it along to law enforcement. With Tor, there’s no link between you and your traffic, according to Jed Crandall, an associate professor at Arizona State University. Tor is built in the “higher layers” of the network and routes your traffic through separate tunnels, instead of a single encrypted tunnel. While the first tunnel may know some personal information and the last one may know the sites you visited, there is virtually nothing connecting those data points because your IP address and other identifying information are bounced from server to server into obscurity.

In simpler terms: using regular browsers directly connects you and your traffic, adding a VPN routes that information through an encrypted tunnel so that your internet service provider can’t see it and Tor scatters your identity and your search traffic until it becomes almost anonymous, and very difficult to identify.

Accessing unindexed websites adds extra perks, like secure communication. While a platform like WhatsApp offers encrypted conversations, there could be traces that the conversation happened left on the device if it’s ever investigated, according to Crandall. Tor's communication tunnels are secure and much harder to trace that the conversation ever happened.

Other use cases may include keeping the identities of sensitive populations like undocumented immigrants anonymous, trying to unionize a workplace without the company shutting it down, victims of domestic violence looking for resources without their abuser finding out or, as Crandall said, wanting to make embarrassing Google searches without related targeted ads following you around forever.

Still, with added layers of security can come some additional hiccups, like lag or longer loading times. That could be true for some users depending on what they do online, but anecdotally it's gotten a lot faster in recent years, and users have said they barely notice a difference compared to other browsers. Sameer Patil, associate professor at the School of Computing at the University of Utah, studied this by having students and staff try out Tor as their main browser. “I was personally very surprised at how many sites and things just work fine in the Tor browser. So not only did they work as intended, but they also were fast enough,” Patil said.

But even if online privacy isn’t your main concern personally, using Tor can help support industries that heavily rely on it. By using the anonymous and secure browser, you’re supporting activists, journalists and everyone else’s privacy because the more people that use it, the more secure it gets, according to Patil. If only certain sensitive groups use it, it’ll be easier to deanonymize and ultimately track down identities. When you’re one in a billion using it, that task becomes nearly impossible.
https://www.engadget.com/tor-dark-we...130048839.html





A.I. Brings Shadow Libraries into the Spotlight

Large language models, or L.L.M.s, the artificial intelligence systems that power tools like ChatGPT, are developed using enormous libraries of text. Books are considered especially useful training material, because they’re lengthy and (hopefully) well-written. But authors are starting to push back against their work being used this way.

This week, more than 9,000 authors, including Margaret Atwood and James Patterson, called on tech executives to stop training their tools on writers’ work without compensation.

That campaign has cast a spotlight on an arcane part of the internet: so-called shadow libraries, like Library Genesis, Z-Library or Bibliotik, that are obscure repositories storing millions of titles, in many cases without permission — and are often used as A.I. training data.

A.I. companies have acknowledged in research papers that they rely on shadow libraries. OpenAI’s GPT-1 was trained on BookCorpus, which has over 7,000 unpublished titles scraped from the self-publishing platform Smashwords.

To train GPT-3, OpenAI said that about 16 percent of the data it used came from two “internet-based books corpora” that it called “Books1” and “Books2.” According to a lawsuit by the comedian Sarah Silverman and two other authors against OpenAI, Books2 is most likely a “flagrantly illegal” shadow library.

These sites have been under scrutiny for some time. The Authors Guild, which organized the authors’ open letter to tech executives, cited studies in 2016 and 2017 that suggested text piracy depressed legitimate book sales by as much as 14 percent.

Efforts to shut down these sites have floundered. Last year, the F.B.I., with help from the Authors Guild, charged two people accused of running Z-Library with copyright infringement, fraud and money laundering. But afterward, some of these sites were moved to the dark web and torrent sites, making it harder to trace them. And because many of these sites are run outside the United States and anonymously, actually punishing the operators is a tall task.

Tech companies are becoming more tight-lipped about the data used to train their systems. This week, Meta researchers published a paper on Llama 2, the company’s L.L.M., that described using only a “new mix of data from publicly available sources.” In a research paper on GPT-4 published in March, OpenAI explicitly noted that it wasn’t revealing anything about how it trained the L.L.M., citing “the competitive landscape” and “safety considerations.”
https://www.nytimes.com/2023/07/22/b...nvestment.html





Thousands of Authors Demand Payment from AI Companies for Use of Copyrighted Works
Brian Fung

Thousands of published authors are requesting payment from tech companies for the use of their copyrighted works in training artificial intelligence tools, marking the latest intellectual property critique to target AI development.

The list of more than 8,000 authors includes some of the world’s most celebrated writers, including Margaret Atwood, Dan Brown, Michael Chabon, Jonathan Franzen, James Patterson, Jodi Picoult and Philip Pullman, among others.

In an open letter they signed, posted by the Authors Guild Tuesday, the writers accused AI companies of unfairly profiting from their work.

“Millions of copyrighted books, articles, essays, and poetry provide the ‘food’ for AI systems, endless meals for which there has been no bill,” the letter said. “You’re spending billions of dollars to develop AI technology. It is only fair that you compensate us for using our writings, without which AI would be banal and extremely limited.”

Tuesday’s letter was addressed to the CEOs of ChatGPT-maker OpenAI, Facebook-parent Meta, Google, Stability AI, IBM and Microsoft. Most of the companies didn’t immediately respond to a request for comment. Meta, Microsoft and Stability AI declined to comment.

Much of the tech industry is now working to develop AI tools that can generate compelling images and written work in response to user prompts. These tools are built on large language models, which are trained on vast troves of information online. But recently, there has been growing pressure on tech companies over alleged intellectual property violations with this training process.

This month, comedian Sarah Silverman and two authors filed a copyright lawsuit against OpenAI and Meta, while a proposed class-action suit accused Google of “stealing everything ever created and shared on the internet by hundreds of millions of Americans,” including copyrighted content. Google has called the lawsuit “baseless,” saying it has been upfront for years that it uses public data to train its algorithms. OpenAI did not previously respond to a request for comment on the suit.Left: Michael Chabon; right: Margaret Atwood

In addition to demanding compensation “for the past and ongoing use of our works in your generative AI programs,” the thousands of authors who signed the letter this week called on AI companies to seek permission before using the copyrighted material. They also urged the companies to pay writers when their work is featured in the results of generative AI, “whether or not the outputs are infringing under current law.”

The letter also cites this year’s Supreme Court holding in Warhol v Goldsmith, which found that the late artist Andy Warhol infringed on a photographer’s copyright when he created a series of silk screens based on a photograph of the late singer Prince. The court ruled that Warhol did not sufficiently “transform” the underlying photograph so as to avoid copyright infringement.

“The high commerciality of your use argues against fair use,” the authors wrote to the AI companies.

In May, OpenAI CEO Sam Altman appeared to acknowledge more needs to be done to address concerns from creators about how AI systems use their works.

“We’re trying to work on new models where if an AI system is using your content, or if it’s using your style, you get paid for that,” he said at an event.

– CNN’s Catherine Thorbecke contributed to this report.
https://www.cnn.com/2023/07/19/tech/...-ai/index.html





As Actors Strike for AI Protections, Netflix Lists $900,000 AI Job

Rob Delaney said, “My melodious voice? My broad shoulders and dancer’s undulating buttocks? I decide how those are used!”
Ken Klippenstein

As Hollywood executives insist it is “just not realistic” to pay actors — 87 percent of whom earn less than $26,000 — more, they are spending lavishly on AI programs.

