P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 17-10-18, 06:34 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - October 20th, ’18

Since 2002































October 20th, 2018




Illegal File-Sharing: You Can't Get Away with Blaming a Family Member, Says Top Court

Shifting the blame onto a family member for illegal file-sharing on your internet connection is not good enough without specifics, says EU's top court.
David Meyer

Countries in the European Union can't allow an individual to get away with copyright infringements by merely naming other family members who might have used his or her internet connection to share files, the EU's top court has ruled.

The file-sharing verdict came down on Thursday from the Court of Justice of the European Union (CJEU), in a case involving an audio book from the German publisher BasteiLübbe.

The audiobook had been unlawfully shared on a peer-to-peer platform via the connection of a man named Michael Strotzer, which prompted the publisher to sue Strotzer.

Strotzer denied having anything to do with the file-sharing in question, instead pointing out that his parents, who live with him, had access to the same connection. That, he said, was the end of the matter.

A Munich regional court said German federal case law does indeed allow this defense on the basis of the fundamental right to protection of family life.

The court said the case law doesn't even require the connection's owner to provide further details of how the family member supposedly used it, so there's no opportunity for anyone to then go after the family member for liability.

However, the court asked the CJEU to clarify the matter and, according to the EU court, that German case law doesn't fly.

The CJEU, also commonly known as the European Court of Justice, or ECJ, explained that there needs to be a balance between the rights to privacy and family life, and the rights to hold intellectual property and get an effective legal remedy from the courts.

If family members get "almost absolute protection" of the sort claimed in the Strotzer case, the court said, that's not a fair balance because the publisher doesn't get to defend its rights.

In other words, the defense is no defense without evidence of who perpetrated the file-sharing.

"EU law precludes national legislation (such as that at issue, as interpreted by the relevant national courts) under which the owner of an internet connection used for copyright infringements through file-sharing cannot be held liable to pay damages if he can name at least one family member who might have had access to that connection, without providing further details as to when and how the internet was used by that family member," the CJEU said.

So it's now back to the Munich court to decide whether there's some way under German law to force Strotzer to provide "information necessary for proving, in circumstances such as those at issue in that case, copyright infringement and who infringed it".

Forcing him to do so might make for an awkward Christmas at the Strotzer household, but it would comply with EU copyright law.

Germany seems to be making a habit of testing the limits of European copyright law. A couple of years ago, the CJEU handed down a ruling in the case of a Bavarian shopkeeper named Tobias McFadden and his open Wi-Fi hotspot.

The ruling established that hotspot operators aren't liable for other people unlawfully file-sharing through their connections, but also that rights holders can force them to secure their networks to prevent the filesharing.
https://www.zdnet.com/article/illega...ays-top-court/





Oz to Turn Pirates into Vampires: You Won't See their Images in Mirrors

Internet piracy crackdown looms over Google and search engines, file-sharing sites in proposed legislation
Richard Chirgwin

Australia's federal government hopes to expand the piracy-blocking regime it introduced in 2015 to include injunctions against search engines, include file drop-sites in bans, and catch so-called “alternative pathways” to pirated content that emerge after a primary site has been blocked.

Under Australia's latest regime, copyright owners have to seek court injunctions against individual websites (say, The Pirate Bay) if they suspect the site is infringing their copyright, and if successful, telcos block access to those sites through the domain name system.

Thus, if a website is pirating or being used to pirate material, it can be blocked by killing off DNS lookups, meaning web browsers and their users can't find the site from its domain name. If someone knows the IP address of the site, they're still quids in, of course.

When the Oz government initiated a review into that regime earlier this year, Hollywood's proxies complained that if they were successful getting an injunction against one infringing site, would-be pirates could simply go to Google to find another source for their downloads.

One of the aims of the Copyright Amendment (Online Infringement) Bill 2018, proposed this week, is to change that by bringing search engines into the remit of the regime.

Introducing the bill, the government's minister for families and social services Paul Fletcher explained* how the government hopes to close the “Google gap,” saying “search engines enable users to discover the existence of blocked websites and provide alternative pathways to get to those sites.”

To defeat that, he said, the new law “will allow injunctions to be made against online search engines, who would be required to take reasonable steps to remove search results that refer users to an infringing online location.”

An expanded "primary purpose" test will let judges issue injunctions against a wider range of sites, to try and stop pirates getting their content from file-share sites like Scribd.

The 2015 regime asks a judge to determine that a site has copyright infringement as its “primary purpose”, and the government reckons pirates are sharing files on what Fletcher called “cyberlockers” which don't fit that description. So the government proposes expanding the test to cover a site that “has 'the primary purpose or the primary effect' of infringing, or facilitating an infringement, of copyright,” Fletcher explained.

In a press statement, communications minister Mitch Fifield said this week the expanded regime will “provide a means for proxy and mirror pirate sites to be blocked quickly”.

To help chase “proxies” and mirrors, the legislation creates what Fletcher called “adaptive injunctions” in his speech: “This will give the court the power to grant injunctions on terms that allow the copyright owner and carriage service provider, by agreement, to apply the injunction to block other pathways that start to provide access to an infringing site.

“The bill will also introduce an evidentiary presumption that will provide that an online location is outside Australia, unless the contrary is proven."

* For international readers: such legislation would be introduced to parliament by the communications minister Mitch Fifield, but he is a senator, so the legislation was brought to the House of Representatives by Fletcher as his proxy.
https://www.theregister.co.uk/2018/10/19/oz_piracy_law/





Streaming Exclusives Will Drive Users Back to Piracy and The Industry is Largely Oblivious
Karl Bode

As you probably have noticed, there's a growing tide of streaming video services popping up to feed users who want a cheaper, more flexible alternative to traditional cable. By and large this has been a very good thing. It's finally driving some competition for bumbling apathetic giants like Comcast, forcing them to at least make a feeble effort to improve customer service. It also reflects a belated admission by the broadcast industry that you need to compete with piracy (instead of say, suing the entire planet and hoping it goes away) by offering users access to cheaper, flexible viewing options.

But the gold rush into streaming has come with a few downsides. Studies have suggested that every broadcaster on the planet will likely have their own streaming service by 2022. In a bid to drive more subscribers to their service, said broadcasters are increasingly developing their own content, or striking their own content exclusivity deals, and then locking that content in an exclusivity silo. For example, if you want to watch Star Trek: Discovery, you need to shell out $6 a month for CBS All Access. Can't miss House of Cards? You'll need Netflix. Bosch? Amazon Prime. The Handmaid's Tale? Hulu.

Again, on its face this impulse makes perfect sense: you want the kind of content that drives users to your platform. And at first it wasn't all that noticeable, because there were only a handful of services. Even if you subscribed to four of them, you still probably were saving money over your traditional cable bill.

The problem is, as more and more companies jump into the streaming market, users are being forced to subscribe to an ocean of discordant services to get access for the content they're looking for. As users are forced to pony up more and more cash for more and more services, it's going to start defeating the purpose of ditching over-priced, traditional cable. But instead of going back to cable, back in March we noted how users are just as likely to consider piracy.

And of course that's already starting to happen, with BitTorrent usage seeing some modest but notable bumps, especially overseas. It's minor now, but if you've paid attention to several decades of piracy precedent, it's not hard to predict the outcome of this rush to cordon off everything into far too many exclusivity silos. Disney, for example, is preparing to pull all of its best content off of Netflix (Star Wars, Pixar, Marvel) and make it exclusive to its own streaming platform. In the wake of its acquisition of Time Warner, AT&T is contemplating doing the same thing with old episodes of shows like Friends.

You may have noticed a trend:

"Before Netflix got into the Original series game, it made a name for itself by licensing content from other distributors like Warner Bros. TV, Paramount Television, and NBC Universal Television. Licensing deals are great for fans who don’t have cable or are looking to discover new series in full, but now that streaming is king, distributors and production companies have realized that they can make more money by consolidating their content on a single streaming service — hence why Disney, WarnerMedia, DC, and other media companies are creating their own platforms with original content."

You'd be pretty hard pressed to find many people in the streaming or broadcast sector who realize the pitfalls of this gold rush toward streaming exclusivity, even after all of the painful piracy and gatekeeper lessons learned thus far. After all, most industry executives are right that having must-watch exclusive content is necessary to drive subscriber adoption, and that developing original content in house is a better financial proposition than skyrocketing broadcast licensing costs. But few have paused, taken a step back, and considered how the rush to exclusivity at scale could come back to bite the sector at large.

That's thanks, in part, to the weird aversion among most journalists and analysts to even mention piracy in their reports or stories. Most reporters and analysts see even mentioning piracy as some kind of bizarre cardinal sin that implies they somehow advocate for the behavior. This tendency to ignore the elephant in the room is a major reason the industry has such a hard time learning that you have to compete with piracy, not engage in idiotic, counter-productive and often harmful attempts to "cure" it with legislation, lawyers, or an endless parade of terrible ideas.

The old adage that those who fail to learn from history are doomed to repeat it will likely hold true here. If the current trend holds, by 2022 consumers will be forced to subscribe to an absolute universe of $10 to $15 per month services just to get all the content they're looking for, on the presumption the average household has an unlimited amount of disposable income.

If history is any indication, it will take another year or two for the industry to identify and admit this exclusivity parade is driving users back to piracy. At that point, they'll probably burn through a rotating crop of "solutions" (like waging war on password sharing), before coming to this central conclusion: that licensing your content to a sensible but not overwhelming crop of companies actually good at the technical and customer service aspects of streaming (like, Netflix) -- instead of everybody and their mother launching their own streaming product -- wasn't such a terrible idea after all.
https://www.techdirt.com/articles/20...blivious.shtml





99.7 Percent of Unique FCC Comments Favored Net Neutrality
Kaleigh Rogers

A new report from Stanford University shows that most commenters were knowledgeable about the issue and very much in favor of keeping the protections.

After removing all duplicate and fake comments filed with the Federal Communications Commission last year, a Stanford researcher has found that 99.7 percent of public comments—about 800,000 in all—were pro-net neutrality.

“With the fog of fraud and spam lifted from the comment corpus, lawmakers and their staff, journalists, interested citizens and policymakers can use these reports to better understand what Americans actually said about the repeal of net neutrality protections and why 800,000 Americans went further than just signing a petition for a redress of grievances by actually putting their concerns in their own words,” Ryan Singel, a media and strategy fellow at Stanford University, wrote in a blog post Monday.

Singel released a report Monday that analyzed the unique comments—as in, they weren’t a copypasta of one or dozens of other letters—filed last year ahead of the FCC’s decision to repeal federal net neutrality protections. That’s from the 22 million total comments filed, meaning that more than 21 million comments were fake, bots, or organized campaigns.

“This is not to say that all non-unique comments filed to the FCC via online campaigns are fake,” the report says, since many commenters used form letters to share their support for net neutrality. “However, due to the large amount of noise created by fake comments, it remains very difficult to locate the real signals in the non-unique comments.”

Before voting to repeal federal net neutrality protections last year, the FCC opened up an online form to collect comments from the public. If you recall, it was a shitshow, with millions of fake comments sent in by bots under phony names, stolen identities, and even names of dead people. It led to multiple lawsuits filed, including one by 23 state attorney general. Despite acknowledging the failures, the FCC refused to investigate or really reconsider the comments at all, though a judge recently ruled that the agency must release records related to the phony comments to the public.

With the help of his colleague Jeff Kao, Singel used machine learning models to identify more than 800,000 unique comments and analyze them, showing that commenters were firmly against repealing the rules, and these commenters spanned the country geographically and politically.

Singel found that “while there were more comments on average from House districts represented by Democrats, a substantial number of unique comments were filed in Republican districts,” the report reads. The average number of comments filed in each district was 1,489, with Republican districts having an average of 1,202.

He also found that unique commenters had a more nuanced understanding of net neutrality law than lawmakers may have assumed, including regularly mentioning the decision to reclassify broadband as a common carrier under Title II of the Communications Act of 1996.

The report also suggests that net neutrality could play a role in the upcoming midterm elections, with many of the so-called “toss up” states having significant representation from pro-net neutrality commenters. For example, California's 45th District is currently held by Republican Representative Mimi Walters, and a tight battle is expected there. In that district, the report found more than 2,300 unique comments filed, the majority of which were opposed to repealing net neutrality.

If this report is any indication, candidates in tight races might want to reexamine their stance on net neutrality.
https://motherboard.vice.com/en_us/a...net-neutrality





New York Attorney General Expands Inquiry Into Net Neutrality Comments
Nicholas Confessore

The New York attorney general subpoenaed more than a dozen telecommunications trade groups, lobbying contractors and Washington advocacy organizations on Tuesday, seeking to determine whether the groups sought to sway a critical federal decision on internet regulation last year by submitting millions of fraudulent public comments, according to a person with knowledge of the investigation.

Some of the groups played a highly public role in last year’s battle, when the Republican-appointed majority on the Federal Communications Commission voted to revoke a regulation issued under President Barack Obama that classified internet service providers as public utilities. The telecommunications industry bitterly opposed the rules — which imposed what supporters call “net neutrality” on internet providers — and enthusiastically backed their repeal under President Trump.

The attorney general, Barbara D. Underwood, last year began investigating the source of more than 22 million public comments submitted to the F.C.C. during the battle. Millions of comments were provided using temporary or duplicate email addresses, others recycled identical phrases, and seven popular comments, repeated verbatim, accounted for millions more.

The noise thrown up by fake or orchestrated comments appears to have favored the telecommunications industry: One study, by a researcher at Stanford, found that virtually all of the unique comments submitted to the F.C.C. — the ones most likely to be bona fide — opposed repeal.

In September, The New York Times sued the F.C.C. to obtain digital records that would help trace the source of the public comments. The case is continuing.

