SoylentNews

quietus writes:

In March 2007, the EU set itself some ambitious climate targets.

By 2020, greenhouse gas (GHG) emissions should be 20 percent below 1990 levels, renewable energy should make up 20% of the energy mix, and the share of it in the transport sector should be up by 10 percent.

A briefing [PDF] to the EU Parliament now shows those targets are about to be beaten, by a margin.

GHG emissions, including those of air traffic, had already decreased 22 percent by 2017. The share of renewable energy sources had risen, by 2016, to 17%.

Interestingly, the drop in GHG emission intensity, the ratio of GHG emissions to Gross Domestic Product (GDP), is even more pronounced. One euro in GDP, in 2017, compared to 315g carbon dioxide: half the level of 1990. Between 1990 and 2017, the combined GDP of the EU increased by 58% while total GHG emissions fell by 22%.

The figures mentioned do not include GHG emissions through land use. According to the briefing, the EU's land absorbs more carbon than it emits; member states are bound by regulation to at least preserve this situation. Of the 28 member states, 25 now have developed climate change adaptation plans, including measures like using less water, adapting building regulations, building flood defenses, developing crops that cope better in drought conditions etcetera.

For the period 2014-2020, the EU had vowed to spend at least 20% (€206 billion) of its budget to climate change measures. That target was already reached in 2017. For the 2021-2027 period, the European Commission proposed to increase that level to 25% of a €1134,6 billion overall budget.

Under current trends, the EU's GHG emission levels will have dropped by 30% by 2030. The new target set by the European Commission, though, is a drop of at least 40 percent, while the share of renewable energy should be 32%. Combined with a 32% increase in overall energy efficiency, this should result in a 45% drop in GHG emissions. Parliament itself proposes an even more ambitious target of 55 percent GHG emission reductions by 2030.

Under the 2011 Energy Roadmap, the 2050 target was a reduction of 80% in GHG emission levels compared to 1990. In November 2018, that target was changed to zero percent GHG emissions, through a socially fair transition in a cost-efficient manner.

Original Submission

upstart writes:

Submitted via IRC for Fnord666

Early hominin skull fills in "a major gap" in the fossil record

A 3.8 million-year-old fossil skull is giving anthropologists their first look at an early Australopithecine, the hominin genus that eventually led to modern humans. The skull belongs to a member of a species called Australopithecus anamensis, which many anthropologists have considered the ancestor of the fossil hominin Lucy and the rest of her species, Australopithecus afarensis. But the find suggests that, as with most of these things, the story may be more complicated.

A. anamensis lived in Eastern Africa between 3.8 million and 4.2 million years ago. Like Lucy, they would have walked upright, but with a gait that we would probably pick out as a little odd. They probably would have still had upper arms adapted to the physical strains of climbing, especially as young children. At the moment, however, those are just assumptions—albeit very likely ones—based on what we know about other Australopiths. That's because, until now, anthropologists knew A. anamensis only from its teeth and jaws. In fact, skulls are hard to find at all in the fossil record before 3.5 million years ago.

That doesn't sound like much to go on, but the sizes and shapes of teeth changed noticeably between hominin species, so they're very handy for identification. In fact, paleoanthropologist Yohannes Haile-Salassie and his colleagues identified their newly found skull as A. anamensis based on the size and shape of its canines, which had certain anatomical features that stood out from A. afarensis and other close relatives.

But now anthropologists have a complete skull to work with. Formally known as MRD, it's mostly intact after 3.8 million years buried in sandstone, sandwiched between two layers of volcanic debris. The find, from the Waranjo-Mille site in the Afar region of Ethiopia, reveals what A. anamensis looked like, the kind of diet it was adapted to eat, and how its brain had grown compared to apes and to other hominins.

The lower half of the hominin's long face juts forward beneath its wide, heavy cheekbones, then narrows above them. Those broad cheeks and narrow upper face give A. anamensis a clear family resemblance to Lucy and other, later Australopiths. Overall, it's a strong, heavy-looking face, built on a frame of bones robust enough to support powerful muscles for chewing tough plant foods. In the dry shrubland around the shores of the ancient lake where MRD lived and died, nearly everything edible would also have been tough enough to make chewing serious work.