While entertainment firms like Disney have declined to go into specifics about the nature of their investments in artificial intelligence, job postings and financial disclosures reviewed by The Intercept reveal new details about the extent of these companies’ embrace of the technology.

In one case, Netflix is offering as much as $900,000 for a single AI product manager.

Hollywood actors and writers unions are jointly striking this summer for the first time since 1960, calling for better wages and regulations on studios’ use of artificial intelligence.

Just after the actors’ strike was authorized, the Alliance of Motion Picture and Television Producers — the trade association representing the TV and film companies negotiating with the actors and writers unions — announced “a groundbreaking AI proposal that protects actors’ digital likenesses for SAG-AFTRA members.”

The offer prompted comparisons to an episode of the dystopian sci-fi TV series “Black Mirror,” which depicted actress Salma Hayek locked in a Kafkaesque struggle with a studio which was using her scanned digital likeness against her will.

“So $900k/yr per soldier in their godless AI army when that amount of earnings could qualify thirty-five actors and their families for SAG-AFTRA health insurance is just ghoulish,” actor Rob Delaney, who had a lead role in the “Black Mirror” episode, told The Intercept. “Having been poor and rich in this business, I can assure you there’s enough money to go around; it’s just about priorities.”

Among the striking actors’ demands are protections against their scanned likeness being manipulated by AI without adequate compensation for the actors.

“They propose that our background performers should be able to be scanned, get paid for one day’s pay and their company should own that scan, their image, their likeness, and to be able to use it for the rest of eternity in any project they want with no consent and no compensation,” Duncan Crabtree-Ireland, chief negotiator for the actors’ union, SAG-AFTRA, said.

Entertainment writers, too, must contend with their work being replaced by AI programs like ChatGPT that are capable of generating text in response to queries. Writers represented by the Writers Guild of America have been on strike since May 7 demanding, among other things, labor safeguards against AI. John August, a screenwriter for films like “Big Fish” and “Charlie’s Angels,” explained that the WGA wants to make sure that “ChatGPT and its cousins can’t be credited with writing a screenplay.”

Protecting Actors’ Likenesses

The daily rate for background actors can be around $200, per the SAG-AFTRA contract. A job posting by the company Realeyes offers slightly more than that: $300 for two hours of work “express[ing] different emotions” and “improvis[ing] brief scenes” to “train an AI database to better express human emotions.”

Realeyes develops technology to measure attention and reactions by users to video content. While the posting doesn’t mention work with streaming companies, a video on Realeyes’s website prominently features the logos for Netflix and Hulu.

The posting is specially catered to attract striking workers, stressing that the gig is for “research” purposes and therefore “does not qualify as struck work”: “Please note that this project does not intend to replace actors, but rather requires their expertise,” Realeyes says, emphasizing multiple times that training AI to create “expressive avatars” skirts strike restrictions.

Experts question whether the boundary between research and commercial work is really so clear. “It’s almost a guarantee that the use of this ‘research,’ when it gets commercialized, will be to build digital actors that replace humans,” said Ben Zhao, professor of computer science at the University of Chicago. “The ‘research’ side of this is largely a red herring.” He added, “Industry research goes into commercial products.”

“This is the same bait-switch that LAION and OpenAI pulled years ago,” Zhao said, referring to the Large-scale Artificial Intelligence Open Network, a German nonprofit that created the AI chatbot OpenAssistant; OpenAI is the nonprofit that created AI programs like ChatGPT and DALL-E. “Download everything on the internet and no worries about copyrights, because it’s a nonprofit and research. The output of that becomes a public dataset, then commercial companies (who supported the nonprofit) then take it and say, ‘Gee thanks! How convenient for our commercial products!’”

Netflix AI Manager

Netflix’s posting for a $900,000-a-year AI product manager job makes clear that the AI goes beyond just the algorithms that determine what shows are recommended to users.

The listing points to AI’s uses for content creation:“Artificial Intelligence is powering innovation in all areas of the business,” including by helping them to “create great content.” Netflix’s AI product manager posting alludes to a sprawling effort by the business to embrace AI, referring to its “Machine Learning Platform” involving AI specialists “across Netflix.” (Netflix did not immediately respond to a request for comment.)

A research section on Netflix’s website describes its machine learning platform, noting that while it was historically used for things like recommendations, it is now being applied to content creation. “Historically, personalization has been the most well-known area, where machine learning powers our recommendation algorithms. We’re also using machine learning to help shape our catalog of movies and TV shows by learning characteristics that make content successful. We use it to optimize the production of original movies and TV shows in

Netflix’s rapidly growing studio.”

Netflix is already putting the AI technology to work. On July 6, the streaming service premiered a new Spanish reality dating series, “Deep Fake Love,” in which scans of contestants’ faces and bodies are used to create AI-generated “deepfake” simulations of themselves.

In another job posting, Netflix seeks a technical director for generative AI in its research and development tech lab for its gaming studio. (Video games often employ voice actors and writers.)

Generative AI is the type of AI that can produce text, images, and video from input data — a key component of original content creation but which can also be used for other purposes like advertising. Generative AI is distinct from older, more familiar AI models that provide things like algorithmic recommendations or genre tags.

“All those models are typically called discriminatory models or classifiers: They tell you what something is,” Zhao explained. “They do not generate content like ChatGPT or image generator models.”

“Generative models are the ones with the ethics problems,” he said, explaining how classifiers are based on carefully using limited training data — such as a viewing history — to generate recommendations.

Netflix offers up to $650,000 for its generative AI technical director role.

Video game writers have expressed concerns about losing work to generative AI, with one major game developer, Ubisoft, saying that it is already using generative AI to write dialogue for nonplayer characters.

Netflix, for its part, advertises that one of its games, a narrative-driven adventure game called “Scriptic: Crime Stories,” centered around crime stories, “uses generative AI to help tell them.”

Disney’s AI Operations

Disney has also listed job openings for AI-related positions. In one, the entertainment giant is looking for a senior AI engineer to “drive innovation across our cinematic pipelines and theatrical experiences.” The posting mentions several big name Disney studios where AI is already playing a role, including Marvel, Walt Disney Animation, and Pixar.

In a recent earnings call, Disney CEO Bob Iger alluded to the challenges that the company would have in integrating AI into their current business model.

“In fact, we’re already starting to use AI to create some efficiencies and ultimately to better serve consumers,” Iger said, as recently reported by journalist Lee Fang. “But it’s also clear that AI is going to be highly disruptive, and it could be extremely difficult to manage, particularly from an IP management perspective.”

Iger added, “I can tell you that our legal team is working overtime already to try to come to grips with what could be some of the challenges here.” Though Iger declined to go into specifics, Disney’s Securities and Exchange Commission filings provide some clues.

“Rules governing new technological developments, such as developments in generative AI, remain unsettled, and these developments may affect aspects of our existing business model, including revenue streams for the use of our IP and how we create our entertainment products,” the filing says.

While striking actors are seeking to protect their own IP from AI — among the union demands that Iger deemed “just not realistic” — so is Disney.