Most strikingly, many comments on net neutrality were falsely submitted under the names of real people, in what amounted to mass acts of virtual identity theft. Some comments used the names of dead people. Ms. Underwood’s investigators have estimated that almost half of all of the comments — more than nine million — used stolen identities.

The investigation traced comments submitted through bulk spreadsheet uploads and through the F.C.C.’s application programming interface, which allows advocates to solicit public comments on their own websites and then transmit those comments to the F.C.C.’s system. Investigators have identified four buckets of apparently fraudulent comments, each of which appears to have been associated with a particular network of advocacy organizations, trade groups and consultants.

“The F.C.C.’s public comment process was corrupted by millions of fake comments,” Ms. Underwood said in a statement. “The law protects New Yorkers from deception and the misuse of their identities. My office will get to the bottom of what happened and hold accountable those responsible for using stolen identities to distort public opinion on net neutrality.”

The companies and groups subpoenaed on Tuesday include Broadband for America, a coalition bankrolled by cable and telecommunications companies; Century Strategies, a political consultancy founded by Ralph Reed; and MediaBridge, a conservative messaging firm whose website boasts of helping to place hundreds of thousands of comments on the F.C.C.’s net neutrality regulation during Mr. Obama’s presidency on behalf of one client.

Ms. Underwood also demanded records and communications from a collection of nonprofits, consultants and vendors her office has linked to the Center for Individual Freedom, an advocacy group set up in the 1990s by a former tobacco lobbyist, which set up efforts last year that yielded thousands of identical comments to the F.C.C. Records are also being sought from a Republican consulting firm called Vertical Strategies.

The attorney general is also seeking records from several pro-neutrality groups, including Free Press and Fight for the Future, a group that advocates for digital rights. Those groups are chiefly funded by foundations and individuals.

The net neutrality battle thrust a spotlight onto the grimy but increasingly high-tech world of regulatory influence campaigns, where industry and advocacy groups compete for political legitimacy by trying to build a record of public support or opposition for proposed policies.

Federal agencies and commissions that issue regulations are generally required to circulate them for public comment, creating a battleground for grass-roots campaigns — and the incentive to inundate agencies with millions of scripted comments that purport to come from real people. Digital messaging firms can build sophisticated campaigns that generate thousands or millions of authentic-seeming comments. Some use language software to build unique-seeming comments out of a set universe of related phrases and words.

The investigation is being spearheaded by a unit of Ms. Underwood’s office that has focused on the emerging world of online fraud, impersonation and abuse, including the theft of social media profiles to create and sell huge networks of fake accounts to commercial clients.
https://www.nytimes.com/2018/10/16/t...-comments.html





Internet Provider Groups Sue Vermont Over Net Neutrality Law
David Shepardson

Five industry groups representing major internet providers and cable companies filed suit on Thursday seeking to block a Vermont law barring companies that do not abide by net neutrality rules from receiving state contracts.

The lawsuit was filed in U.S. District Court in Vermont by groups representing major providers like AT&T Inc (T.N), Comcast Corp (CMCSA.O) and Verizon Communications Inc (VZ.N). It followed a lawsuit by four of the groups earlier this month challenging a much broader California law mandating providers abide by net neutrality rules.

The trade associations are also challenging an executive order on the issue signed by Vermont Governor Phil Scott. Other states, including New York, New Jersey, Rhode Island, Montana and Hawaii, have adopted similar rules to bar state contracts from companies not complying with net neutrality protections.

Scott said he was disappointed the lawsuit was filed against the state “for taking action to protect our citizens and our economy.” The Republican governor said he believed Vermont residents “have a right to free and open access to information on the internet. In the absence of a national standard to protect that right, states must act.”

The Vermont lawsuit was filed by the American Cable Association; CTIA - The Wireless Association; NCTA - The Internet & Television Association; USTelecom - The Broadband Association and the New England Cable & Telecommunications Association.

The lawsuit argues that states cannot regulate “indirectly through their spending, procurement, or other commercial powers what they are forbidden from regulating directly.”

The U.S. Justice Department in late September filed its own lawsuit to block California’s law set to take effect on Jan. 1. A federal judge has set a Nov. 28 hearing.

Under President Donald Trump, the Federal Communications commission voted 3-2 along party lines to reverse the 2015 net neutrality rules that barred internet service providers from blocking or throttling traffic or offering paid fast lanes, also known as paid prioritization.

The Trump administration rules were a win for internet providers but opposed by companies like Facebook Inc (FB.O), Amazon.com Inc (AMZN.O) and Alphabet Inc (GOOGL.O).

The FCC in December handed ISPs sweeping powers to recast how Americans use the internet, as long as they disclose changes. The new rules took effect in June, but providers have made no changes.

The FCC said in repealing the Obama-era rules that it was pre-empting states from setting their own rules governing internet access. FCC Chairman Ajit Pai told Reuters that arguments states could set their own net neutrality rules were “completely baseless.” The FCC did not immediately comment on the Vermont suit.

Reporting by David Shepardson; Editing by Dan Grebler and Peter Cooney
https://www.reuters.com/article/us-u...-idUSKCN1MS2ZU





AT&T Fixes Internet Issues After Outages Reported Across DFW

The fire was contained to an electrical room but burned primary and backup electrical systems, officials said. AT&T was still working Monday afternoon to fix the internet issues.
Ryan Osborne

UPDATE: As of 10:30 p.m. Monday, AT&T said they fixed the internet issues and resumed service for all internet users.

Widespread AT&T internet outages were being reported across the DFW area on Monday after an electrical fire at an AT&T facility, officials said.

The outage map website downdetector.com showed heavy concentrations of outages in Fort Worth, Dallas and Collin County.

Firefighters had responded to a fire at an AT&T switching station in the 1600 block of Firman Drive about 9:45 a.m., Richardson city spokesman Greg Sowell said. The fire was contained to an electrical room and burned primary and backup electrical systems.

On Twitter, an AT&T customer service account, @ATTCares, was responding to dozens of tweets about the outages, initially saying a "direct lightning strike" at the facility caused the outages. The account later tweeted that damage from the fire might have caused the outages.

As of 1:30 p.m., AT&T was still working to fix the internet issues.

Damage caused by a fire at one of our facilities may be affecting internet services for some of our customers in the Dallas area. We are working to restore service as quickly as possible. ^HectorR
— ATTCares (@ATTCares) October 15, 2018

Thank you for bringing this to our attention. Due to a direct lightning strike on one of our facilities in the area, we are experiencing internet issues. We are currently working to restore service as quickly as possible.
— ATTCares (@ATTCares) October 15, 2018


https://www.wfaa.com/article/news/at.../287-604504271





25% of Brits Would Ditch ISP if Porn is Blocked – MoneySupermarket
Jamie Davies

The net neutrality debate could be emerging on the UK horizon but the message here is don’t mess around too much; it wouldn’t take much for consumers to switch ISPs.

New research from MoneySupermarket has indicated UK consumers are pretty sensitive when it comes to the idea of the open internet. This is a debate which has certainly captured the imagination of the US, though the UK has largely been shielded by its inclusion in the European Union and rules being written in Brussels. With Brexit looming large, it is possible the UK would no longer be answerable to BEREC (Body of European Regulators for Electronic Communications) and free to decide its own course down the net neutrality road.

But the message from MoneySupermarket is simple; becoming too authoritarian on what content consumers can access and they will leave pretty sharpish. 64% of respondents would switch ISPs if blocks were put in place, with one in four specifying the blocking of porn as a reason to leave. Right now the status quo is holding solid, with the telcos largely only blocking requested and illegal content, though Brexit could change this.

By leaving the Union the UK is giving up the right to influence any new policies. Therefore, if it remains as part of BEREC it would have to comply with rules it has no influence over, Emily Thompson of MoneySupermarket points out. This would contradict the rationale of Brexit in the first place, though in the pursuit of a healthy relationship with Europe, the rules might have to be swallowed. Having the power to write the rules which govern the land is something which every government around the world would want, therefore staying in BEREC seems unlikely.

“While the dialogue regarding net neutrality in the UK is relatively low-key, it has controversially been repealed in the US, suggesting that it could become a much bigger issue once Brexit is finalised and we look at rethinking European legislation,” said Thompson. “For now, ISPs need to decide what’s in the best interest of their customers: eschewing the current net neutrality laws to reduce competition or getting on the side of the consumer and keeping the internet fair and equal.”

One of the areas which will come under scrutiny should the UK and BEREC part ways is net neutrality. We have already seen how divisive this debate has become in the US, with California introducing its own state level rules contradicting the FCC and potentially leading to a constitutional crisis. The scenario is slightly different in the UK, though the telcos will still want the opportunity to make more money.

Part of the reason net neutrality is such a big topic in the US is due to competition. A notable number of customers have limited options when selecting a broadband provider, which is not the case in the UK. Thanks to the UK being a small island and Openreach laying the foundations for broadband access, most customers have options when it comes to providers. ISPs cannot dictate the terms as much as across the pond and will have to be careful about blocking websites or promoting certain traffic for fear of losing customers to competitors.

However, executives might not be able to resist the temptation of making more money. The idea of a two-speed digital highway would be attractive to the telcos, monetizing the speed of delivery to the consumer. Experience is everything nowadays, and a slow-loading website might be enough for a consumer never to consider that curry house or wallpaper manufacturer ever again. We doubt the ISPs would go as far as holding the businesses to ransom by blocking websites who don’t pay or because a competitor pays for it, but it is a possibility.

Predicting which way the relationship with BEREC will go is a tricky one right now as it relies on the final deal the UK strikes with the European Union. We can’t imagine the UK Government will be happy about being told about how to regulate its own telco industry, irrelevant of how friendly the final terms are. It might not be too long before the net neutrality debate washes ashore; prepare for some propaganda from the telcos about why it is fair to create a digital toll-road to help fund the rollout of infrastructure.
http://telecoms.com/492851/25-of-bri...eysupermarket/





'Do Not Track,' the Privacy Tool Used by Millions of People, Doesn't Do Anything
Kashmir Hill

When you go into the privacy settings on your browser, there’s a little option there to turn on the “Do Not Track” function, which will send an invisible request on your behalf to all the websites you visit telling them not to track you. A reasonable person might think that enabling it will stop a porn site from keeping track of what she watches, or keep Facebook from collecting the addresses of all the places she visits on the internet, or prevent third-party trackers she’s never heard of from following her from site to site. According to a recent survey by Forrester Research, a quarter of American adults use “Do Not Track” to protect their privacy. (Our own stats at Gizmodo Media Group show that 9% of visitors have it turned on.) We’ve got bad news for those millions of privacy-minded people, though: “Do Not Track” is like spray-on sunscreen, a product that makes you feel safe while doing little to actually protect you.

“Do Not Track,” as it was first imagined a decade ago by consumer advocates, was going to be a “Do Not Call” list for the internet, helping to free people from annoying targeted ads and creepy data collection. But only a handful of sites respect the request, the most prominent of which are Pinterest and Medium. (Pinterest won’t use offsite data to target ads to a visitor who’s elected not to be tracked, while Medium won’t send their data to third parties.) The vast majority of sites, including this one, ignore it.

Yahoo and Twitter initially said they would respect it, only to later abandon it. The most popular sites on the internet, from Google and Facebook to Pornhub and xHamster, never honored it in the first place. Facebook says that while it doesn’t respect DNT, it does “provide multiple ways for people to control how we use their data for advertising.” (That is of course only true so far as it goes, as there’s some data about themselves users can’t access.) From the department of irony, Google’s Chrome browser offers users the ability to turn off tracking, but Google itself doesn’t honor the request, a fact Google added to its support page some time in the last year. A Google spokesperson says Chome lets users “control their cookies” and that they can also “opt out of personalized ads via Ad Settings and the AdChoices industry program” which results in a user not having “ads targeted based on inferred interests, and their user identifier will be redacted from the real-time bid request.”

There are other options for people bothered by invasive ads, such as an obscure opt-out offered by an alliance of online advertising companies, but that only stops advertising companies from targeting you based on what they know about you, not from collecting information about you as you browse the web, and if a person who opts out clears their cookies—a good periodic privacy practice—it clears the opt-outs too, which is why technologists suggested the DNT signal as an easier, clearer way of stopping tracking online.

“It is, in many respects, a failed experiment,” said Jonathan Mayer, an assistant computer science professor at Princeton University. “There’s a question of whether it’s time to declare failure, move on, and withdraw the feature from web browsers.”

That’s a big deal coming from Mayer: He spent four years of his life helping to bring Do Not Track into existence in the first place.

Why do we have this meaningless option in browsers? The main reason why Do Not Track, or DNT, as insiders call it, became a useless tool is that the government refused to step in and give it any kind of legal authority. If a telemarketer violates the Do Not Call list, they can be fined up to $16,000 per violation. There is no penalty for ignoring Do Not Track.

In 2010, the Federal Trade Commission endorsed the idea of Do Not Track, but rather than mandating its creation, the Obama administration encouraged industry to figure out how it should work via a “multistakeholder process” that was overseen by W3C, an international non-governmental organization that develops technical standards for the web. It wound up being an absolutely terrible idea.

Technologists quickly came up with the code necessary to say “Don’t track me,” by having the browser send out a “DNT:1" signal along with other metadata, such as what machine the browser is using and what font is being displayed. It was a tool similar to “robots.txt,” which can be inserted into the HTML of a web page to tell search engines not to index that page so it won’t show up in search results. The “stakeholders” involved in the DNT standard-setting process—mainly privacy advocates, technologists, and online advertisers—couldn’t, though, come to an agreement about what a website should actually do in response to the request. (The W3C did come up with a recommendation about what websites and third parties should do when a browser sends the signal—namely, don’t collect their personal data, or de-identify it if you have to—but the people that do the data collection never accepted it as a standard.)