But if A. anamensis had the face of a later Australopith, its cranium looks more like those of apes and older hominin species. Its skull narrows just behind the eye sockets, like earlier hominins and apes, and its brain case, at 365cc to 370cc, is smaller than that of A. afarensis. Clearly, hominins hadn't yet started developing our infamous big brains in A. anamensis' day.

upstart writes:

Submitted via IRC for Fnord666

Google Play apps with 1.5 million downloads drained batteries and slowed devices

The apps—a notepad app called "Idea Note: OCR Text Scanner, GTD, Color Notes" and a fitness app with the title "Beauty Fitness: daily workout, best HIIT coach"—carried out the stealthy form of fraud for almost a year until it was discovered by researchers at security firm Symantec. Google removed them from Play after receiving a private report.

The newly discovered tactic positioned advertisements in places that weren't visible to end users—specifically in messages displayed in the nether regions of an infected phone's notification drawer. When a user clicked on the notification, Android's Toast class opened the ad—but in a way that wasn't visible to the user. The technique worked by opening a Canvas and using the translate() and dispatchDraw() methods to position the ads beyond the viewable screen area of the infected device. The result: the app could report a revenue-generating ad click even though users saw nothing.

Another way the apps concealed the ad-clicking was through the use of so-called packers. By changing the entire structure and flow of an APK, such packers can obfuscate the true behavior of an Android app. That makes it hard for Google scanners to detect malicious apps during any vetting processes.

Original Submission

upstart writes:

Submitted via IRC for SoyCow2718

OpenAI has released the largest version yet of its fake-news-spewing AI

In February OpenAI catapulted itself into the public eye when it produced a language model so good at generating fake news that the organization decided not to release it. Some within the AI research community argued it was a smart precaution; others wrote it off as a publicity stunt. The lab itself, a small San Francisco-based for-profit that seeks to create artificial general intelligence, has firmly held that it is an important experiment in how to handle high-stakes research.

Now six months later, the policy team has published a paper examining the impact of the decision thus far. Alongside it, the lab has released a version of the model, known as GPT-2, that's half the size of the full one, which has still not been released.

In May, a few months after GPT-2's initial debut, OpenAI revised its stance on withholding the full code to what it calls a "staged release"—the staggered release of incrementally larger versions of the model in a ramp-up to the full one. In February, it published a version of the model that was merely 8% of the size of the full one. It published another roughly a quarter of the full version before the most recent release. During this process, it also partnered with selected research institutions to study the full model's implications.

[...] The authors concluded that after careful monitoring, OpenAI had not yet found any attempts of malicious use but had seen multiple beneficial applications, including in code autocompletion, grammar help, and developing question-answering systems for medical assistance. As a result, the lab felt that releasing the most recent code was ultimately more beneficial. Other researchers argue that several successful efforts to replicate GPT-2 have made OpenAI's withholding of the code moot anyway.

OpenAI Can No Longer Hide Its Alarmingly Good Robot 'Fake News' Writer

But it may not ultimately be up to OpenAI. This week, Wired magazine reported that two young computer scientists from Brown University—Aaron Gokaslan, 23, and Vanya Cohen, 24—had published what they called a recreation of OpenAI's (shelved) original GPT-2 software on the internet for anyone to download. The pair said their work was to prove that creating this kind of software doesn't require an expensive lab like OpenAI (backed by $2 billion in endowment and corporate dollars). They also don't believe such a software would cause imminent danger to society.

Also at BBC.

See also: Elon Musk: Computers will surpass us 'in every single way'

Previously: OpenAI Develops Text-Generating Algorithm, Considers It Too Dangerous to Release

Original Submission

takyon writes:

The first car painted with the world's "blackest black" is deeply unsettling

It's hard to describe Vantablack, the world's darkest black pigment, without seeing it for yourself. First developed for use in light-sensitive aerospace components (and infamously licensed for artistic use solely by sculptor Anish Kapoor), the pigment uses tiny carbon nanotubes to absorb up to 99.965% of light striking its surface. At Google's top secret materials lab, I recently gazed upon a sample of Vantablack in real life for the first time. It almost broke my brain. It has no reflection, no contours. It's like part of the world has been Photoshopped away. Stare at it long enough, and it feels like your soul is being sucked out of your eyeballs.