“It seems clear that the entertainment industry is willing to make massive investments in generative AI,” Zhao said, “not just potentially hundreds of millions of dollars, but also valuable access to their intellectual property, so that AI models can be trained to replace human creatives like actors, writers, journalists for a tiny fraction of human wages.”

For some actors, this is not a struggle against the sci-fi dystopia of AI itself, but just a bid for fair working conditions in their industry and control over their own likenesses, bodies, movements, and speech patterns.

“AI isn’t bad, it’s just that the workers (me) need to own and control the means of production!” said Delaney. “My melodious voice? My broad shoulders and dancer’s undulating buttocks? I decide how those are used! Not a board of VC angel investor scumbags meeting in a Sun Valley conference room between niacin IV cocktails or whatever they do.”
https://theintercept.com/2023/07/25/...isney-netflix/





Inside The Battle For A New Streaming Residuals Model: Data, Transparency & “A Fight For Power”
Katie Campione

It’s been 87 days since the writers hit the picket lines and 14 days since the actors joined them, yet the divisions between the guilds and the studios remain as deep as ever.

One of the biggest fights that remains is how performers and writers should be compensated for work they create for streaming services.

“The question is: Are you or are you not willing to share some of the revenue you generate from actors, and also from writers, directors and crew, with them or not? The answer needs to be yes. It is not okay anymore for companies to just bring in huge amounts of revenue from people’s work and not share it with them,” SAG-AFTRA National Executive Director Duncan Crabtree-Ireland told Deadline.

Writers and actors do receive fixed residuals for their work on streaming services, but they are not tied directly to the success of a show, and even the most high-profile creatives have been known to receive pennies for some of their work.

But now, both guilds agree that a fixed residual is not enough to properly reflect their members’ contributions to the streaming services. In its proposal to the Alliance of Motion Picture and Television Producers, the WGA suggested a “viewership-based” residual model, in addition to the fixed residual already in place. That was rejected, according to the union. SAG-AFTRA took that suggestion one step further, proposing that performers receive a 2% share of the revenue generated from streaming content. That proposal was also flat-out rejected, according to the guild.

“We had this proposal on the table on day one of negotiations on June 7. To this very day, throughout that entire 35 days of bargaining and even since, the companies have never come back to us with any substantive response,” Crabtree-Ireland said. “Their answer was, ‘We aren’t interested in talking about it.’ So it’s going to be very hard to reach an agreement on something when the companies won’t even discuss it with you.”

The AMPTP tells a different story, saying that the 2% revenue share had come up “numerous times” and the studios expressed “fundamental objections” to the proposal. While they are willing to increase residuals made from streaming content, a blanket revenue share “creates a one-size-fits-all approach” that studio insiders say is “unworkable.”

It’s clear that both sides are far from an agreement on how to fairly compensate writers and actors on the backend. But the discourse has begged the question: Is a direct revenue share possible in the current streaming landscape and, if so, what could that look like?

Data Dogfight

Several experts stressed to Deadline that the central argument isn’t about whether there is infrastructure to support such a deal. It’s about getting the major studios, as well as the guilds, to agree on a measure of success that would make everyone happy. Which, it seems, might be an impossible exercise.

Any concession from the studios on this front would likely require some sort of data transparency. Thus far, streamers have kept all audience data close to the chest, occasionally self-reporting metrics as they see fit. Netflix is the only service that consistently self-reports viewership data, but does not provide full data transparency.

“Data transparency is related to power. This is a fight about power. Because right now, the streamers have power, and they don’t want to give it up,” David Offenberg, an associate professor of entertainment finance at Loyola Marymount University, told Deadline. “They have the data about how valuable things are and they’re exploiting it by not paying the creators as much as they’re worth for seasons two and three and four, because creators don’t know how much the show’s worth, because they don’t have the data.”

SAG-AFTRA has suggested using Parrot Analytics’ content valuation tool to determine the revenue generated by each piece of streaming content. The guild proposed that each quarter, producers would pay 2% of the quarterly “Revenue Contribution” for each series or film, and this would be divided pro rata among the principal cast “based on time and salary units or ratable distribution,” on top of the existing Streaming Revenue Sharing payment.

Unlike Nielsen or self-reported metrics from some of the studios, which use viewing time as their primary measurement, Parrot Analytics, a data analysis firm for the entertainment industry run by Wared Seger, which works with companies such as Sony, Lionsgate and Starz, uses other metrics such as Google searches and social media engagement. The goal is not to determine viewership but rather to understand the impact of a piece of content on a studio’s revenue. It uses quarterly earnings data as well as subscriptions and ad revenue to estimate that impact for each series or film on a platform.

The AMPTP, however, rejected this proposal, calling these metrics “opaque” and highlighted the fact that they are not available to anyone who doesn’t subscribe to Parrot. They also “lack any demonstrable link to the actual revenue received by the service in the form of new or retained subscribers.”

Crabtree-Ireland told Deadline that the guild thought Parrot’s approach “reflected a more broad-based and objective approach to evaluating that without the kind of insight data that the companies have been unwilling to share so far.”

Building A Metric

When it comes to success on streaming, there are two types of series or films — those that attract subscribers and those that retain them. For each title, a studio gathers a whole host of data including global/U.S. hours viewed, number of unique accounts that viewed a title, and completion rate for each account. They also seek to determine how much engagement a show drives and to what degree it was successful at reducing churn.

While all of these could theoretically be used to determine the success of a show monetarily, they would likely all yield a different answer. Each studio is likely to value one more than the other, which would hinder any agreement on a single metric.

It’s not just about getting the studios to agree, either. It’s also about finding a metric with which the guilds would be satisfied. Because data, while undeniable, can be used to tell any story.

“The challenge with the data is I don’t know which story you want to be told. … Do you want to know that you didn’t make a difference, that the algorithm was the difference maker?” Andrew Rosen, a former Viacom executive and the founder of streaming newsletter PARQOR, told Deadline. “If actors are open to being quantified for how they help with engagement and churn, if that’s true at all, that’s the conversation to have.”

That’s a “different business logic” than simply identifying which shows are hits and which are not, Rosen said.

For what it’s worth, Crabtree-Ireland has repeatedly stressed that SAG-AFTRA is willing to at least discuss any metric the AMPTP is willing put forth. The guild simply wants its members to be fairly compensated for their work in streaming.

Ostensibly, the guild is harking to the days of broadcast television, where the creators and casts of shows such as Friends, Seinfeld, Everybody Loves Raymond and Two and a Half Men would make tens of millions of dollars a year in profits thanks to reruns and syndication (and, ironically, streaming). In fact, the last time writers and actors were on strike together, in 1960, residuals were a key part of those negotiations and led to a long-term payment structure that allowed creatives to share in a show’s success.

“What this is really about is recognizing how streaming has become such a central part of the platform for our members’ work, and these streaming platforms have been built on our members’ voices. The fact is, there’s not a percentage of that revenue that the streaming platforms are gaining that is shared with us or with directors or writers or any other creatives in that form,” Crabtree-Ireland added. “We’re not wedded to that aspect of the proposal. We’re wedded to the concept of — you’re bringing in a bunch of money [and] our members are the reason why it’s coming in and they ought to have at least a tiny little piece of that pie shared with them.”

Regardless of the metric, it will need to be translated into a hard dollar amount — which is where things get even more tricky.