“Do Not Track could have succeeded only if there had been some incentive for the ad tech industry to reach a consensus with privacy advocates and other stakeholders—some reason why a failure to reach a negotiated agreement would be a worse outcome for the industry,” said Arvind Narayanan, a professor at Princeton University who was one of the technologists at the table. “Around 2011, the threat of federal legislation brought them to the negotiating table. But gradually, that threat disappeared. The prolonged negotiations, in fact, proved useful to the industry to create the illusion of a voluntary self-regulatory process, seemingly preempting the need for regulation.”

It is, in many respects, a failed experiment.

The biggest obstacle was advertisers who didn’t want to give up delicious data and revenue streams; they insisted that DNT would “kill online growth” and stymied the process. (You can chart the death of Do Not Track by the declining number of emails sent around on the W3C list-serv.) By the time the debate was winding down at the end of 2013, it wasn’t even about not tracking people, just not targeting them, meaning trackers could still collect the data but couldn’t use it to show people intrusive ads based on what they’d collected. The inability to reach a compromise on what DNT should be led sites like Reddit to declare “there is no accepted standard for how a website should respond to [the Do Not Track] signal, [so] we do not take any action in response to this signal.”

To demonstrate their theoretical support for DNT—or from a more skeptical perspective, to garner some positive press—Google, Microsoft, Apple, Mozilla, and others started offering the “Do Not Track” option in their respective browsers, but absent a consensus around the actions required in response to the DNT:1 signal, these browsers are just screaming for privacy into a void.

“It’s really sad that companies are not listening to their users and put weak and misleading pretexts to not respect their choice of privacy,” said Andrés Arrieta, tech projects manager at the Electronic Frontier Foundation, who attempted in 2017 to breathe life back into Do Not Track by establishing a new standard for what websites should do when they see someone send the DNT:1 signal. (Everyone ignored it.)

“It would have been better for the web if DNT had worked. It was the polite option: Users could signal their preferences and websites would honor those preferences,” said Mayer by phone. “The alternative is the non-polite option of ad-blocking and cookie blocking, which is the way the conversation is now moving. In a world without DNT, ad-blocking has taken off.”

Every year, more people turn on adblockers, much to websites’ chagrin, causing publishers to institute paywalls and use pop-up requests to beg people to turn the blockers off. (You can see the latter by browsing our sites here at Gizmodo Media Group). Apple and Mozilla are both building tools into their browsers to block third-party tracking; in Firefox’s case, it will be by default.

Dennis Buchheim, a senior vice president at online advertising group IAB’s Tech Lab, said in a statement that DNT, as designed, was too blunt an instrument and didn’t allow users to “exempt their trusted sites, effectively limiting users to all-or-nothing.” He calls Apple’s and Mozilla’s new anti-tracking offerings “a poor but logical evolution of the intentions of DNT” and hopes for a more “collaborative approach” that involves users telling sites one-by-one what tracking they’re willing to allow.

Meanwhile, tracking is becoming even more intrusive and spilling over into the real world, with phones emitting ultrasonic sounds and Google tracking Android users’ locations despite their stated preferences. By not giving people a real choice about whether they are willing to be tracked, the internet remains locked in an arms race over privacy, with new tools and methods constantly being created to try to subvert the desires of the party on the other side of the data divide. Meanwhile, lawmakers in D.C. continue their decades of empty talk about passing a federal privacy law to regulate online data-brokering. If they finally succeed this year, the primary motivation is to overrule a robust privacy law recently passed in California, which is not the purest of motives.

Given that most people involved see Do Not Track as a failed experiment, what do we do with it now? At least one browser is considering getting rid of the option.

“Mozilla has been a strong supporter of the DNT concept but is disappointed by the low rate of adoption across the industry,” said Firefox product lead Peter Dolanjski in a statement sent via email. “That is why we have announced plans for a stronger set of default protections that do not depend on sites independently deciding whether to respect user intent. We will be evaluating what to do with the DNT setting as we implement these protections.”

Many of the technologists and privacy advocates who pushed for the Do Not Track option a decade ago admit that the setting could give users a false expectation of privacy, but they remain stubbornly attached to it.

“The flag gives websites a strong signal of the demand for privacy from their users,” said Narayanan by email.

Some think “Do Not Track” shouldn’t be abandoned because of the hope that it might one day finally be empowered to actually do something.

“We have seen strong Do Not Track adoption by users, rather than by companies, with millions of users’ privacy requests ignored,” said Aleecia McDonald, an assistant professor at Carnegie Mellon University, who helped oversee the DNT process. “The push for privacy in Europe could use Do Not Track as a technical mechanism, as could California’s new Consumer Privacy law.”

In other words, we have a tool that works for telling the internet that a person wants privacy. The problem is that the companies that dominate the internet are, for the most part, plugging their ears and saying, “Nah, nah, nah, nah, I don’t hear you, nah, nah, nah, nah, I don’t hear you,” and will continue to do so until the government forces them to take their fingers out of their ears.

Gabe Weinberg, the founder of the private search engine DuckDuckGo, which doesn’t track any of its users, may have framed it best. He thinks that unless a federal law that “gives some real regulatory teeth to Do Not Track” passes, the option “should be removed from all browsers because it is otherwise misleading, giving people a false sense of security.”

Until that happens, please know that if you turn on “Do Not Track,” it’s not doing anything to protect you unless you’re surfing Pinterest or reading Medium while logged out. It’s one thing to tell someone you want to be left alone, and another to get them to care.
https://gizmodo.com/do-not-track-the...eop-1828868324





Major Browsers Simultaneously Drop Support for Old Security Standards
Devin Coldewey

Firefox, Chrome, Edge, Internet Explorer and Safari are all dropping support for older versions of the online security protocol TLS, used in practically any encrypted exchange online. While few people or machines are using the long-unsafe TLS 1.0 and 1.1, they’re still permitted in many connections — but not for long.

Transport Layer Security is a community-developed standard that got its 1.0 release nearly 20 years ago. It and its close relative, 1.1, have known flaws that make them unsafe to use for any secure communications. 1.2 addressed these major flaws in 2008 and is currently used by the vast majority of clients. 1.3, released earlier this year, both improves and streamlines the standard, but as yet has only a limited presence online as many servers and services haven’t been updated to support it.

Mozilla, Google, Microsoft and WebKit all made separate but similar announcements on their blogs, essentially that the old versions, 1.0 and 1.1, will be phased out by early 2020 — March specifically for some, which we can take as a general indicator for the others.

“Two decades is a long time for a security technology to stand unmodified,” wrote Microsoft’s Kyle Pflug. “While we aren’t aware of significant vulnerabilities with our up-to-date implementations of TLS 1.0 and TLS 1.1, vulnerable third-party implementations do exist. Moving to newer versions helps ensure a more secure Web for everyone.”

As a user you don’t need to do a thing. The browsers and apps you use will work just as they have before — chances are they’re all using 1.2 already. Mozilla shared a chart showing that only a smattering of connections it sees use the earlier versions:

These connections, low by proportion but still numerous, could be lots of things. Legacy machines embedded here are there; old apps for which the security stack hasn’t been updated in years; hacked devices. It’s almost certainly not you or even your parents.

The long lead time is given because of the possibility (nay, inevitability) that there are some critical systems (for example in aging municipal infrastructure) that will cease to work because of this change. People need time to do a real audit, although they probably should have done it years ago.

This move should make everyone a little safer online, though everything will continue to act exactly as it did before. That’s by design.
https://techcrunch.com/2018/10/15/ma...ity-standards/





The Epic Facebook Hack Could Affect You Well Beyond Facebook

When 2FA becomes 1FA
Nikhil Sonnad

“Two-factor authentication” is a reassuring phrase. Setting it up feels like installing a brand-new, heavy-duty deadbolt on your door. Until you realize that there is a single building that stores the working keys for millions of deadbolts, paired with your name and address, and that that place is guarded by people who don’t understand locks very well.

That is basically the realization millions of Facebook users are having (or should be) as the result of the company’s latest massive security breach. In an Oct. 12 post cryptically and unhelpfully titled “An Update on the Security Issue,” Guy Rosen, Facebook’s VP of product management, wrote that for “15 million people, attackers accessed two sets of information—name and contact details (phone number, email, or both, depending on what people had on their profiles).”

That effectively compromises two-factor authentication for all of those users, not just on Facebook, but on any service that allows only text messages as the second form of authentication. (Here’s how to find out if you are affected.)

Security freaks have long been telling us not to rely on text messages for two-factor authentication. It might seem safe—your phone is Face ID’d, or has a long password, or an especially elaborate gesture thingy. But the technology that causes a text to get to you in the first place is not itself secure.

As Wired wrote in 2016, “Attacks on political activists in Iran, Russia, and even here in the US have shown that determined hackers can sometimes hijack the SMS messages meant to keep you safe.” Last year, security researchers at Positive Technologies made a video in which they easily intercept SMS messages and gain access to the Gmail and Coinbase accounts of a hypothetical target, using just their name and phone number.

For the 15 million people mentioned, any service they are registered with that uses text messaging for two-factor authentication effectively has been reduced back to one factor—the bad old password. And that is the case for many services. Only days ago did Instagram, which is owned by Facebook, move away from using only text messages for 2FA.

The Facebook hackers would have at least the names and phone numbers or emails for those 15 million. But they have a lot more, too. The post continues:

“For 14 million people, the attackers accessed the same two sets of information [as in name, number and/or email], as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.”

That has the makings of an epic phishing expedition. It might even be enough to answer other, more personal forms of authentication, like the “only you know the answer” security questions banks often use.

Facebook compromising text-based SMS is made even worse by the fact that, as was recently revealed, it allowed advertisers to target users based on their phone numbers, even if they had only shared those numbers with Facebook for the purpose of… setting up two-factor authentication.

It’s no wonder that, after that came to light, CEO Mark Zuckerberg couldn’t really answer when asked whether users should still trust his company.
https://qz.com/1423466/the-epic-face...yond-facebook/





An Open Letter to Microsoft: Don’t Bid on the US Military’s Project JEDI

Written by
Employees of Microsoft

We joined Microsoft to create a positive impact on people and society, with the expectation that the technologies we build will not cause harm or human suffering. Tuesday’s blog post serves as a public declaration of Microsoft’s intent to bid on the Joint Enterprise Defense Infrastructure (JEDI) contract — a contract that represents a $10 billion project to build cloud services for the Department of Defense. The contract is massive in scope and shrouded in secrecy, which makes it nearly impossible to know what we as workers would be building. At an industry day for JEDI, DoD Chief Management Officer John H. Gibson II explained the program’s impact, saying, “We need to be very clear. This program is truly about increasing the lethality of our department.”

Many Microsoft employees don’t believe that what we build should be used for waging war. When we decided to work at Microsoft, we were doing so in the hopes of “empowering every person on the planet to achieve more,” not with the intent of ending lives and enhancing lethality. For those who say that another company will simply pick up JEDI where Microsoft leaves it, we would ask workers at that company to do the same. A race to the bottom is not an ethical position. Like those who took action at Google, Salesforce, and Amazon, we ask all employees of tech companies to ask how your work will be used, where it will be applied, and act according to your principles.

Recently, Google executives made clear that they will not use artificial intelligence “for weapons, illegal surveillance, and technologies that cause ‘overall harm.” This was only after thousands of Google workers spoke out in the name of ethics and human rights. On Tuesday, the company withdrew from the JEDI bidding war, since they “couldn’t be assured that it would align with [their] A.I. Principles,” principles they put in place in response to sustained employee pressure. With a large number of workers vocally opposed, executives were left with no choice but to pull out of the bid.

We need to put JEDI in perspective. This is a secretive $10 billion project with the ambition of building “a more lethal” military force overseen by the Trump Administration. The Google workers who protested these collaborations and forced the company to take action saw this. We do too.

So we ask, what are Microsoft’s A.I. Principles, especially regarding the violent application of powerful A.I. technology? How will workers, who build and maintain these services in the first place, know whether our work is being used to aid profiling, surveillance, or killing?

Earlier this year Microsoft published “The Future Computed,” examining the applications and potential dangers of A.I. It argues that strong ethical principles are necessary for the development of A.I. that will benefit people, and defines six core principles: “fair, reliable and safe, private and secure, inclusive, transparent, and accountable.”

With JEDI, Microsoft executives are on track to betray these principles in exchange for short-term profits. If Microsoft is to be accountable for the products and services it makes, we need clear ethical guidelines and meaningful accountability governing how we determine which uses of our technology are acceptable, and which are off the table. Microsoft has already acknowledged the dangers of the tech it builds, even calling on the federal government to regulate A.I. technologies. But there is no law preventing the company from exercising its own internal scrutiny and standing by its own ethical compass.

Since the cloud and edge solutions listed on Azure’s blog fall under the category of cutting-edge intelligent technology, it should be subject to review by Microsoft’s A.I. ethics committee, Aether. Eric Horvitz (our Research Lab Director) has stated that Aether “has teeth.” But if Aether does not consider this kind of ethical dilemma, then what exactly is it for? With no transparency in these negotiations, and an opaque ethics body that arbitrates moral decisions, accepting this contract would make it impossible for the average Microsoft employee to know whether or not they are writing code that is intended to harm and surveil.

Hundreds of employees within Microsoft have voiced ethical concerns regarding the company’s ongoing contract with Immigration and Customs Enforcement (ICE), in which the company provides “mission-critical” Azure cloud computing services that have enabled ICE to enact violence and terror on families at the border and within the United States. Despite our objections, the contract remains in place. Microsoft’s decision to pursue JEDI reiterates the need for clear ethical guidelines, accountability, transparency, and oversight.

Microsoft, don’t bid on JEDI.

Signed by employees of Microsoft

https://medium.com/s/story/an-open-l...i-7279338b7132





Smart Home Surveillance: Governments Tell Google's Nest To Hand Over Data 300 Times
Thomas Brewster

Anyone pumped for this week's launch of Google's Home Hub might want to temper their excitement. A smart home is a surveilled home. That’s been the concern of privacy activists since citizens started lighting up their abodes with so-called “smart” tech in recent years.