I couldn't imagine any everyday object being painted in Vantablack, let alone one that can move at 90 miles per hour. But at the Frankfurt Motor Show this September, the auto manufacturer will be displaying a one-off BMW X6 painted in Vantablack.

Even in photos, the effect is pronounced. The car itself appears two-dimensional. Only details like the tires, grill, and windows offer visual cues as to the true shape of the car—though in many images, those components simply seem to be floating in space.

Why A BMW Painted With 'The World's Blackest Black' Is Unlikely To Hit The Road

Chief critic: Auto enthusiasts. They question why a car needs to be painted with vantablack, especially since it won't be for sale anytime soon. And safety studies show that regular black cars are already more dangerous to drive over lighter-colored cars⁠—chances [DOI: 10.1016/j.ssci.2010.05.001] [DX] of crashing a black car at dawn and dusk are 47% higher than that of a non-black car.

Don't forget bird poop and the effects of the Sun on an object that reflects almost no light.

Original Submission

An Anonymous Coward writes:

French vintners haven’t lived through such a succession of hot weather and dry harvests since at least the time of the Black Death in the 14th century.

Weather extremes that could now be considered normal for anybody under the age of 30 are unprecedented in historical records going back to when Europe was recovering from the pandemic that eviscerated the population. That’s the conclusion of researchers who examined temperature, grape harvest and wage data dating back to 1354, according to a study in the European Geosciences Union journal Climate of the Past.

“Outstanding hot and dry years in the past were outliers, while they have become the norm since the transition to rapid warming in 1988,” said the authors led by Thomas Labbe. Hotter temperatures over the last three decades have resulted in Burgundy grapes being harvested on average 13 days earlier than they were over the last 664 years, they said.

https://www.bloomberg.com/news/articles/2019-08-29/burgundy-s-vineyards-haven-t-been-this-hot-since-the-black-death

Yet another parallel to the onset of the "Little Ice Age":

It has been conventionally defined as a period extending from the 16th to the 19th centuries,[3][4][5] but some experts prefer an alternative timespan from about 1300[6] to about 1850.[7][8][9]

[...]Another possibility is that there was a slowing of thermohaline circulation.[49][79][87][88] The circulation could have been interrupted by the introduction of a large amount of fresh water into the North Atlantic, possibly caused by a period of warming before the Little Ice Age known as the Medieval Warm Period.[31][89][90] There is some concern that a shutdown of thermohaline circulation could happen again as a result of the present warming period.[91][92]

Solar cycle 24 had the fewest sunspots since cycle 6 (~1810-1822)[1], and cycle 25 is predicted to be 30-50% weaker[2] than that which would be as weak as the tail end of the Maunder minimum (cycle -4, ~1700-1712). There really isn't any good data on what the sun was doing earlier than that but there are reports that the prior 50 years had almost no sunspots at all.

[1] https://en.wikipedia.org/wiki/Little_Ice_Age
[2] http://www.sidc.be/silso/datafiles
[3] https://www.nasa.gov/feature/ames/solar-activity-forecast-for-next-decade-favorable-for-exploration

Original Submission

canopic jug writes:

Bruce Schneier has written a short piece over at Lawfare in response to ongoing calls to weaken encryption. Unlike during the cold war there is no longer a distinction between consumer grade encryption and military encryption. This is because customized encryption is both more expensive and less secure, because it is unique, non-standard, and untested.

In his keynote address at the International Conference on Cybersecurity, Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations. Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: "After all, we are not talking about protecting the nation's nuclear launch codes. Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications."

The thing is, that distinction between military and consumer products largely doesn't exist. All of those "consumer products" Barr wants access to are used by government officials—heads of state, legislators, judges, military commanders and everyone else—worldwide. They're used by election officials, police at all levels, nuclear power plant operators, CEOs and human rights activists. They're critical to national security as well as personal security.

Earlier on SN:
U.S. Attorney General William Barr Demands Backdoored Encryption (2019)
FBI: End-to-End Encryption Problem "Infects" Law Enforcement and Intelligence Community (2019)
The Crypto Warrior--Why Politicians Want a ‘Back Door’ into Your Devices—and Why it Will Never Work (2016)

Original Submission

takyon writes:

A mandate to fly NASA's mission to Europa on a delayed rocket could cost an extra $1 billion

NASA's inspector general is urging Congress to reconsider a mandate specifying which rocket the space agency's upcoming mission to Jupiter's moon Europa must fly on. Right now, NASA is legally obligated to fly the mission on the next big rocket that the space agency is developing, known as the Space Launch System or SLS. But that vehicle is years away from being ready, and the inspector general argues that changing the rocket to another one that's already in operation could save taxpayers up to $1 billion.