“That is such a can of worms that [the studios and actors] don’t even want to open. I get [the actors’] motivation, but to do that math in a way that makes everybody happy is absolutely impossible. That would cause so much infighting within any union, because you have to make assumptions,” Offenberg said. “You have to build mathematical models that are estimating — not determining, just estimating — the amount of revenue each streaming show makes… there’s no way to make that work in a way that everybody thinks is fair.”

To be clear, the infrastructure is there to support a revenue share, especially with the introduction of ad tiers, because advertisers need audience data in order to be able to justify their ad spend.

“It’s all in a paradigm that is broadly executed on the internet today, and the metrics and the underlying measurement capability does exist to support that kind of a deal,” said Jason Fairchild, co-founder and CEO of advertising platform tvScientific. “It’s a new concept for the studios. It’s not a new concept for content syndication.”

While the studios have bristled at the idea of using third-party data to try to quantify success, Fairchild argues that “if the streaming service, or whoever it is, is grading their own homework, that’s going to lead to some friction.”

“If you have a third party to validate, it’s a solution. That’s time tested across multiple industries,” he said. “It’s not an outrageous thought to have a third party verify.”

The question still remains how much to share with the creatives. While SAG-AFTRA has proposed 2%, experts said that any number will likely ruffle feathers, since streaming has drastically changed the way content is valued and will continue to do so as the industry leans more towards the medium.

“The problem is that the nature of the streaming model really makes it difficult to estimate what actors are entitled to from a show or a movie,” Rosen said. “The value of content has been changed so radically by this medium that it’s really unfortunate and sad to watch. An actor’s output is just very different and is valued very differently, both by the medium in which the content is distributed and by the audiences.”

The “Dirty Secret”

For Rosen, this key fight in the contract negotiations has illuminated an essential truth about streaming. When Netflix accelerated the race away from linear television, every studio followed suit in an attempt to keep up with the times. But the shift was too fast, and the studios’ business models couldn’t keep up. With the introduction of Apple and Amazon in the streaming wars, it puts the legacy studios like Disney, Warner Bros Discovery and NBCUniversal at even more of a disadvantage.

“The dirty secret of streaming is nobody’s profitable, except for Netflix,” he said. “The problem with the guilds’ asks is that they’re saying, ‘Hey, you unprofitable business, one day, you’re going to be profitable. And you should share profits with us.’ Studios are saying, ‘Well, we’re unprofitable and based on what you’re asking, it’s going to be harder to become profitable. The less likely it is we’re going to become profitable, the less likely it is we want to stay in this business.’”

Although, it seems the studios are betting on streaming more and more by the day. If anything is clear, it’s that this new era will continue to be less lucrative for all involved.

“None of these businesses are going to look like what linear used to look like. None of these businesses are going to deliver the types of revenue that syndication used to deliver to directors and actors,” Rosen said. “The difficult question for Hollywood right now is whether the leadership that’s in place, the guys who are really competent in managing studios and linear networks and theme parks, are the right people to solve that problem. I think that the uncomfortable truth that’s emerging from this standoff between the Screen Actors Guild, the Writers Guild and the studios is that they may not be.”
https://deadline.com/2023/07/hollywo...rs-1235448649/





Connecticut is Joining the Physical Media Movement with CDs, Walkmans and 'Lost' 'B Movies'

From cassettes to CDs, physical formats of listening to music are coming back.
Andrew DaRosa

Boomboxes are for sale in record stores. CD sales are up. Cassettes and Walkmans are also selling. The year is 2023.

After years of the vinyl revival, other forms of physical media from eras past are making their way back into popularity. According to Billboard, 17.5 million CDs have been purchased so far in 2023, which is up 3 percent from the same time last year. In the 2023 Luminate Midyear Music Report (formerly MRC Data and Nielsen Music), physical album sales were up 13.3 percent over last year.

There’s more to this trend than numbers, according to Josh Wright, the owner of Vinyl Street Cafe in Fairfield.

“It's a personal relationship with your music," he said. "It’s the way it’s meant to be heard. That’s why I love it. You get to sit with it, look at it, look at the liner notes and all of that stuff. It’s like looking at a painting for a while and trying to understand it.”

Shoppers share in an "experience" by going to a brick-and-mortar music store, Brian Gerosa, the owner of Gerosa Records in Brookfield, told a Hearst Connecticut Media reporter earlier this year.

“People are always happy in a record store, they’re in a good mood, they’re looking for music and they’re sharing that experience," Gerosa said in March.

CDs in particular have been experiencing a renaissance lately at his store, Wright said.

“When vinyl overtook the sales of CDs a couple of years ago, we thought the media was dead," he said. "But it’s starting to trend back upward.”

Wright's store also carries boomboxes and Walkmans. He said he sells more Walkmans than boomboxes, but sales of both account for a small portion of his sales. He attributes that to interest in the novelty of cassettes. Despite musicians releasing new music on cassette, cassettes only comprise .5 percent of all physical media sales in 2023, according to the Luminate

There's one pop star who Wright believes is at the center of bringing younger audiences to physical media in the Spotify era: Taylor Swift.

Swift has claimed nearly 4 percent of physical and digital album sales in 2023, according to Billboard. From releasing re-recorded versions of her past albums to creating collectable variants of her albums (such as having an image that forms by putting together four versions of the "Midnights" album), Swift has found success in the sale of physical media.

Last year, Swift broke the three-day record she set with "Midnights" for the fastest vinyl record to reach one million copies sold. In the first week after "Speak Now (Taylor’s Version)" went on sale on July 7, Swift sold 268,000 copies on vinyl, 134,000 on CD and 8,000 on cassette, according to Billboard. On Sunday, Billboard declared that Swift has the most No. 1 best-selling albums of all time for a female artist, beating out a record held by Barbra Streisand.

“Taylor Swift is a beast. She can do what she wants," Wright said. “Whatever the Beatles did back in the early 60s, she’s one-upped them.”

Why are younger music fans gravitating to physical media over streaming?

For 18-year-old Gabe Sopko of New Milford, the sound and the novelty of cover art draw him to vinyl.

“I’ve always gravitated to the next thing I’m going to listen to based on the cover art,” Sopko said during a visit to Gerosa Records in March. “Honestly I’m a sucker for the crackles and pops. It’s a physical piece of media, and I can hear everything that went into pressing that record.”

CD sales are up in large part to sales at merchandise tables at concerts, according to a Billboard report published in April.

With delays in vinyl record production, many artists have resorted to stocking up on CDs for the road, which bands find easier to bring than bulkier records, according to Billboard. Bigger artists like Swift and K-pop group BLACKPINK have noticed this trend and have begun to produce limited-edition CDs that are sold exclusively at their shows and on their websites.

The physical media trend isn't just happening in the music world. The physical home box office market is growing as well.

A February report from the Digital Entertainment Group, which tracks the distribution of physical media, showed that the home box office market grew by almost 12 percent in 2022, with sales of 4K Ultra High Definition titles up 20 percent last year.

Though DVD and Blu-ray sales have slumped, the Digital Entertainment Group report noted that movies like "Top Gun: Maverick" and "The Batman" led to an increase in sales for 4K UHD discs, which are the newest disc technology available.