Take Google’s current smart home division, Nest Labs. It’s been told to hand over data on 300 separate occasions since 2015. That’s according to a little-documented transparency report from Nest, launched a year after the $3.2 billion Google acquisition. The report shows around 60 requests for data were received by Google’s unit in the first half of this year alone. In all those cases recorded from 2015 onwards, governments have sought data on as many as 525 different Nest account holders.

On Friday Forbes revealed the first known case in the U.S. where Nest handed over surveillance feeds and customer data from its cameras. Indeed, it appears to be the first documented case of Nest assisting law enforcement in such a manner anywhere in the world. The information was provided to investigators looking into a $1.2 million fraud, perpetrated by a rap crew that had taken control of surveillance technology tracking 95% of Americans.

The Nest transparency report isn’t as detailed as its parent company’s, or those of other tech giants like Facebook, Microsoft and Twitter. It doesn’t give specific numbers on data requests, for instance, only a bar chart where the user is left to guess at precise figures. It also doesn’t drill down what countries made what requests. Nest didn’t respond to requests for more specific data.

It’s clear Nest does hand over information in many cases where it’s asked, but in most it doesn’t. In the first half of 2018, less than 20% of requests received data in return. That’s the lowest proportion of any half year since the Google subsidiary started recording information. Back in the second half of 2015, the proportion was up at nearly 60%.

“If a US government agency presented us with a search warrant to investigate a crime they think was captured on a Nest Cam, we wouldn’t just hand over user data,” Nest says on its transparency report page. “We’d analyze the request to be sure the warrant wasn’t overly broad, then we’d make sure the information they requested was within the scope of the warrant.”

The company also noted it has never received a National Security Letter. Such NSLs are typically filed by intelligence agencies looking for company data. They also normally come with a gag order preventing businesses from revealing their very existence. That means that if Nest ever removes its disclaimer that it hasn’t received an NSL, it likely has been sent one.

Enough transparency?

With a lack of specificity within Nest’s own reporting on government data grabs, users could be forgiven for asking for more. They may not even know that Nest is handing over customer information in the first place.

Greg Nojeim, senior counsel for the Center for Democracy and Technology, said that whilst it was positive the feds required a warrant in the case uncovered by Forbes, customers could be better informed on what’s happening with their privacy.

"Because Nest data includes sensitive content about happened in a home, Google was right to require that the government obtain a warrant in order to gain access to it,” Nojeim said.

“People who use Nest must be told that very private information about what is happening in their homes is being recorded and could be shared, without prior notice, with law-enforcement when it obtains proper legal process.

“Google should also inform users of its data retention policies and, in the case of sensitive Nest data, dispose of it in a short time frame that is noticed to users.”

Other smart home tech has been of use to cops, though there remain few examples. In 2016, Amazon was served with a search warrant demanding recordings from an Echo device in the trial of James Andrew Bates, who was accused of murder. Amazon fought the order, but gave up the ghost in early 2017, handing over what recordings it had. The case against Bates was later dismissed.
https://www.forbes.com/sites/thomasb...ata-300-times/





Smart Home Makers Hoard Your Data, But Won’t Say if the Police Come for it

Device makers won't say if your smart home gadgets spied on you
Zack Whittaker

A decade ago, it was almost inconceivable that nearly every household item could be hooked up to the internet. These days, it’s near impossible to avoid a non-smart home gadget, and they’re vacuuming up a ton of new data that we’d never normally think about.

Thermostats know the temperature of your house, and smart cameras and sensors know when someone’s walking around your home. Smart assistants know what you’re asking for, and smart doorbells know who’s coming and going. And thanks to the cloud, that data is available to you from anywhere — you can check in on your pets from your phone or make sure your robot vacuum cleaned the house.

Because the data is stored or accessible by the smart home tech makers, law enforcement and government agencies have increasingly sought data from the companies to solve crimes.

And device makers won’t say if your smart home gadgets have been used to spy on you.

For years, tech companies have published transparency reports — a semi-regular disclosure of the number of demands or requests a company gets from the government for user data. Google was first in 2010. Other tech companies followed in the wake of Edward Snowden’s revelations that the government had enlisted tech companies’ aid in spying on their users. Even telcos, implicated in wiretapping and turning over Americans’ phone records, began to publish their figures to try to rebuild their reputations.

As the smart home revolution began to thrive, police saw new opportunities to obtain data where they hadn’t before. Police sought Echo data from Amazon to help solve a murder. Fitbit data was used to charge a 90-year old man with the murder of his stepdaughter. And recently, Nest was compelled to turn over surveillance footage that led to gang members pleading guilty to identity theft.

Yet, Nest — a division of Google — is the only major smart home device maker that has published how many data demands it receives.

As first noted by Forbes last week, Nest’s little-known transparency report doesn’t reveal much — only that it’s turned over user data about 300 times since mid-2015 on over 500 Nest users. Nest also said it hasn’t to date received a secret order for user data on national security grounds, such as in cases of investigating terrorism or espionage. Nest’s transparency report is woefully vague compared to some of the more detailed reports by Apple, Google and Microsoft, which break out their data requests by lawful request, by region and often by the kind of data the government demands.

As Forbes said, “a smart home is a surveilled home.” But at what scale?

We asked some of the most well-known smart home makers on the market if they plan to release a transparency report, or disclose the number of demands they receive for data from their smart home devices.

For the most part, we received fairly dismal responses.

What the big four tech giants said

Amazon did not respond to requests for comment when asked if it will break out the number of demands it receives for Echo data, but a spokesperson told me last year that while its reports include Echo data, it would not break out those figures.

Facebook said that its transparency report section will include “any requests related to Portal,” its new hardware screen with a camera and a microphone. Although the device is new, a spokesperson did not comment on if the company will break out the hardware figures separately.

Google pointed us to Nest’s transparency report but did not comment on its own efforts in the hardware space — notably its Google Home products.

And Apple said that there’s no need to break out its smart home figures — such as its HomePod — because there would be nothing to report. The company said user requests made to HomePod are given a random identifier that cannot be tied to a person.
What the smaller but notable smart home players said

August, a smart lock maker, said it “does not currently have a transparency report and we have never received any National Security Letters or orders for user content or non-content information under the Foreign Intelligence Surveillance Act (FISA),” but did not comment on the number of subpoenas, warrants and court orders it receives. “August does comply with all laws and when faced with a court order or warrant, we always analyze the request before responding,” a spokesperson said.

Roomba maker iRobot said it “has not received any demands from governments for customer data,” but wouldn’t say if it planned to issue a transparency report in the future.

Both Arlo, the former Netgear smart home division, and Signify, formerly Philips Lighting, said they do not have transparency reports. Arlo didn’t comment on its future plans, and Signify said it has no plans to publish one.

Ring, a smart doorbell and security device maker, did not answer our questions on why it doesn’t have a transparency report, but said it “will not release user information without a valid and binding legal demand properly served on us” and that Ring “objects to overbroad or otherwise inappropriate demands as a matter of course.” When pressed, a spokesperson said it plans to release a transparency report in the future, but did not say when.

Spokespeople for Honeywell and Canary — both of which have smart home security products — did not comment by our deadline.

And, Samsung, a maker of smart sensors, trackers and internet-connected televisions and other appliances, did not respond to a request for comment.

Only Ecobee, a maker of smart switches and sensors, said it plans to publish its first transparency report “at the end of 2018.” A spokesperson confirmed that, “prior to 2018, Ecobee had not been requested nor required to disclose any data to government entities.”

All in all, that paints a fairly dire picture for anyone thinking that when the gadgets in your home aren’t working for you, they could be helping the government.

As helpful and useful as smart home gadgets can be, few fully understand the breadth of data that the devices collect — even when we’re not using them. Your smart TV may not have a camera to spy on you, but it knows what you’ve watched and when — which police used to secure a conviction of a sex offender. Even data from when a murder suspect pushed the button on his home alarm key fob was enough to help convict someone of murder.

Two years ago, former U.S. director of national intelligence James Clapper said the government was looking at smart home devices as a new foothold for intelligence agencies to conduct surveillance. And it’s only going to become more common as the number of internet-connected devices spread. Gartner said more than 20 billion devices will be connected to the internet by 2020.

As much as the chances are that the government is spying on you through your internet-connected camera in your living room or your thermostat are slim — it’s naive to think that it can’t.

But the smart home makers wouldn’t want you to know that. At least, most of them.
https://techcrunch.com/2018/10/19/sm...nment-demands/





How An Amateur Rap Crew Stole Surveillance Tech That Tracks Almost Every American
Thomas Brewster

On a June day last year, a skinny, dreadlocked 29-year-old rapper known as Tony Da Boss lay in bed in a redbrick apartment on a tree-lined street in Charlotte, North Carolina. It was not the kind of place you’d associate with a million-dollar criminal conspiracy. But Da Boss (real name Damonte Withers) was a leader of the FreeBandz Gang, an amateur hip-hop crew of twentysomethings who were into much more nefarious activities than laying down tracks.

There were warning signs that things were going to get real. Alerts on Da Boss’ iPhone warned that his Google Nest surveillance cameras with views into and outside the apartment had picked up movement. Outside, a full cast of law enforcement personnel from the Secret Service, the U.S. Postal Inspection Service and the local police department were primed to swoop in.

Inside, they found piles of marijuana and multiple firearms. More intriguing, there were bundles of cash alongside fake-ID-card printers, 36 credit card blanks and reams of printouts containing American citizens’ personal data. Investigators spotted the Nest cameras and would soon make the first publicly known federal government demand for customer information and surveillance footage from Google’s smart home division.

From January to June 2018, seven members of Da Boss’ gang pleaded guilty to various identity theft charges. In total they had caused about $1.2 million in damage, using stolen identities to buy luxury cars and iPhones and to lease apartments in Charlotte. Both they and their crimes would have been quickly forgotten as garden variety larceny were it not for the way they stole those identities.

Cops alleged Da Boss and his co-conspirators had access to the Holy Grail for any Internet-age scam artist: a surveillance technology that police and debt collectors use to track most of the United States’ 325 million inhabitants via their Social Security numbers, license plates, address histories, names and dates of birth. The mass-monitoring tech, called TLO, is a product of the Chicago-based credit reporting giant TransUnion, which last year had revenues of nearly $1.9 billion. One brochure for the service promises access to a startling amount of personal data drawn from myriad sources: more than 350 million Social Security numbers of dead and living Americans, 225 million employment histories and four billion address records. Add to that billions of vehicle registrations and call records and you have one of the largest commercial surveillance databases in existence.

It’s used not just by cops but also by debt collectors and private companies carrying out background checks. Private investigators use it to track cheating spouses. But in the wrong hands it can be used to steal the identity of almost anyone in America. And Da Boss and his crew got access to it.

Writing in support of the court order to use the Nest camera footage in its investigation, U.S. Postal Service investigator Randall Berkland said TLO allowed users to research virtually anyone in the United States. Berkland would know: He’d used the tool extensively to investigate several crimes. And, he added, “Users would have unlimited access and resources to commit identity theft and fraud.”

“The opportunity for misuse is massive,” says Cooper Quintin, a technologist with the Electronic Frontier Foundation, which advocates for Internet civil rights. “Even if one were to require a court order for access to this database it could still be stolen by hackers, spies or rogue employees and used for illegal and harmful purposes.”

Founded in 2009, TLO was the brainchild of the data mining pioneer Hank Asher, who died in 2013. The name, an abbreviation of The Last One, was Asher’s final entrepreneurial project, the third of a trio of massive data mining enterprises, which included Database Technologies and Seisint. Database Technologies, whose main product, AutoTrack, was used by insurance companies and cops to hunt down people’s vehicles, merged with Choicepoint in 2000; Seisint, which did much the same as Database Technology on a grander scale, sold to database goliath LexisNexis for $775 million in 2004. In 2008, Choicepoint was bought by LexisNexis’ parent company, Reed Elsevier, for $4.1 billion.

Asher, a bulky, bearded, eccentric savant who admitted to smuggling cocaine into the U.S. in the 1980s (he never faced charges), was an innovator in the field of surveillance via data correlation, long before dark arts companies like Palo Alto, California’s Palantir grew into unicorns sporting multibillion-dollar valuations.

“He was, in my humble opinion, a technology genius, a computer math genius,” says Martha Walters Barnett, a former TLO chief privacy officer. “He was among the first to acknowledge … that insignificant, unrelated pieces of data, when put together in the right way, could become a powerful tool.”

According to a 2004 report in Vanity Fair, Asher’s software helped identify associates of the 9/11 terrorists. It was later celebrated by Dick Cheney and Rudy Giuliani, though privacy activists warned it was a dangerous surveillance tool. Believing the privacy concerns around his work were overblown, Asher went on to create TLO. Though it was designed to hunt child predators, Asher had big ambitions for the product, which stalled after his death. A year later, TransUnion bought TLO for $154 million.

Today TransUnion says TLO is capable of “processing trillions of records at sub-second speeds.” It can quickly uncover relevant data like individuals’ family members and social media profiles. One of the most important features for law enforcement combines photos from surveillance cameras with a huge trove of license plate numbers to nearly instantly track suspect vehicles. Among its biggest government clients are the Department of Justice, the Secret Service and the U.S. Navy. A license for a single user costs less than $1,500 a month.

Barnett says she and Asher worked together to ensure there was no abuse of TLO. Onsite visits would be made to clients, who would undergo a strict vetting process. Only those who passed muster were given a login, Walters says. “We were very selective.”

When it came to law enforcement, TLO was more trusting. From the very beginning, the software was made available to any cop in the country who wanted it.

A TransUnion spokesperson says the same auditing processes are in place today, including site visits for every customer and multiple checks with state authorities to guarantee the authenticity of clients. But on occasion, crooks have found ways to slip through the cracks. And in 2017, the government alleged that a rogue employee at a debt collection company abused access to the database and worked with a group of young gangster rap wannabes to start stealing Americans’ identities.

It remains unclear just how many routes Da Boss and his crew had into TLO. But they had more than one. According to court records, Da Boss and a number of his crew (James Willingham, Deandre Howze and Alexsandera Mobley) had direct access to TLO information. Mobley was querying names on TLO as far back as October 2016, her indictment claims.

At least at times, the rap crew bought their way in with the help of another charged coconspirator, Lakesiah Norman. Norman had direct access to TLO through her part-time work at an unnamed Charlotte debt collection agency between May and October 2017. That’s according to a court document supporting her plea agreement, signed in May 2018.

Norman would query the database, find people with good credit ratings who were ripe targets for identity theft and sell their information, including name, Social Security number and date of birth. Norman did this for at least 20 people, charging just $100 for each victim’s data.

Da Boss’ group got access in other ways, too. A TransUnion spokesperson told Forbes that four other authorized customers of TLO had their access to the database abused by rogue employees to feed the FreeBandz Gang. The spokesperson declined to provide more detail.

The irony that TLO was abused for months by the same kinds of thieves the surveillance tech was designed to ensnare has not been lost on critics of TransUnion. “Their whole business is supposedly identifying people,” says Jay Stanley, a senior policy analyst at the ACLU, “but they can’t even authenticate people who’re their customers.”

Once they’d stolen citizens’ identities, the rappers went on spending sprees, according to the government. The DOJ said the scammers used fake IDs to purchase and resell iPhones and iPads. They leased luxury apartments and purchased expensive cars. In one case, two of the coconspirators took out a fraudulent loan of about $30,000 and used the funds to acquire a 2014 Mercedes-Benz, according to North Carolina court filing supporting Mobley’s plea deal.

It’s unclear if their Nest cameras were bought with illicit funds. But the purchase backfired. Just as the crooks turned the turbo-powered TLO software on its head, cops used the Nests against their owners. In June last year, Postal Service investigator Berkland obtained a warrant ordering Google to hand over all the data related to those cameras. The company complied, shipping surveillance footage back, along with personal details of its owners. It’s the first known case in the United States in which a federal law enforcement agency has demanded information from a Nest provider, and it has obvious implications for anyone who has purchased a smart home appliance that contains a camera or a microphone. The DOJ declined to comment.

A Nest spokesperson says the company doesn’t comment on specific cases but notes that it has received demands for data from governments before, which it has revealed in a transparency report. Within that report are the number of requests received and the percentage of those requests that resulted in data being handed to the authorities. The report doesn’t break down requests by geography, and Nest didn’t provide information on the number of orders from the U.S. government.

The various members of Da Boss’ gang pleaded guilty in July and are awaiting sentencing. It’s the first publicly known fraudulent use of TLO, but it has happened before. TransUnion says that while breaches like the one perpetrated by the FreeBandz Gang members are rare, it wasn’t the first time criminals have gained access to its databases. TransUnion declined to provide any specific detail on other incidents.

Average citizens have little recourse. There’s no easy way to have their information removed from TLO. “As long as such a database exists,” says the EFF’s Quintin, “it is a threat to the privacy of every American.”
https://www.forbes.com/sites/thomasb...very-american/





Twitter Under Formal Investigation for How It Tracks Users in the GDPR Era
David Meyer

Twitter is being investigated by Irish privacy authorities over its refusal to give a user information about how it tracks him when he clicks on links in tweets.

When Twitter (twtr) users put links into tweets, the service applies its own link-shortening service, t.co, to them. Twitter says this allows the platform to measure how many times a link has been clicked, and helps it to fight the spread of malware through dodgy links.

However, privacy researcher Michael Veale, who works at University College London, suspects that Twitter gets more information when people click on t.co links, and that it might use them to track those people as they surf the web, by leaving cookies in their browsers.

As is his right under the new General Data Protection Regulation (GDPR)—the sweeping set of privacy rules that came into effect across the EU in May—Veale asked Twitter to give him all the personal data it holds on him.

The company refused to hand over the data it recorded when Veale clicked on links in other people’s tweets, claiming that providing this information would take a disproportionate effort. So, in August, Veale complained to the Irish Data Protection Commission (DPC), which on Thursday told him it was opening an investigation. As is common with big tech firms, Twitter’s European operations are headquartered in Dublin, which is why Veale complained in Ireland.

“The DPC has initiated a formal statutory inquiry in respect of your complaint,” the watchdog said in a letter to Veale. “The inquiry will examine whether or not Twitter has discharged its obligations in connection with the subject matter of your complaint and determine whether or not any provisions of the GDPR or the [Irish Data Protection] Act have been contravened by Twitter in this respect.”

The regulator also said the complaint was likely to be handled by the new European Data Protection Board—a body that helps national data protection authorities coordinate their GDPR enforcement efforts—as Veale’s complaint “involves cross-border processing.”

When Twitter told Veale that it would not hand over the data it held on his tracking via t.co links, it claimed the GDPR allowed it to do so on “disproportionate effort” grounds. However, Veale said Twitter was misinterpreting the text of the law, and that this exemption cannot be used to limit so-called access requests, such as the one he made.

This appears to be the first GDPR investigation to be opened in relation to Twitter. Veale recently prompted a similar probe into Facebook, again over a refusal to hand over data held on users’ web-browsing activities, but Facebook (fb) was already the subject of multiple GDPR investigations.

“Data which looks a bit creepy, generally data which looks like web-browsing history, [is something] companies are very keen to keep out of data access requests,” said Veale.

The researcher said Twitter was definitely recording the times at which users clicked on links, and probably also information about the kinds of device they were using. He added that it was technically possible for Twitter to determine the user’s rough location—Twitter’s privacy policy says advertisers might collect IP addresses when people click on their links—but it was unclear what Twitter did with the information it harvested through its t.co service.

“The user has a right to understand,” Veale said.

If companies are found to be breaching the terms of the GDPR, they face fines of up to €20 million ($23.2 million) or up to 4% of global annual revenue, whichever is bigger. Twitter’s 2017 revenues totalled $2.4 billion, so in theory a GDPR fine could run to $96 million for the company—though this would require the Irish DPC to decide the offense was particularly egregious.

Twitter declined to comment on the investigation.
http://fortune.com/2018/10/12/twitte...-tco-tracking/





Police Spies Infiltrated UK Leftwing Groups for Decades

Exclusive: database shows 124 green, anti-racist and other groups spied on by undercover police
Rob Evans

Police deployed 24 undercover officers to infiltrate a small leftwing political party over a 37-year period, the Guardian can reveal.

The police spies infiltrated the Socialist Workers party (SWP) almost continuously between 1970 and 2007, often with more than one undercover officer embedded within the party.

Four of them deceived women into sexual relationships while using their fake identities. One spy met one of his wives during his deployment and had a child with her.

About one-third of the total number of undercover officers embedded in political organisations that have so far been publicly identified infiltrated the SWP, a Trotskyite party of a few thousand members that advocates the abolition of capitalism through revolutionary means.

The scale of the infiltration of the SWP – far larger than any other political organisation – is revealed in a database compiled following investigations by the Guardian and the Undercover Research Group, a network of activists that scrutinises police espionage.

The database lists 124 groups that have been spied on by undercover police officers since 1968.

The next-biggest infiltration of a specific organisation was against the campaign opposing the Vietnam war, which was penetrated by nine undercover officers between 1968 and 1972.

The database is incomplete as the full list of groups that were spied on has yet to be established.

The list so far compiled, however, suggests police spies overwhelmingly monitored leftwing and progressive groups that challenged the status quo, with only three far-right groups infiltrated – the British National party, Combat 18 and the United British Alliance.

Undercover officers spied on 22 leftwing groups, 10 environmental groups, nine anti-racist campaigns and nine anarchist groups, according to the database.

They also spied on campaigns against apartheid, the arms trade, nuclear weapons and the monarchy, as well as trade unions. Among those spied on were 16 campaigns run by families or their supporters seeking justice over alleged police misconduct.

According to the database, police spied on 12 animal rights groups and eight organisations related to the Irish conflict.

The database also draws on disclosures made by a public inquiry led by a retired judge, Sir John Mitting, which is examining the covert infiltration of political groups over the past 50 years.

The much-delayed inquiry is still in its preliminary stages and is due to start hearing evidence in public next year.

Mitting and his team have been given the task of scrutinising a range of misconduct, including the frequent deception of women into intimate relationships.

At least 144 undercover officers are estimated to have been deployed to infiltrate political groups since 1968, and 65 of them have been unmasked so far.
Undercover police spying – share experiences and news tips

Mitting’s inquiry has disclosed that the police spies collected and stored information about the activities of more than 1,000 political groups in that period, although it has not published a list of the groups.

The undercover officers infiltrated specific groups, but also gathered information on a range of other organisations. The police spies adopted fake identities to infiltrate political groups, usually for periods of up to five years, reporting back to their supervisors on what the activists were doing and what protests they were planning.

The extent of the infiltration of the SWP leaves the police facing questions about why they believed such large a number of deployments was necessary.

The SWP’s members have often been conspicuous on demonstrations with their red-and-white placards. However, an assessment by Scotland Yard submitted to the public inquiry concluded the party “does not have a recorded propensity for violence, however, some of its members will have convictions at an individual level”.

Other leftwing groups such as the Socialist party (formerly Militant) were infiltrated by undercover police, but it is unclear why the SWP appears to have been singled out for such intense monitoring.

The first police spy sent to infiltrate the SWP started his deployment in 1970, using the alias of Stewart Goodman. The group was then known as the International Socialists before changing its name to the SWP in 1977.

Another spy – deployed between 1974 and 1977 – was withdrawn by his managers after he told a colleague he had fallen in love with a female activist and wanted to disclose to her that he was an undercover officer.

According to a brief account published by the inquiry, he met his third wife while undercover. They had a child, although it is not clear if he had left the police by that time.

Another spy – who used the fake identity of Vince Miller – has admitted he had two sexual relationships with activists while he infiltrated the SWP between 1976 and 1979.

Two police spies using the fake names of Alan Bond and Michael Hartley in the 1980s also deceived women into sexual relationships. Like many of the police spies, they stole the identities of dead children to develop their fake personas.

Charlie Kimber, the SWP’s joint national secretary, said the level of infiltration revealed the state’s fear of the left. “The whole way the police operated was disgraceful. In many ways, the most appalling aspect of it were the women who were tricked into what they thought were real relationships,” he said.

The Metropolitan police said the work of its two now-disbanded undercover units, the Special Demonstration Squad and National Public Order Intelligence Unit, will be fully scrutinised by the public inquiry. It said it “is providing every assistance so the inquiry can fully address the key issues it has identified, and can fulfil its terms of reference”.
https://www.theguardian.com/uk-news/...ps-for-decades





Quantum Computers Will Break the Encryption that Protects the Internet

Fixing things will be tricky

AS EVERY SCHOOLCHILD knows, some sorts of mathematics are harder than others. In the classroom, that is annoying. Outside, it can be useful. For instance, given two prime numbers, however large, multiplying them together to find their product is easy. But the reverse—factorising that product back into its constituent primes without knowing in advance what those primes are—is hard, and becomes rapidly harder as the number to be factorised gets bigger.

Factorising numbers into their constituent primes may sound esoteric, but the one-way nature of the problem—and of some other, closely related mathematical tasks—is the foundation on which much modern encryption rests. Such encryption has plenty of uses. It defends state secrets, and the corporate sort. It protects financial flows and medical records. And it makes the $2trn e-commerce industry possible. Without it, credit-card details, bank transfers, emails and the like would zip around the internet unprotected, for anyone so minded to see or steal.

Nobody, however, is certain that the foundation of all this is sound. Though mathematicians have found no quick way to solve the prime-factors problem, neither have they proved that there isn’t one. In theory, any of the world’s millions of professional or amateur mathematicians could have a stroke of inspiration tomorrow and publish a formula that unravels internet cryptography—and most internet commerce with it.

Send in the qubits

In fact, something like this has already happened. In 1994 Peter Shor, a mathematician then working at Bell Laboratories, in America, came up with a quick and efficient way to find a number’s prime factors. The only catch was that for large numbers his method—dubbed Shor’s algorithm—needs a quantum computer to work.

Quantum computers rely on the famous weirdness of quantum mechanics to perform certain sorts of calculation far faster than any conceivable classical machine. Their fundamental unit is the “qubit”, a quantum analogue of the ones and zeros that classical machines manipulate. By exploiting the quantum-mechanical phenomena of superposition and entanglement, quantum computers can perform some forms of mathematics—though only some—far faster than any conceivable classical machine, no matter how beefy.

When Dr Shor made his discovery such computers were the stuff of science fiction. But in 2001 researchers at IBM announced that they had built one, programmed it with Shor’s algorithm, and used it to work out that the prime factors of 15 are three and five. This machine was about the most primitive quantum computer imaginable. But there has been steady progress since. Alibaba, Alphabet (Google’s parent), IBM, Microsoft and the like are vying to build commercial versions, and the governments of America and China, in particular, are sponsoring research into the matter.

Big quantum computers will have applications in fields such as artificial intelligence and chemistry. But it is the threat posed by Shor’s algorithm that draws most public attention. Large organisations may be able to get around the problem using so-called quantum cryptography. This detects eavesdroppers in a way that cannot be countered. But it is expensive, experimental and unsuitable for the internet because it must run on a special, dedicated network. For most people, therefore, the best hope of circumventing Shor’s algorithm is to find a bit of one-way maths that does not give quantum computers an advantage.