Streaming is holding its own against sales of physical movies and television, though the ongoing SAG-AFTRA and Writers Guild of America strikes have drawn attention to the unfair distribution of residuals given to actors and writers for shows and movies on streaming.

Boutique home box office labels are carving out their path in the market. Labels like Criterion and Arrow Films restore movies that never received modern restoration work or had a proper physical release, and sell Blu-ray and 4K UHD disc copies of different films every month.

Connecticut's own Vinegar Syndrome specializes in restoring "lost" and cult films from the 20th century. The label also operates The Archive, a Bridgeport shop that sells Vinegar Syndrome releases and films restored by other boutique film labels, plus new and used DVDs, VHS cassettes, records and cassette tapes.

“Cult horror, and other exploitation films along this line, are very under-restored because of the market," James Neurath, Vinegar Syndrome's retail and streaming manager and The Archive co-owner, told Hearst Connecticut in 2020. "Lower budget films were never taken care of when it came to 35mm and 16mm film preservation and restoration. That’s why a lot of it was dumped onto lower grade media."

Almost all Vinegar Syndrome movies come with slipcover sleeves for the discs that feature custom artwork. Discs with slipcovers always sell the fastest: Recent titles like "From Beyond," the Patrick Swayze-led "Road House" and "The Texas Chainsaw Massacre 2" sold out of their slipcover versions.

Thanks to steady sales, Vinegar Syndrome has been able to branch out to publish its own comic books, VHS tapes, apparel and posters. The company announced last week that it is debuting its first "fully original theatrical feature film." "Eight Eyes," which is a homage to '70s Euro-horror movies, will premiere at the Fantasia International Film Festival in Montreal on Friday, Aug. 4.

“When it comes to the modern age, you’re trying to fight the idea that this stuff is totally free,” Neurath said. “A byproduct of that is when people don’t invest in this product, you’re not going to be able to afford the business model of restoring them."

“We use the physical media sales to preserve film," he added. "One hand washes the other and without that, we couldn’t do what we are doing."
https://www.newstimes.com/entertainm...d-18208191.php





Multimillion-Dollar Cables Crisscrossing the Bottom of the Ocean have Become the Vital Connections of Our Online Lives.
Stephen Shankland

The concert is in London. You're watching it live from your home in Atlanta. What makes that possible is a network of subsea cables draped across the cold, dark contours of the ocean floor, transmitting sights and sounds at the speed of light through bundles of glass fiber as thin as your hair but thousands of miles long.

These cables, only about as thick as a garden hose, are high-tech marvels. The fastest, the newly completed transatlantic cable called Amitié and funded by Meta, Microsoft and others, can carry 400 terabits of data per second. That's 400,000 times faster than your home broadband if you're lucky enough to have high-end gigabit service.

And yet subsea cables are low-tech, too, coated in tar and unspooled by ships employing basically the same process used in the 1850s to lay the first transatlantic telegraph cable. SubCom, a subsea-cable maker based in New Jersey, evolved from a rope manufacturer with a factory next to a deep-water port for easy loading onto ships.

Though satellite links are becoming more important with orbiting systems like SpaceX's Starlink, subsea cables are the workhorses of global commerce and communications, carrying more than 99% of traffic between continents. TeleGeography, an analyst firm that tracks the business, knows of 552 existing and planned subsea cables, and more are on the way as the internet spreads to every part of the globe and every corner of our lives.

You probably know that tech giants like Meta, Microsoft, Amazon and Google run the brains of the internet. They're called "hyperscalers" for operating hundreds of data centers packed with millions of servers. You might not know that they also increasingly run the internet's nervous system, too.

"The whole network of undersea cables is the lifeblood of the economy," said Alan Mauldin, an analyst with TeleGeography. "It's how we're sending emails and phone calls and YouTube videos and financial transactions."

Two thirds of traffic comes from the hyperscalers, according to consulting firm McKinsey. And the data demands of hyperscalers' subsea cable is surging 45% to 60% per year, said SubCom Chief Executive David Coughlan. "Their underlying growth is fairly spectacular," he said.

Hyperscalers' data demands are driven not just by their own content needs, like Instagram photos and YouTube videos viewed around the world. These companies also often operate the cloud computing businesses, like Amazon Web Services and Microsoft Azure, that underlie millions of businesses' global operations.

"As the world's hunger for content continues to increase, you need to have the infrastructure in place to be able to serve that," said Brian Quigley, who oversees Google's subsea and terrestrial networks.

In this article:

• Why subsea cables are spreading
• Subsea communications: The origin story
• How subsea cables work
• How subsea cables are installed
• Subsea cable cuts and fixes
• Making subsea cables faster
• Geopolitical complications of subsea cables
• Subsea cable vulnerabilities
• Building a more resilient subsea cable network

The first subsea cables spanned major communication routes like London to New York. Those remain critical, but newer routes are bringing bandwidth far off the beaten track: the west coast of Greenland, the volcanic island of St. Helena west of Africa, the southern tip of Chile, Pacific island nations, the 8,000-person town of Sitka, Alaska.

It's all part of a gradual transformation of subsea communications. Where once cables were the exception, linking a few high-priority urban centers, now they're becoming a world-spanning mesh. In other words, subsea cables are coming to resemble the rest of the internet, despite high costs and exotic technology.

But as more internet traffic traverses subsea cables, there's also reason to worry about them. The explosive sabotage last year of the Nordstream 1 and 2 natural gas pipelines connecting Russia and Europe was much more logistically difficult than cutting an internet cable the thickness of your thumb. An ally of Russian leader Vladimir Putin said subsea cables are fair game for attack. Taiwan has 27 subsea cable connections that the Chinese military could see as tempting targets in an attack.

The risks are vivid: Vietnam's internet performance suffered thanks to outages on all five of its cables for months earlier this year, and the volcanic explosion on the island of Tonga severed it from most communications for weeks.

But those risks are dwarfed by the very real benefits, from the macroeconomic to the purely personal. The network is growing more reliable and capable with faster speeds and a surge in new cables extending the network beyond today's 870,000 miles of routes, and that'll coax more and more countries to join.

That makes the internet richer and more resilient for all of us — including you getting work done and finding entertainment after the workday's over.

Why subsea cables are spreading

The economic advantages are considerable. Subsea cable links mean faster internet speeds, lower prices, a 3% to 4% boost in employment and a 5% to 7% boost to economic activity, McKinsey estimates.

At the same time that hyperscalers' traffic demands were surging, the telecommunications companies that traditionally installed subsea cables pulled back from the market.

"Roughly 10 years ago, a lot of the traditional telco providers started to really focus on wireless and what was happening within their last-mile networks," said Frank Ray, who leads hyperscale network connectivity for Microsoft's Azure cloud computing business. The wait for new cables grew longer, with the planning phase alone stretching to three to five years. The hyperscalers needed to take control.

Hyperscalers initially began with investments in others' projects, a natural move given that subsea cables are often operated by consortia of many allies. Increasingly, hyperscalers now build their own.

The result: a massive cable buildout. TeleGeography, which tracks subsea cables closely, projects $10 billion will be spent on new subsea cables from 2023 to 2025 around the world. Google-owned cables already built include Curie, Dunant, Equiano, Firmina and Grace Hopper, and two transpacific cables are coming, too: Topaz this year and, with AT&T and other partners, TPU in 2025.