There are candidates for this. Cryptographers are debating the relative merits of such mathematical curiosities as supersingular isogenies, structured and unstructured lattices, and multivariate polynomials as foundations for quantum-proof cryptography. But translating a piece of maths into usable computer code and then delivering it to the zillions of machines that will need updating will not be easy.

One question is, when is the deadline? When will an internet-breaking computer actually be available? Today’s best machines can manipulate a few dozen qubits. Brian LaMacchia, who runs the security and cryptography team at Microsoft Research, thinks a “cryptographically interesting” quantum computer might be able to handle somewhere between about 1,000 and 10,000 of them. Predicting progress is hard. But Dr LaMacchia reckons such a machine might be ready some time between 2030 and 2040.

That sounds reassuringly far away. But several researchers argue that things have already been left too late. Though many communications are ephemeral, some people encrypt messages that they hope will remain secret for a long time. Spies and policemen around the world already store reams of online data in the hope that, even if they cannot decrypt them now, they may be able to do so in future. As Peter Schwabe, a cryptographer at Radboud University in the Netherlands, observes: “If someone ten or 20 years from now can decrypt my present-day communications with my bank, well, I probably don’t care too much about that. But if I’m a dissident in some repressive country, talking to other dissidents? That might be a different story.”

The second problem is how long a fix will take. The National Institute of Standards and Technology (NIST), an American standards organisation whose decisions are often followed around the world, is running a competition to kick the tyres on various quantum-resistant proposals. But its conclusions are not due until 2024. And as Nick Sullivan, who is in charge of cryptography at Cloudflare, an internet-infrastructure firm, observes, history suggests that, even once a new standard is agreed, the upgrade will be slow and messy. Despite—or perhaps because of—the information-technology industry’s obsession with novelty, the internet resembles ancient cities like Rome and Istanbul, with modern structures built atop forgotten layers of old, unmaintained code.

For example, in 1996 researchers reported the first weaknesses in MD5, a type of widely used cryptographic algorithm called a hash function. A drop-in replacement was readily available in the form of another algorithm called SHA-1. After more than two decades of exhortations to upgrade, though—not to mention high-profile cyber-attacks exploiting MD5’s weaknesses—the older algorithm is often still used. Similarly, a vulnerability called FREAK, discovered in 2015, relied on the fact that many modern applications, including the default browser in Google’s Android operating system and the White House’s website, could be persuaded to revert to old, easily breakable cryptography installed in order to comply with long-abandoned American export regulations.

Testing, testing

Those with the most power to chivvy things along are the big companies that control much of the internet’s pipework. Even while NIST deliberates, they are beginning to run tests of their own. At Microsoft, Dr LaMacchia plans to test quantum-resistant encryption on the links that connect the firm’s data centres. Google has already tried integrating different kinds of quantum-resistant cryptography into experimental versions of Chrome, its web browser, and has worked with Cloudflare to test the impacts in the real world.

The results have been mostly encouraging, but not wholly so. Changing the encryption changes the way browsers negotiate connections with websites. In Google’s tests of the 2,500 most popular websites, some 21 of them—including LinkedIn, a social network, and Godaddy.com, a domain registrar—could not cope with the extra data involved, and refused to connect. And all of the proposed quantum-resistant schemes imposed noticeable delays compared with conventional cryptography.

Big firms will have power in other ways, too. Vadim Lyubashevsky, a quantum-computing researcher at IBM, points out that quantum computers need lots of coddling. Most must be cooled to a temperature close to absolute zero. This means that, for the foreseeable future, access to them will be sold as a cloud-computing service in which users rent time from the machines’ owners. That gives companies the power to review code before it is run, says Dr Lyubashevsky, which could help limit nefarious uses. (Governments, though, will be able to shell out for their own machines.)

There are other wrinkles. The new cryptographic schemes generally require more computational grunt than the old sort, says Dr Sullivan. For desktop machines and smartphones, that is unlikely to be a problem. But smaller chips, embedded in gizmos from industrial-control systems to sensors, may struggle. Another worry is that the new algorithms may come with unforeseen weaknesses of their own. Mathematicians have had decades to attack the prime-factor problem, says Graham Steel, the boss of Cryptosense, a cryptography-focused security firm. The maths that underlie post-quantum schemes have not been similarly battle-tested. For that reason, the first implementations may hedge their bets by using both old and new sorts of cryptography at once.

The big companies are unlikely to commit themselves fully to an upgrade until the NIST has decided on the new standards. And even when that happens, the sheer size of the task is daunting. Mr Steel says one of his clients has thousands of apps that need updating. As chips migrate into everything from cars and children’s toys to lighting systems and smart electricity meters, the amount of work will only grow.

All this means that quantum-proofing the internet is shaping up to be an expensive, protracted and probably incomplete job. Dr Steel compares it to dealing with the millennium bug, when a quirk in how a lot of programs handled dates meant they had to be retrofitted, at great expense, to cope with the transition from the year 1999 to the year 2000. In the event, thanks to the efforts of thousands of programmers, the millennium bug was mostly dodged. These days, the stakes are higher. The world is now considerably more computerised than it was then. Either way, it means plenty of steady work for cryptographers.
https://www.economist.com/science-an...s-the-internet





IBM Finally Proves that Quantum Systems are Faster than Classicals

But only at specific applications.
Andrew Tarantola

In 1994, MIT professor of applied mathematics Peter Shor developed a groundbreaking quantum computing algorithm capable of factoring numbers (that is, finding the prime numbers for any integer N) using quantum computer technology. For the next decade, this algorithm provided a tantalizing glimpse at the potential prowess of quantum computing versus classical systems. However, researchers could never prove quantum would always be faster in this application or whether classical systems could overtake quantum if given a sufficiently robust algorithm of its own. That is, until now.

In a paper published Thursday in the journal Science, Dr. Sergey Bravyi and his team reveal that they've developed a mathematical proof which, in specific cases, illustrates the quantum algorithm's inherent computational advantages over classical.

"It's good to know, because results like this become parts of algorithms," Bob Sutor, vice president of IBM Q Strategy and Ecosystem, told Engadget. "They become part of decisions about how people will start to attack problems. Where will they try classical techniques? Where will they try quantum techniques? How will those interplay? How will they work back and forth together?"

What's more, the proof shows that, in these cases, the quantum algorithm can solve the problem in a fixed number of steps, regardless of how many inputs are added. With a classical computer, the more inputs you add, the more steps it needs to take in order to solve. Such are the advantages of parallel processing.

"The main point of this paper is not that somehow we discover some incredibly important quantum algorithm, or some practical, interesting problem," Bravyi told Engadget. "We ask if we can separate a constant depth [between] quantum and classical algorithms. As we increase the problem size, the runtime of the quantum algorithm remains constant, but the total number of operations grows."

As Bravyi points out, this new proof doesn't, in and of itself, solve any existing computational issues.

Instead, "it gives us insight into what makes a quantum computers more powerful," he continued. "And hopefully in the future it will lead to more practical, useful algorithms."

Those yet-to-be-developed algorithms won't even necessarily be designed for quantum systems, the research could lead to improvements in hybrid classical-quantum systems as well. "We can start discussing things to a much greater depth than we had to, or were able to, before. We can start to really kind of separate out for people, what goes in to all the decisions about creating quantum computers, and creating the software stack on them, and algorithms."
https://www.engadget.com/2018/10/18/...hor-algorithm/





Internet Relay Chat Turns 30—and We Remember How it Changed Our Lives

For Ars staffers, IRC led to love, marriage, and trolling.
Ars Staff

Internet Relay Chat (IRC) turned 30 this August.

The venerable text-only chat system was first developed in 1988 by a Finnish computer scientist named Jarkko Oikarinen. Oikarinen couldn't have known at the time just how his creation would affect the lives of people around the world, but it became one of the key early tools that kept Ars Technica running as a virtual workplace—it even lead to love and marriage.

To honor IRC's 30th birthday, we're foregoing the cake and flowers in favor of some memories. Three long-time Ars staffers share some of their earliest IRC interactions, which remind us that the Internet has always been simultaneously wonderful and kind of terrible.


Lee Hutchinson, Senior technology editor

June 20, 1995 was the day I logged onto the Internet for the very first time.

It wasn't my first time being "online"—as a veteran of the 713 BBS scene, I was well acquainted with the world behind my modem—but "the Internet" was a thing about which I had only the vaguest of understandings. However, thanks to a NetCruiser account (handed out gratis by Netcom to Babbage's employees like me so that we'd be more likely to recommend the service to net-hungry customers), I found myself eagerly confronting the Internet of mid-1995. To my BBS-trained provincial self, it seemed almost impossibly vast.

NetCruiser was an all-in-one package that bundled together clients for email, telnet, finger, FTP, IRC, and the nascent World Wide Web into a single Windows application. It also came with its own dial-up TCP/IP stack, eliminating the need to screw around with Trumpet Winsock or its contemporaries. You simply typed in your NetCruiser account name and password and the application did the rest, dialing into the closest Netcom POP and handing you an IP address. It was kind of a middle ground between the walled gardens of AOL and CompuServe and the free-for-all of a direct university connection—there were some training wheels, but it was the actual-for-real Internet.

Clicking around on that long ago June afternoon, I found myself drawn to IRC. I had no idea what "Internet Relay Chat" was, but I assumed that I could talk to other people. Clicking NetCruiser's IRC button brought up a list of channels on EFNet (though this was before IRC's Great Split, and you could join other networks if desired), and that list was bewildering indeed.

But what to talk about? There were so many channels! Some were obvious (#sex seemed like it probably contained what it said on the tin), while some were inscrutable and lacked channel descriptions. One near the top of the list jumped out at me—#descent. I was a rabidly outspoken fan of Parallax's six-degrees-of-freedom space shooter, and the chance to chat with other Descent players seemed jaw-droppingly awesome. We could talk about strategy and tactics! We could talk about that damned level seven boss! Oh, this was going to be amazing!

Eagerly, I clicked and joined the channel. NetCruiser's IRC interface came up, with a layout similar to most graphical IRC clients—a participant list on the left, message window center, and a text entry field at the bottom. I typed my first words into the channel, anticipating that I would soon be talking to dozens of new friends.

There was a moment of silence, and then something odd happened. The channel went blank. The list of users disappeared, and NetCruiser politely played the Windows alert chime through the speakers. At the bottom of the IRC window, a new message now stood alone:

"You have been kicked from channel #descent for the following reason: fuck off newbie"

I guess the Internet of 1995 wasn't that different from the Internet of 2018.


Sam Machkovech, Tech culture editor

Some of my earliest IRC stories can be found in a feature-length story about my first girlfriend, who I met through IRC. But before romance bloomed in 1997, I spent the prior year just trying to get online—and then screwing with people's heads in adults-only chat rooms.

Yes: before I jumped into the world of blind online trust, of believing that another user was telling the truth about her age, gender, and location (A/S/L?!), I was passionate about blowing up other people's trust.

I don't tell this story with any sense of pride. Nor do I remember what compelled me to fake like a 22/F/Denver with some fetching handle. If my memory serves correctly, this was a reaction to the Microsoft-developed IRC client (Comic Chat) that came with my version of Windows 95 and featured a range of "sexy" cartoon avatars. Did people really use these?

For the uninitiated, Comic Chat turned plain-text chat rooms into black-and-white comic strips. Messages included metadata that the app would convert to specific visual cues (particularly "emotions" on the cartoon avatars' faces). The first general-interest chat rooms I landed in consistently suffered from a "swarm" syndrome, where any chatter who chose the voluptuous, crop-top-wearing character Anna would dominate the comic panels. Chatters would appear in the app's comic panels every time they were called out by name. Thus, any Anna users would appear over and over thanks to namechecks—and compliments about how the default cartoon looked.

Something about this tickled me, a high school loner with a superiority complex. "I'm so much better than these idiots," I probably said to myself while wearing a Throwing Copper T-shirt and cargo shorts my mom had bought for me. "I'll show them."

So, after a few anxious glances around my family's computer room, I'd log into channels like #adultsonly and #XXXchat, use the Anna avatar, and watch my "whisper" messages pile up. I typed whatever filthy stuff I could muster—gleaned from my older sister's advice-column magazines and my older brother's hidden box of skin mags, along with my own 15-year-old guesses about female anatomy. Like clockwork, I received typo-ridden messages about how hot I was.

That was the point at which I said I was ready to start a file transfer, so the chatter in question could see the lingerie in which I'd been typing. I grabbed a photo of an older, hairier guy from some GeoCities page, changed the file name, and hit send.

"There," I said to myself upon seeing the all-caps angry response land in my whisper channel. "I've changed the world today."

This wasn't some constant sociopathic practice. I did it only a few times, though I recall busting it out as a party trick if I was ever with a group of friends at an Internet-connected house. (I really only had one "impressive" skill at the time, a typing speed above 100 WPM, and this was clearly the best way to strut my nerdy peacock feathers.)

It's embarrassing to think back on this practice. But remembering it again now it convinced me that I could combine that teenaged assholery with years of technology writing and reporting to become a world-class phisher—should this Ars Technica thing not pan out.

I have Anna to thank for that misplaced confidence.


Jonathan Gitlin, Cars Technica editor

Unlike some of my colleagues, my IRC experience was mainly limited to one server: irc.arstechnica.com. Although the exact date is now lost to the mists of time, I am pretty sure I started my IRC adventure in 2001, when I was still a PhD student in the UK. #arstechnica and #arsificial were never my thing, but #macintosh was, and I soon found a bunch of new friends in there (and learned to type pretty fast in the process).

By the the time I moved to the US in 2002, there was usually an IRC window running on my desktop. This was back in the days when people really cared about new Apple products, the way some people today really care about new Tesla things. A new PowerBook would be announced and the entire channel would run out and buy one, then we'd all head over to the Battlefront and argue about why it was better than a Windows machine.

Those days in #macintosh were fun. We Mac users were still a persecuted minority at Ars back then; we reveled in our outcast status. There was also a lot of late night drinking, most memorably the night A RANCOR ATE FOR HOSUE—which will mean something to only five people in the world but which still brings a happy tear to my eye. (The story is that a rancor ate the house belonging to Fro... for reasons I don't think anyone still recalls. Maybe you had to be there.)

#macintosh was a good place to hang out, but there was a more exclusive channel, one where the forum moderators and other cool kids spent their time: #mods. If you had an issue—say, Peter Bright was trolling you about PCs being better than Macs—you'd pop into #mods and ask them to do something. But hanging around in that channel was verboten. If you didn't leave once you asked your question, you would quickly end up booted, usually with the message "no idling in mods."

At some point, the boredom of my postdoc got to me, and I asked Eric Bangeman—known as "iPalindrome" back then—if I could write for Ars. He foolishly agreed, and I started contributing a weekly column on science, alternating with Fred "zAmboni" Locklear. Since #mods was also where all the editing happened, and since I was now a regular contributor, I joined the ranks of the cool kids; #mods became a second hangout.

Two big things happened as a result of me hanging out in #mods. First, I met my wife; believe it or not, it was love at first type. Second, without IRC, I wouldn't have my current job working for Ars full time.

After a few years, as Ars grew, the editorial staff outgrew #mods but we stuck with IRC. For many years that followed, this was the Ars Technica office. Then, about three years ago, we decided to give Slack a try. Slack is basically IRC with a fancy wrapper, a good mobile app, and built-in hosting for images and files. It's fine, but I'd be lying if part of me didn't wish we could go back to IRC.
https://arstechnica.com/staff/2018/1...ged-our-lives/





Winamp Returns in 2019 to Whip the llama’s Ass Harder than Ever

Aging desktop app gets love, too
Devin Coldewey

The charmingly outdated media player Winamp is being reinvented as a platform-agnostic mobile audio app that brings together all your music, podcasts and streaming services to a single location. It’s an ambitious relaunch, but the company behind it says it’s still all about the millions-strong global Winamp community — and as proof, the original desktop app is getting an official update as well.

For those who don’t remember: Winamp was the MP3 player of choice around the turn of the century, but went through a rocky period during Aol ownership (our former parent company) and failed to counter the likes of iTunes and the onslaught of streaming services, and more or less crumbled over the years. The original app, last updated in 2013, still works, but to say it’s long in the tooth would be something of an understatement (the community has worked hard to keep it updated, however). So it’s with pleasure that I can confirm rumors that substantial updates are on the way.

“There will be a completely new version next year, with the legacy of Winamp but a more complete listening experience,” said Alexandre Saboundjian, CEO of Radionomy, the company that bought Winamp (or what remained of it) in 2014. “You can listen to the MP3s you may have at home, but also to the cloud, to podcasts, to streaming radio stations, to a playlist you perhaps have built.”

“People want one single experience,” he concluded. “I think Winamp is the perfect player to bring that to everybody. And we want people to have it on every device.”

Laugh if you want but I laugh back

Now, I’m a Winamp user myself. And while I’ve been saddened by the drama through which the iconic MP3 player and the team that created it have gone (at the hands of TechCrunch’s former parent company, Aol), I can’t say I’ve been affected by it in any real way. Winamp 2 and 5 have taken me all the way from Windows 98 SE to 10 with nary a hiccup, and the player is docked just to the right of this browser window as I type this. (I use the nucleo_nlog skin.)

And although I bear the burden of my colleagues’ derisive comments for my choice of player, I’m far from alone. Winamp has as many as a hundred million monthly users, most of whom are outside the U.S. This real, engaged user base could be a powerful foot in the door for a new platform — mobile-first, but with plenty of love for the desktop too.

“Winamp users really are everywhere. It’s a huge number,” said Saboundjian. “We have a really strong and important community. But everybody ‘knows’ that Winamp is dead, that we don’t work on it any more. This is not the case.”

This may not come as a shock to Winamp users still plugged into the scene: Following years of rumors, an update to the desktop player leaked last month, bringing it from version 5.666 to 5.8. It was a pleasant surprise to users who had encountered compatibility problems with Windows 10 but had taken the “more coming soon” notice on the website with a massive grain of salt.

This kind of thing happens a lot, after all: an old property or app gets bought, promises are made and after a few years it just sort of fades away. So a free update — in fact, 5.8 eliminates all paid options originally offered in the Pro version — bringing a bucketful of fixes is like Christmas coming early. Or late. At any rate it’s appreciated.

The official non-leaked 5.8 release should come out this week (the 18th, to be precise), and won’t be substantially different from the one we’ve been using for years or the one that leaked. Just bug and compatibility fixes that should keep this relic trucking along for a few years longer.

The update to the desktop app is basically a good faith advance payment to the community: Radionomy showing they aren’t just running away with the property and slapping the brand on some random venture. But the real news is Winamp 6, which Saboundjian says should come out in 2019.

“What I see today is you have to jump from one player to another player or aggregator if you want to listen to a radio station, to a podcast player if you want to listen to a podcast — this, to me, is not the final experience,” he explained. It’s all audio, and it’s all searchable in one fashion or another. So why isn’t it all in one place?

The planned version of Winamp for iOS and Android will be that place, Saboundjian claims. On desktop, “the war is over,” he said, and between the likes of iTunes and web apps, there’s not much room to squeeze in. But mobile audio is fractured and inconvenient.

While Saboundjian declined to get into the specifics of which services would be part of the new Winamp or how the app would plug into, say, your Spotify playlists, your Google Music library, your Podcasts app, Audible and so on, he seemed confident that it would meet the needs he outlined. There are many conversations underway, he said, but licensing and agreements aren’t the main difficulty, and of course release is still quite a ways out. The team has focused on creating a consistent app across every platform you might want encounter mobile audio. A highly improved search will also play a role — as it ought to, when your media is all lumped into one place.

No word on whether it will retain its trademark intro upon installation — “WINAMP. It really whips the llama’s ass.” I certainly hope so.

This lack of specifics is a bit frustrating, of course, but I’m not worried about vaporware. I’m worried that other services will insist on the fragmented experience they’ve created that serves their interests better than ours. But if Radionomy can navigate these tricky waters and deliver a product even a little like what they’ve described, I’ll be thrilled (and my guess is tens of millions more will be, as well). And if not, well, we’ll always have the original.
https://techcrunch.com/2018/10/15/wi...der-than-ever/





How Musicians Really Make their Money — and it has Nothing to do with How Many Times People Listen to their Songs
Devon Delfino

• The majority of an artist's revenue comes from touring, selling merchandise, licensing their music for things like television, movies, or video games, and partnerships or side businesses.
• Streaming is often thought of as the future of music and can provide artists with a nice source of income. But it isn't nearly as lucrative for artists as other revenue streams.
• The future of the industry is unclear, but analysts are optimistic about the ability of artists to thrive in the emerging landscape.

There's a common misconception about how major musicians earn their money: In short, it's all about having a hit song that breaks the top 40 music chart.

In reality, it's more complicated than that, and an artist's financial success often comes from revenue streams outside of streaming or downloads.

"Where number of listens comes in handy is in the algorithms and in social proof," Zach Bellas, a professional musician and founder of SMB records, told Business Insider. "If an artist's song gets some attention in its beginning, the algorithms will suggest it to others, and as the view and play counts rise, it will gain more authority and social proof in people's minds, creating a cycle that pushes the song further into the top searches and suggested tracks."

But, as Bellas noted, "artists have always made the bulk of their money from live performances and touring." And for big names in the industry, the numbers back this assertion up.

Consider, for example, U2, which made $54.4 million and was the highest-paid musical act of the year in 2017, according to Billboard's annual Money Makers report. Of their total earnings, about 95%, or $52 million, came from touring, while less than 4% came from streaming and album sales. Garth Brooks (who came in second on the list), owed about 89% of his earnings to touring, while Metallica (ranked third) raked in 71% of their earnings in the same way.

"In the last several years, streaming revenue has increased, but it is still not enough on its own to financially support a career with longevity," said Erin M. Jacobson, a music-industry lawyer based in Beverly Hills, whose work involves negotiating record contracts on behalf of artists ranging from up-and-coming artists to Grammy-winning musicians.

Other common sources of revenue, according to Bellas, include sync licensing (for example, when an artist sells the right to play their song on a T.V. show, or in a movie or video game), and side-businesses, like fashion lines, as well as partnerships with brands. Think, for example, of Rihanna's makeup and lingerie lines, or the soundtrack to your favorite movie, or any ad campaign starring your favorite famous musician.

According to a recent Citigroup report, the music industry generated a record $43 billion in 2017, but recording artists saw just 12% of that revenue, or $5.1 billion, and the "bulk" of their revenues came from touring. Music businesses, including labels and publishers, took home almost $10 million, according to the report, which showed that artists are still grabbing a meager percentage of the increasing revenues in streaming, where music labels and streaming services act as intermediaries.

Artists also have to deal with the issue of copyright, where revenues for their music are further split among publishing companies, music labels, and songwriters.

So, despite common belief, getting signed to a label isn't necessarily more lucrative for artists nowadays.

"Many artists think that they will make more money when signed to a label, and I have to educate them that this is not necessarily the case and explain to them that they have to pay back all the costs the label expends on their behalf," says lawyer Jacobson. "Artists still think fame and fortune is easy to come by, and that they will get high advances, which most companies are not giving now."

With the constant changes in the ways people listen to music, the future of the industry, and what artists stand to gain, is unclear.

Yet, a recent surge in music revenue paints an optimistic picture of where the industry is headed. According to the RIAA, music industry revenue has increased for two consecutive years. That's the first time it's happened since 1999.
https://www.newstimes.com/technology...t-13321501.php





The Transformational Bliss of Borrowing Your Office Clothes

Rent the Runway’s Unlimited service saves working women something more valuable than money: their time.
Sheila Marikar

On a Friday morning in August, Sushma Dwivedi, a senior vice president at Edelman, the global marketing conglomerate, bustled around her Harlem apartment in a blue-and-white-striped cotton dress. With her toddler and newborn out with a nanny, Ms. Dwivedi, who was on maternity leave but preparing for a meeting with a senior colleague in a few days, intended to get some things done. High on her list: assessing the contents of a recently delivered dark-blue garment bag.

Ms. Dwivedi, 37, is a member of Rent the Runway Unlimited, a service that, for $159 a month, allows subscribers to borrow up to four pieces of clothing and accessories from a designer-laden library of more than 450,000 items and keep them for as long as they want. If subscribers can’t bear to part with something, they can buy it, generally for about half the retail price. (A cocoon-like wool cardigan from Jil Sander Navy sells in stores for $1,275, but costs $765 through Rent the Runway.) When members buy an item, or return it, via a prepaid shipping label in their garment bag, a spot for something new opens up.

Though Rent the Runway was originally conceived as a solution for women who didn’t want to invest in party-wear they might use only once, Unlimited has become a strategic solution for professional women such as Ms. Dwivedi, who manages 30 employees in Edelman’s food and beverage department and regularly gets called into the offices of clients like Pepsi and Chobani.

“The wardrobe thing, when I was trying to lose the baby weight, was frustrating,” said Ms. Dwivedi, recalling her first pregnancy. “I knew what I could buy when I was pregnant. I knew how big I was, but afterward, what was I going to do? Buy an entire wardrobe at five pounds thinner, five more pounds thinner, and on and on?” She added, “I don’t ever want to look frumpy or have someone turn around and say, ‘Wow, she looked a lot better before.’”

Working women of all ages know a certain stance: athwart the closet, brow furrowed, mouth drawn, listlessly dismissing garment after garment. A wardrobe full of clothes, and not a thing to wear. Despite the advances of workplace equality movements, women who show up at an office still face a pressure that their male colleagues mostly do not. There is an expectation to appear poised, professional and, if not trendy, at least aware of trends, which generally means a never-ending cycle of outfit accumulation. Dressing for work is work, and the cost — in dollars, time, distraction — is borne disproportionately by women.

Since Rent the Runway introduced Unlimited two years ago, the service has amassed tens of thousands of subscribers in part by promising to solve the problem of what to wear to work, for everyone from new hires to C-suite executives. (The company declined to confirm its user numbers, but analysts said that perhaps 50,000 people are active subscribers.) It is fast displacing the start-up’s original business model. Rent the Runway was founded in 2009 as a way for people to borrow couture on an item-by-item basis. This year, Unlimited, which also has an $89-a-month tier, will account for the majority of revenue.

The Time Factor

“I just have too much stuff: stuff that I bought, that I don’t like anymore, that I don’t wear anymore,” said Kristin Lemkau, the chief marketing officer of JPMorgan Chase and a self-described Unlimited “superfan” of two years. On a recent Wednesday morning at her office, on the 36th floor of a glossy Park Avenue monolith, she wore a flouncy, frilly black dress sprayed with pastel-colored daisies. Lemkau, 51, who helps oversee a $5 billion budget, routinely speaks at conferences on her firm’s behalf, sometimes in places like the South of France or the Swiss Alps, which come with their own, rarefied dress codes.

Before signing up for Unlimited, she regularly met with a wardrobe consultant near her Rye, N.Y., home. “I’d go to her house and pick out stuff,” Ms. Lemkau said. “I was never thrilled with the clothes. It was the same old black dress and black pants, and I started looking like I was in mourning all the time.”

She ruffled her daisy-printed hem. “I don’t know if I would’ve bought this, but it’s super cute, it’s fun. I look forward to getting dressed every day instead of, ‘What thing am I going to wear? Is my dry cleaning back?’ I don’t remember looking forward to getting dressed, ever.”