Such cables don't come cheap: A transatlantic cable costs about $250 million to $300 million to install, Mauldin said.

The cables are critical. If one Azure region fails, data centers in another region come online to ensure customers' data and services keep humming. In the US and Europe, terrestrial cables shoulder most of the load, but in Southeast Asia, subsea cables dominate, Ray said.

With the hyperscalers in charge, pushing data instead of voice calls, subsea networks had to become much more reliable. It might be a minor irritation to get a busy signal or dropped call, but interruptions to computer services are much more disruptive. "If that drops, you lose your mind," Coughlin said. "The networks we make today are dramatically better than what we made 10 years ago."

Subsea communications: The origin story

Today's cables send up to 250 terabits per second of data, but their technology dates back to the 1800s when scientists and engineers like Werner Siemens figured out how to lay telegraph cables under rivers, the English Channel and the Mediterranean Sea. Many of the early cables failed, in part because the weight of a cable being laid on the bottom of the ocean would rip the cable in two. The first transatlantic cable project that succeeded operated for only three months in 1858 before failing and could only send just over one word per minute.

But investors eager to cash in on rapid communications underwrote the development of better technology. Higher copper purity improved signal transmission, stronger sheathing reduced cable breaks, repeaters installed periodically along the cable boosted signal strength and polyethylene insulation replaced the earlier rubberlike material harvested from gutta-percha trees.

Telephone calls eventually replaced telegraph messages, pushing technology further. A transatlantic cable installed in 1973 could handle 1,800 simultaneous conversations. In 1988, AT&T installed the first transatlantic cable to use glass fiber optic strands instead of copper wires, an innovation that boosted capacity to 40,000 simultaneous phone calls.

A subsea internet cable from manufacturer SubCom shows, from the center outward, its optical fibers for data transfer, steel cabling for strength, copper for power distribution and plastic for electrical insulation and protection. Stephen Shankland/CNET

SubCom's subsea cable factory dates back to its rope-making roots in the 1800s. "Most rope in that time was used on ships or needed to be transported by ships," CEO Coughlan said. "A factory on a deep port, with quick access to the ocean and with winding capabilities, is what was needed to transform into the telephone cable business."

How subsea cables work

Fiber optic lines transmit data as pulses of laser light. As with terrestrial fiber optic lines, using multiple frequencies of light — colors, to you and me — means more data can be sent at once. Network equipment ashore at either end of a cable encodes data into the light for transmission and decodes it after it's received.

Fiber optics are great for fast broadband and long-haul data transmission, but the technology has its limits. That's why there's a big bulge in the cable every 30 to 60 miles called a repeater, to boost the signal strength.

Repeaters require power, though, and that's where another part of the cable construction comes into play. Outside the fiber optic strands, a copper layer carries electricity at up to 18,000 volts. That's enough to power repeaters all the way across the Pacific Ocean just from one end of the cable, though power typically is available from both ends for greater reliability.

Why not keep raising the laser power, so you don't need repeaters as often? Because boosting it too high would eventually melt the fibers, said Brian Lavallée, a senior director at networking technology giant Ciena.

His company makes the network equipment at either end of the subsea cables, employing different data encoding methods — manipulating light waves' frequency, phase and amplitude — to squeeze as much data as possible onto each fiber.

"We've been able to get very, very close to the Shannon limit, which is the maximum amount of information you can send down a communication medium," Lavallée said.

How subsea cables are installed

Companies installing a cable start by picking a route, surveying the route to dodge marine problems like nature preserves, rough seafloor and other cables. When multiple countries, telecommunications firms and businesses are involved, finding an agreeable route and obtaining permits can be very complex.

The cables themselves are gradually paid out from specialized ships. That isn't as simple as unspooling your string when you're flying a kite on a windy day.

Fiber optic strands are narrow, but subsea cables are thicker, heavier and bulkier. They're stored in metal cylinders that wind and unwind the cables as they're moved from shore to ship or from ship to ship. A single ship's three "tanks" can hold 5,000 tons of cable, which works out to about 1,800 miles of lightweight cable and 600 miles of cable that's been armored for busy waters.

SubCom has to figure out the installation order for each cable segment and make sure that when installation begins, the right end of the cable is at the top of the coil. That means before loading onto the ship, while the cable is stored at SubCom's depot, it must be stored "flipped" the other way up. It reverses direction to the correct configuration as it's transferred loop by loop onto the ship, SubCom's Coughlan said.

That's already complicated, but weather, permits or other concerns can force changes to the installation order. That can require flipping a cable at sea with two ships side by side. In a very digital business it turns out to be a very analog problem trying to account for factors like the ships lurching on the open ocean and the cable's weight and bending limits.

"We have one guy in particular that's just a savant at this," Coughlan said. "He has to be able to solve it with his hand with string first, because we found the computer modeling never works."

Near shore, cables are armored with steel cable and buried in the sea floor with a special plow towed behind the ship. The plow pulls up into the water any time the new cable crosses another that's already installed. In the deeper ocean, where fishing equipment and anchors aren't a problem, the cable has less protection and is simply laid on the bottom of the sea floor.

Subsea cable cuts and fixes

Subsea cables are pretty tough, but every three days or so, one gets cut, TeleGeography said. The primary culprits, accounting for about 85% of cuts, are fishing equipment and anchors. Ships often will anchor themselves to ride out storms, but the storms push the ships and they drag their anchors.

Most of the other cuts are from the Earth itself, like earthquakes and mudslides. Tonga, whose single subsea cable connection was severed by a volcanic eruption, is another example.

Human-caused climate change, which is creating more extreme storms, worries Microsoft's Ray. "What keeps me awake at night is large-scale climate events," he said. In 2012, Hurricane Sandy cut 11 of the 12 high-capacity cables that connected the US and Europe, he said.

Most cuts occur closer to land, where boat traffic is higher and water is shallower. There, cables are clad in metal armor and buried in the sea floor, but even so, cable cuts are a matter of when, not if. At any given moment, more than 10 cables are typically cut around the world, Google's Quigley said. The worst season for outages is October to December because of a combination of harsher weather and fishing activity.

Cable operators can pinpoint cable cut locations, but repair ships often must await government permits. Repairs average two weeks, Ray said, but three or four is common, according to.marine cable division chief Takahiro Sumimoto of Japanese telecommunications power NTT. After the Fukushima earthquake of 2011, it took two months.

"It was too deep, and the cable was cut into pieces," Sumimoto said.

The repair requires a ship to fish up one end of the broken cable, often latching on with the same kind of grappling equipment that's been used for centuries. The ship floats that end of the cable with a buoy while the other end is retrieved. The ship splices the optical fibers back together, with splices housed in a thicker package.

Making subsea cables faster

With cables so expensive to install, there's a strong incentive to pack in more data. There's plenty of room for more optical fibers, but that approach is limited by the need for electrical power for the repeaters.

Today's new cables use 16 pairs of fibers, but a new cable that NTT is building between the US and Japan employs 20 fiber pairs to reach 350Gbps. Another Japanese tech giant, NEC, is using 24 fiber pairs to reach speeds on its transatlantic cable to 500Tbps, or a half petabit per second.