Unlimited frees mental space for women to think about more important matters: what to say in that big meeting; how to describe their employment history in a crucial job interview; how to, in the grand scheme of their professional lives, get ahead. “Women spend more time, more energy, more, just, time being distracted with shopping and thinking about the way they look compared to men,” Ms. Lemkau said. “Even at work, men were basically just deciding what tie to wear, and now, for the most part, they don’t even wear ties. Is this service another way to potentially level the playing field?”

Before joining Unlimited in 2016, Ms. Dwivedi spent untold hours rifling through fast-fashion stores like H&M and Zara, searching for a trendy blazer or statement necklace to liven up her work wardrobe. These days, she typically “shops” on Rent the Runway’s iPhone app, scrolling through silk blouses and floral dresses as if they were Spotify songs, assessing member-submitted photos of the clothes out in the real world.

“I’m having drinks with my mentor on Wednesday. I wasn’t sure what to wear to that, so I gave myself a couple of options. If this is as flattering as I think it could be, I’ll probably wear this,” Ms. Dwivedi said, holding up a striped, sleeveless linen shift dress in a clear plastic sheathe. “And if not, this maxi” — a floor length, flowy black dress emblazoned with tropical blossoms.

She went into her bedroom with the linen option. The sound of crinkling plastic filled a few minutes. She emerged wearing the same cotton dress she wore on the way in. “I can’t get it over my chest, so I definitely can’t get it past a hip,” she said. “Sizing can be really misleading.” Ms. Dwivedi dropped the linen shift onto the couch, changed into the black maxi, came out and did a little twirl. “This will work,” she said. She glanced down at the discarded linen. “I’m bummed about that dress, though. It doesn’t look small.”

This is the trade-off. While Ms. Dwivedi luxuriates in the designer clothing that does fit — she received a steady stream of compliments from co-workers on a pink, plaid Trina Turk coat that she wore while pregnant with her first child — the stuff that does not must be sent back to the warehouse before she can order something new. The process generally takes a day or two.

The Rent the Runway app and website regularly prompt users to review what they borrowed, and with a few taps, Ms. Dwivedi could report that the dress was not true to size. Despite the inconvenience of waiting for another shipment, she prefers this process to trying on outfits in a store. “I would rather have the shaming of it all and the judging experience on my own,” she said.

Professional Garment-Smellers and Algorithm-Tweakers

“Over 50 percent of our customers provide data back to us after they rent, every single time,” said Jenn Hyman, 38, who is Rent the Runway’s chief executive and co-founder. “Without an incentive, our customers want to make this service better for other women, and they’re telling us because they want us to fix the problem.” She was standing in the company’s 250,000-square-foot warehouse in Secaucus, N.J. — a structure it says is the largest dry-cleaning facility in the world. Rent the Runway calls it the Dream Fulfillment Center.

It is garment-tracking infrastructure of staggering proportions. Unlike companies that have democratized access to movies (Netflix) or music (Spotify), Rent the Runway peddles in touchable, feel-able, not-streamable material goods — garments that lose buttons and rip and stain and go through God knows what after they slide onto the bodies of their temporary owners.

“There are three times during the process where we’re doing a quality inspection,” Ms. Hyman said. Next to her, an employee was sniffing the contents of a garment bag, one of hundreds that UPS and FedEx deliver to the warehouse each morning. “Customers sometimes tell us that there’s an item they didn’t wear, but our smell test is more important,” Ms. Hyman said. “Every single item goes through a cleaning and sanitation process.”

Industrial washers spun, dryers tumbled and garments on hangers clicked as they made their way through a maze of scaffolding, en route to a machine that would spit them out encased in plastic. “The system knows that that blouse needs to wait for a pair of jeans to come in,” Ms. Hyman said. “It won’t send it over to shipping until all of the items in that order have been brought together. That’s something someone’s wearing to an event,” she said, gesturing at an off-the-shoulder gown of salmon-colored chiffon. “Vegas!” she trilled, pointing at a white-and-red-sequined bomber jacket.

Of Rent the Runway’s 1,200 employees, 770 are in Secaucus. A second such facility is due to open in Dallas next year, to speed up delivery times to users not on the East Coast. An additional 130 people work on the company’s engineering, information technology and analytics teams. They continually tweak algorithms to identify pieces that customers might like and highlight them on the app’s home screen, similar to recommendations offered by Amazon and Netflix.

“We’re collecting hundreds of thousands of data points every week: style, fit of the garment, what occasion you wore that to, what else is going on in your life, who are you?” said Ms. Hyman. “We’re creating one-to-one style personas for every user we have, which is helping us create an individual home page for you, where we can recommend clothing that you might like. Part of that is not just to recommend the things that you’re already comfortable with, but to help you discover things that you didn’t know you’d love.” Essentially, they’re using data to engineer whimsy — that feeling of seeing something in a store window and rushing in to plunk down a credit card.

Rent the Runway shares its findings with the designers whose clothing it stocks. (The company buys wholesale, like a department store.) “It’s an amazing amount of data that traditional retailers don’t always share: What other brands is she wearing, how many times do our dresses get dry-cleaned and still come back as new?” said Jan-Hendrik Schlottmann, the C.E.O. of the high-fashion label Derek Lam. “You learn a lot from that and from reading the comments the clients make online. It’s great market research, frankly.”

Mr. Schlottmann said he doesn’t worry that rentals will cannibalize sales. “The Rent the Runway customer is not a customer we’re losing,” he said. “She’s not going to spend $1,500 on a dress, because she doesn’t understand the value. We kind of think we’re taking money away from fast fashion by letting her try on and rent clothes. Instead of having her buy Zara’s copy of our dress, I’d rather have her experience our construction, our fabric. Hopefully, she will buy it when she’s ready.”

‘These, I’d Never Buy’

As a private company, Rent the Runway declined to share its revenue or profit. Ms. Hyman also declined to specify how many Unlimited members there are, but said the subscription business was up 150 percent year over year. In March, an investment of $20 million, in part from the founders of the Chinese e-commerce behemoth Alibaba, reportedly put the company’s valuation at $800 million.

Even if Rent the Runway is small compared to established fashion brands, the NPD analyst Marshal Cohen considers the company’s impact significant. “They are a disrupter. They have really changed the dynamic of what goes on in the marketplace,” he said. “We’re not building wardrobes the way we used to, we’re not buying as many shoes, as many bags, we’re wearing a few staple items and mixing and matching them. We’ve gotten so casual in the workplace that we’re basically wearing loungewear.”

Seventy-five percent of the clothing that gets shipped out to Unlimited members falls into the broad bucket of business casual. Members have written in asking for more tailored options, and as a result, this fall, the company’s business formal assortment — suits and pencil skirts by labels including Theory, Tibi and Iro — will increase 250 percent. “It’s attire that a conservative lawyer could wear to the office everyday,” Ms. Hyman said.

Before joining Unlimited in 2016, Ariel Cohen, a 29-year-old account director for the New York public relations firm Magrino, spent about $500 a month at shops like Club Monaco and Anthropologie. She’s cut that to $100 a month — and eliminated her monthly dry cleaning bill, also around $100. “I make investments in things now that I consider ‘forever pieces,’” she said. “I’m able to have the more colorful and loud parts of my wardrobe be things that I can wear once or twice, post a pic to Instagram, and move on.” She gestured at her Jason Wu pants: white, wide-legged, emblazoned with big, blue flowers. “Like these, I’d never buy.”

The hashtag #OOTD, or outfit of the day, is linked to more than 200 million posts on Instagram. “There’s such a pressure to depict your fashion sense through your photos,” Ms. Cohen said. “I’ve heard friends say before, ‘I’ve worn something and I’ve already posted in it, so I don’t feel compelled to wear it again.’”

For women entering the job force, Unlimited has been a crucial hack. “To go from college to my first career, it was really challenging,” said Elisabeth Armstrong, 24, a former television reporter in Tennessee who recently transitioned to a finance job in Colorado. “My salary was not really conducive to buying a new wardrobe.”

“I found myself falling into this pattern of fast fashion, buying a blazer here, a dress there,” before signing up for Unlimited in 2016, Ms. Armstrong said. “It’s really challenging for us, as women. Men have the standard suit. With the emphasis on your personal brand, your presentation, I think there’s more weight on appearance than there ever has been.”

“I had exhausted the options that I own — my co-workers had seen them all,” said Caroline Peck, a 25-year-old advertising associate in Birmingham, Ala. “Recently, I was in San Antonio for a big client meeting. I rented this beautiful dress, and even my client complimented me. Then I told them about Unlimited.” Ms. Peck ended up buying the dress, a black, full-skirted Erin Fetherston number with a white Peter Pan collar.

Walking Billboards

Sarah Joyce, who works at a major technology company in Los Angeles, joined Unlimited last December, feeling frumpy and uninspired by her wardrobe. Her initial attitude, she said, was: “Rad. I’m going to take more risks, I can send it back, I’m going to do the Chloé, the Veronica Beard.”

“I was like, now I know how female baller executives look hot,” said Ms. Joyce, 40. “You’re faking it till you make it. It’s awesome.” She got so much praise on a maroon Cinq à Sept maxi dress that she ended up buying it for $500. Then it happened again. “I ended up buying everything,” said Ms. Joyce. “I bought a romper, blouses. It was a problem. Ninety percent of the stuff I rented, I never returned. Then it occurred to me this stuff has been worn by other people so many times, that’s probably why it’s cheap.”

In June, wary of devouring Unlimited’s collection of designer purses, Ms. Joyce canceled her membership. She also grew weary of attracting attention at the office. “It made such a fuss at work,” she said. “Everyone was like, ‘Oh, is that also Rent the Runway?’ I felt like a walking billboard.”

Some women don’t mind this, like Elizabeth Derby, a 29-year-old senior product marketing manager at Artsy, an art start-up. I spoke to her this summer, when she worked at Betterment, a financial services start-up in New York. “The funny thing is, there are a lot of men that work here, more men than women, and way more guys in the office know that I use Rent the Runway because they’re always commenting on stuff and saying, ‘I wish they had that for guys,’” Ms. Derby said. At the time, she was part of a Slack channel that Unlimited subscribers at Betterment use to rate outfits and collect garment bags for drop-off at a showroom Rent the Runway keeps on West 15th Street in Manhattan. (Returns taken there get processed faster than those sent to the warehouse.)

“A lot of times, I don’t even know what I’m wearing,” Ms. Derby said, seated at a reclaimed wood conference table in Betterment’s Chelsea office. She had on one of her Unlimited items, a marigold blouse embroidered with white birds by Hunter Bell, but the label was unbeknown to her until a co-worker assessed the tag. “I just go through the list of what they think I’ll like. I don’t have to love it. It’s like watching a movie on Netflix.”

“There’s also the sustainability factor,” said her tag-checking co-worker, Danielle Shechtman. “If you keep buying clothes and not using them, it’s pretty harmful for the environment.”

Ms. Derby nodded. “Every year I get rid of four or five garbage bags of clothes. I don’t even know how I accumulate them.”

The Paradox of Choice

With unlimited options comes a kind of perverse pressure: There’s no excuse to not look good. I discovered this myself in April, when I signed up for Unlimited. One major upside: Since enlisting, I’ve purchased only one piece of clothing, a dress I initially rented through Unlimited. But on the app, I routinely went down the rabbit hole of comparing one potential rental to another, reading review after review, scrolling through top picks, new arrivals and categories like “Dress Spotlight” and “Trending: Statement Tops.” I had to force myself to stop.

It happened again in real life in August, when I visited Rent the Runway’s New York showroom, a Willy Wonka-esque emporium for fashion fiends. Intending to be in and out in 20 minutes, I instead stayed for more than an hour.

When I got there, a smiling greeter prompted me to sign up for a fitting room on an iPad, so I could spend time browsing and not standing in line. Salespeople — if they can be called that, since none of the merchandise had price tags — went out of their way to unload my arms as they filled with hangers.

In the fitting room, I found myself in the same predicament that has played out in dozens of H&Ms and Forever 21s. I was visiting from Los Angeles, where I live, and had packed poorly; I needed something to wear to a meeting the next day that was professional, and could withstand Manhattan’s nearly tropical levels of heat and humidity. The summery dresses looked too beachy. The mere thought of jeans made me itch. I tried on a roomy, gray, sweatshirt-like Marni dress that I had eyed on the app; it looked chic but was made of wool. I talked myself into it: It’s sleeveless, you’re always cold, you’ll be fine. I left, thrilled at the thought of wearing the Italian luxury label for the first time.

But when I got to where I was staying, I tried the dress on again and started sweating almost immediately. I ended up wearing a cotton dress I’d owned for three years to the meeting. Later, I inelegantly stuffed the Marni into my suitcase and eventually sent it back to the warehouse unworn.

Rent the Runway can’t be expected to solve the paralysis of choice or irrationality that plagues some of us; if anything, its future plans will exacerbate those tendencies. Ms. Hyman wants customers to be able to borrow more items, from an ever-expanding library of brands, at any time they choose.

“The vision is that within a few blocks of where all of our subscribers live, all over the country, our members have access to a magical closet that has inventory that’s personalized to them, that they can access 24 hours a day,” said Ms. Hyman. “We’re building out the technology to make seamless access to that closet as delightful and frictionless as possible.” She added, “Rent the Runway closets should feel as organic in your day as going to Starbucks.”

As she spoke, I couldn’t help but wonder about that scene from the first “Sex and the City” movie, when Carrie swoons over the walk-in closet that Mr. Big has built for her — a space that is supposed to symbolize something like total victory. But the reality for most of us is that bigger closets just start to resemble archives, with sad reminders of jeans that used to fit and dresses that used to be in style.

The ephemeral, on-demand closets of Ms. Hyman’s dreams would be something altogether different, and freeing. They would allow us to use our old-fashioned physical closets, and our time and energy, for something else.
https://www.nytimes.com/2018/10/12/b...e-clothes.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

October 13th, October 6th, September 29th, September 22nd

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 01:50 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)