"Especially after the pandemic, we observed a capacity shortage everywhere. We urgently need to construct new cables," Sumimoto said. "The situation is a bit crazy. If we construct a cable, the capacity is immediately sold out."

Along with the new cable installations, sometimes older cables can be upgraded with new network hardware. A recent Ciena upgrade quadrupled the capacity of fiber optic lines without changing anything underwater, Lavallée said.

Microsoft also is betting on a fundamental improvement to optical fibers themselves. In December, it acquired a company called Lumenisity developing hollow fibers with a tiny central tube of air. The speed of light in air is 47% faster than in glass, a reduction to the communication delay known as latency that's a key limit to network performance.

Transpacific cables have a latency of about 80 milliseconds. Cutting latency is important for time-sensitive computer interactions like financial transactions. Microsoft also is interested in hollow fibers for shorter-haul fiber optic lines, since lower latency effectively brings data centers closer together for faster fallback if one fails.

Also coming are fibers with multiple data transmission cores inside instead of just one. "We can't get much more improvement in bandwidth over a single fiber," TeleGeography's Mauldin said.

A portion of Google's TPU cable will use two-core fibers, the company confirmed, but that's only a first step. Fiber optic company OFS announced four-core fiber optics this year and sees a path to subsea cable capacity of 5Pbps. That's 20 times more data than today's new cables.

Geopolitical complications of subsea cables

There's only one internet, but strains can show when it connects countries that are at odds, for example when the Chinese government blocks Google and Facebook or US companies sever their connections to Russia's internet. These techno-political tensions have spread to the world of subsea cables.

The US effectively blocked three cables that would have directly linked China and the US, causing them to reroute to other Asian nations. And the US has worked to sideline HMN Tech, a Chinese subsea cable installation and maintenance company that grew out of Huawei, according to a report by The Financial Times.

But with many other countries in Southeast Asia, there are many indirect connections, with more to come. "There are 17 new intra-Asian cables that are currently in the works, and many more that haven't been announced yet," TeleGeography analyst Tim Stronge said in a June blog post. And when it comes to internet routing rules that govern the flow of traffic around the world, there are effectively open borders. In other words, the internet itself doesn't care much about where exactly the cables go.

The new geopolitics has complicated business for SubCom, which serves the US military as well as private companies like Google.

"A lot of governments exert their power in ways they had in the past," Coughlan said, and it isn't just the China-US issue. Several countries, including Canada and Indonesia, are enforcing cabotage laws that require work done in their territorial waters to be done by a sovereign ship of that nation.

Cable-laying ships hold hundreds of miles of cable spooled up inside three "tanks." Note the scale showing this tank to be 7 meters (22 feet) deep. This shows a segment of the Merea cable built by Microsoft and Facebook parent Meta. Microsoft

"This is leading to a lot of complications around the duration of permits and how to perform the work," Coughlan said. "Because of these cabotage laws, cables are harder to put in. They take longer. Some of these countries only have one ship, and you have to wait to get it."

But ultimately the economic incentives to build the cable usually prevail.

"Whatever big dustups there are going to be — trade wars, actual wars — when it gets to the local level, the local countries want these cables," SubCom's Coughlan said. "That's the only reason this gets built."

Subsea cable vulnerabilities

Cable vulnerabilities are real. Anchors and fishing equipment are the main risks, particularly in crowded corridors where there are multiple cables. The cables are designed to thwart corrosive salt water, not an attacking human.

"It would not take much to break these cables. And a bad actor could do it," Coughlan said. A 2017 think tank paper by Rishi Sunak, who's since become prime minister of the UK, concluded that subsea cables are "indispensible, insecure."

In a 2021 report, the Center for a New American Security, a bipartisan national security think tank, concluded that subsea cables are vulnerable. It simulated Chinese and Russian military actions using adversarial "red teams." In these simulations, Chinese attacks cut off Taiwan, Japan, Guam and Hawaii, but Russian attackers had a harder time thanks to the large number of Atlantic subsea cables.

"In CNAS wargames, Chinese and Russian red teams launched aggressive attacks on undersea cables, specifically where they 'land' ashore. In nearly every case, these attacks allowed red teams to disrupt and degrade US, allied, and partner communications, and contributed to confusion and distraction at the strategic level as governments were forced to respond to sudden losses of connectivity," CNAS senior fellow Chris Dougherty said in the report.

The Marea cable from Microsoft and Meta is high-tech enough to carry 200 terabits of data per second, but employs centuries-old nautical technology too: It's coated in tar. Microsoft

Sunak recommended a treaty to protect cables, NATO wargames to better understand their importance, and sensors on the cable to better detect threats. The most practical advice, though, was simple: build more cables for geographic diversity and redundancy.

Building a more resilient subsea cable network

Given the importance and vulnerability of subsea cables, it's no surprise there's a race afoot to make the technology more robust.

That's why there's a major push to expand to new landing sites. When Hurricane Sandy struck, all the most powerful transatlantic cables landed in New York and New Jersey. Now more leave from Massachusetts, Virginia, South Carolina and Florida.

"If you run all cables on the same path, you're an anchor drag away from multiple cables being brought down," Quigley said.

Often, operators will swap capacity on each others' cables, access that gives each a fallback data pathway if their cable is cut. Effectively, they're not putting all their communication eggs in one cable basket.

Ultimately, the geographic diversity Sunak seeks is becoming a reality, boosted by better branching technology that makes multistop cables economical. The new Sea-Me-We 6 cable stretches from France to Singapore by way of 17 other countries. And new cables are being built to connect Europe, Africa, the Middle East, Asia, the Americas and many island nations.

"They're all over the world," Ciena's Levallée said. "There is truly a mesh of these cables."
https://www.cnet.com/home/internet/f...-the-internet/





FCC Chair: Speed Standard of 25Mbps Down, 3Mbps Up isn’t Good Enough Anymore

Chair proposes 100Mbps national standard and an evaluation of broadband prices.
Jon Brodkin

The Federal Communications Commission hasn't raised its broadband speed standard since early 2015 when it adopted a metric of 25Mbps downloads and 3Mbps uploads.

That could finally change under Chairwoman Jessica Rosenworcel, who is proposing a fixed broadband standard of 100Mbps downloads and 20Mbps uploads along with a goal of bringing affordable service at those speeds to all Americans. Under her plan, the FCC would evaluate broadband availability, speeds, and prices to determine whether to take regulatory actions to promote network deployment and competition.

Rosenworcel hasn't revealed anything about how affordability will be measured. But in a proposed Notice of Inquiry that would start an evaluation of broadband deployment across the US, she included affordability as one of the aspects to be considered.

"In today's world, everyone needs access to affordable, high-speed Internet, no exceptions," Rosenworcel said in the announcement today. "It's time to connect everyone, everywhere. Anything short of 100 percent is just not good enough."

FCC required to study deployment

Section 706 of the Telecommunications Act requires the FCC to determine whether broadband is being deployed "on a reasonable and timely basis" to all Americans. If the answer is no, the US law says the FCC must "take immediate action to accelerate deployment of such capability by removing barriers to infrastructure investment and by promoting competition in the telecommunications market."

The FCC's previous Section 706 reports analyzed availability and included data on adoption but didn't consider affordability.

In her announcement today, Rosenworcel said she "recently shared with her colleagues an updated Notice of Inquiry that would kick off the agency's evaluation of the state of broadband across the country, as required by Section 706 of the Telecommunications Act. Chairwoman Rosenworcel proposes that the Commission consider several crucial characteristics of broadband deployment, including affordability, adoption, availability, and equitable access, when determining whether broadband is being deployed in a reasonable and timely fashion to 'all Americans.'"

Ajit Pai never raised speed standard

The FCC can use a negative finding under Section 706 to justify certain kinds of regulation, though the Section 706 power is not as extensive as the FCC's authority to regulate broadband providers as common carriers under Title II of the Communications Act. During the Obama administration, the FCC raised the speed standard it uses for Section 706 evaluations and determined that broadband isn't reaching Americans fast enough, pointing in particular to lagging deployment in rural areas.

During the Trump years, FCC Chairman Ajit Pai kept the 25Mbps/3Mbps speed standard for home Internet service and concluded that providers were deploying fast broadband across the US on a reasonable and timely basis. Pai also deregulated the industry by eliminating net neutrality rules and reversing former Chairman Tom Wheeler's decision to regulate ISPs as common carriers.

Rosenworcel has been FCC chairwoman since January 2021 but has never had a Democratic majority because the US Senate refused to confirm President Biden nominee Gigi Sohn. Biden's replacement nominee, Democrat Anna Gomez, was approved by the Senate Commerce Committee two weeks ago, setting up a potential vote on the Senate floor that could finally break the FCC's 2-2 partisan deadlock.

Gigabit for everyone a longer-term goal

Raising the broadband speed standard and creating a price metric for the next Section 706 evaluation may require Gomez's support. Rosenworcel's proposed Notice of Inquiry is pending a vote of the commission. Gomez's vote would also be needed if Rosenworcel tries to reinstate Title II regulations over broadband.

The Notice of Inquiry's proposal for a 100Mbps/20Mbps standard for Section 706 reviews "discusses a range of evidence supporting this standard, including the requirements for new networks funded by the Bipartisan Infrastructure Law," the announcement said. That's a reference to the $42 billion broadband deployment fund created by Congress, which requires funded projects to provide speeds of at least 100Mbps downstream and 20Mbps upstream. Even that law, passed in 2021, still used the 25Mbps/3Mbps standard to determine whether an area is "unserved."

Rosenworcel, an FCC member since 2012, began calling for a 100Mbps standard several years before she became the chair. Her new proposal would also set an additional, longer-term goal of gigabit speeds for all Americans.

"The Notice of Inquiry proposes to set a separate national goal of 1Gbps/500Mbps for the future," Rosenworcel's announcement said.

The FCC is already using 100Mbps/20Mbps as a standard in other contexts. The commission announced yesterday that one of its grant programs will require deployment of 100Mbps/20Mbps or faster service.
https://arstechnica.com/tech-policy/...nough-anymore/





Google’s Nightmare “Web Integrity API” Wants a DRM Gatekeeper for the Web

It's just a "proposal," but it's also being prototyped inside Chrome right now.
Ron Amadeo

Google's newest proposed web standard is... DRM? Over the weekend the Internet got wind of this proposal for a "Web Environment Integrity API. " The explainer is authored by four Googlers, including at least one person on Chrome's "Privacy Sandbox" team, which is responding to the death of tracking cookies by building a user-tracking ad platform right into the browser.

The intro to the Web Integrity API starts out: "Users often depend on websites trusting the client environment they run in. This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it."

The goal of the project is to learn more about the person on the other side of the web browser, ensuring they aren't a robot and that the browser hasn't been modified or tampered with in any unapproved ways. The intro says this data would be useful to advertisers to better count ad impressions, stop social network bots, enforce intellectual property rights, stop cheating in web games, and help financial transactions be more secure.

Perhaps the most telling line of the explainer is that it "takes inspiration from existing native attestation signals such as [Apple's] App Attest and the [Android] Play Integrity API." Play Integrity (formerly called "SafetyNet") is an Android API that lets apps find out if your device has been rooted. Root access allows you full control over the device that you purchased, and a lot of app developers don't like that. So if you root an Android phone and get flagged by the Android Integrity API, several types of apps will just refuse to run. You'll generally be locked out of banking apps, Google Wallet, online games, Snapchat, and some media apps like Netflix. You could be using root access to cheat at games or phish banking data, but you could also just want root to customize your device, remove crapware, or have a viable backup system. Play Integrity doesn't care and will lock you out of those apps either way. Google wants the same thing for the web.

Google's plan is that, during a webpage transaction, the web server could require you to pass an "environment attestation" test before you get any data. At this point your browser would contact a "third-party" attestation server, and you would need to pass some kind of test. If you passed, you would get a signed "IntegrityToken" that verifies your environment is unmodified and points to the content you wanted unlocked. You bring this back to the web server, and if the server trusts the attestation company, you get the content unlocked and finally get a response with the data you wanted.

Google likes to describe its APIs in a generic sense, but in reality, most of the actors in this play would probably be Google. Google may or may not be supplying the website, Chrome would be the browser, and the attestation server would definitely be from Google.

Google's document pinky-promises the company doesn't want to use this for anything evil. The authors "strongly feel" the API shouldn't be used to uniquely fingerprint people, but they also want "some indicator enabling rate limiting against a physical device." In the "non-goals" section, the project says it doesn't want to "interfere with browser functionality, including plugins and extensions." That's a veiled reference to not killing ad-blockers, even though the project mentions better advertising support as some of its goals. Chrome already has a "kill ad blockers" plan anyway (or at least "watered-down ad blockers" plan). It's called Manifest V3, which will change the way critical extension APIs work so they can't modify webpage content as effectively. Google also says it doesn't want to "exclude other vendors" from its DRM scheme.

Google hasn't done much in the way of public promotion of this idea yet, and even the documentation is only hosted on an employee's personal GitHub account, rather than an official Google repo. The earliest proposal we can find is from April 2022. Over the weekend, an updated spec was published, and the proposal got picked up by HackerNews and device-repair YouTuber Louis Rossmann. This caused the Internet to descend upon the repo's GitHub issues forum and start absolutely cooking Google in the replies.

Issue #134 calls the idea "absolutely unethical and against the open web." Issue #113 say they "can't believe this is even proposed." Issue #127 adds: "Have you ever stopped to consider that you're the bad guys?" Another user posted a screed entirely in hexadecimal that, when translated, starts with "Death to Fascists" and wishes explosive diarrhea on everyone involved. So reception so far has been... mixed.

Exactly how the rest of the world feels about this is not necessarily relevant, though. Google owns the world's most popular web browser, the world's largest advertising network, the world's biggest search engine, the world's most popular operating system, and some of the world's most popular websites. So really, Google can do whatever it wants. Other projects like Chrome's "Privacy Sandbox" ad platform and the adblock-limiting manifest V3 have been universally panned, but Google has kept right on trucking with the projects. There have been some small project tweaks and delays, but Google keeps marching forward.

For now this is only a "proposal" API, but in May Google published an "intent to prototype" notice, meaning it's building the feature into Chrome right now for testing. There's a page for feature-development tracking on chromestatus.com. We've asked Google for a comment and will update this page if it sends anything.
https://arstechnica.com/gadgets/2023...m-for-the-web/
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

July 22nd, July 15th, July 8th, July 1st

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black