NASA's mission to Europa is currently slated for launch in 2023, and it'll aim to get the closest view yet of the Jovian moon. The project will send a robotic spacecraft to fly close by the icy moon multiple times to get a better understanding of what might be underneath the world's surface. A saltwater ocean is thought to lurk under Europa's crust, and scientists have long been wondering if any type of life might be living in there.

Also at Space News and Ars Technica.

Previously: Europa Clipper Mission Confirmed

Original Submission

upstart writes:

Submitted via IRC for Bytram

Huge find of silver coins provides new clues to turbulent times after Norman Conquest of England

With their metal detectors and spades "detectorists" are a common sight in the British countryside. When their equipment bleeps, they start to dig in the hope of finding something old and valuable. They are often seen as figures of fun—in fact, the BBC shows a comedy series about a pair of such amateur archaeologists which has a cult following. But part-time treasure hunters do much of the heavy lifting when it comes to discovering antiquities buried in fields across the UK.

Two such detectorists, Lisa Grace and Adam Staples, recently uncovered a haul of more than 2,000 silver coins in Somerset in the south-west of England, dating back to the turbulent period following the Norman conquest of England in 1066.

In the years after William of Normandy defeated Harold II and took the throne, the Norman invaders were confronted by frequent rebellion. They responded by planting castles to subdue the population. The coin hoard found in the Chew Valley in Somerset dates from the years of unrest when William was establishing himself on the throne.

One of the largest hoards ever recovered from the years around 1066, it includes more than 1,000 coins minted in Harold's name and a similar number in William's. Harold had been king for only ten months at the time of his defeat and death in battle, so all the coins of Harold date from no earlier than January 1066. Some may have been minted in his name after his death, as a desperate measure by survivors to hold the regime together in the two months that elapsed between the Battle of Hastings and William's coronation. Funds were very important at moments when the succession to the throne lay in doubt.

It is certain at any rate that whoever concealed the hoard was a person of high rank, probably one of the nobility—a circle of no more than 150 landed aristocrats, many of whom were related. A coin hoard of this size may have been to pay for an army. But we might only guess whose army or whether the hoarder was a supporter or opponent of the Norman regime.

Arthur T Knackerbracket has found the following story:

For the first time, a team led by Innsbruck physicist Ben Lanyon has sent a light particle entangled with matter over 50 km of optical fiber. This paves the way for the practical use of quantum networks and sets a milestone for a future quantum internet.

The quantum internet promises absolutely tap-proof communication and powerful distributed sensor networks for new science and technology. However, because quantum information cannot be copied, it is not possible to send this information over a classical network.

In a nonlinear crystal illuminated by a strong laser the photon wavelength is converted to the optimal value for long-distance travel. Quantum information must be transmitted by quantum particles, and special interfaces are required for this. The Innsbruck-based experimental physicist Ben Lanyon, who was awarded the Austrian START Prize in 2015 for his research, is researching these important intersections of a future quantum Internet.

Now his team at the Department of Experimental Physics at the University of Innsbruck and at the Institute of Quantum Optics and Quantum Information of the Austrian Academy of Sciences has achieved a record for the transfer of quantum entanglement between matter and light. For the first time, a distance of 50 kilometers was covered using fiber optic cables.

"This is two orders of magnitude further than was previously possible and is a practical distance to start building inter-city quantum networks," says Ben Lanyon.

[...] With 100-kilometer node spacing now a possibility, one could therefore envisage building the world’s first intercity light-matter quantum network in the coming years: only a handful of trapped ion-systems would be required on the way to establish a quantum internet between Innsbruck and Vienna, for example.

[...] Light-matter entanglement over 50 km of optical fibre. V. Krutyanskiy , M. Meraner, J. Schupp, V. Krcmarsky, H. Hainzer and B. P. Lanyon. npj Quantum Information 2019 DOI: https://doi.org/10.1038/s41534-019-0186-3 (Open Access)

Original Submission

Arthur T Knackerbracket has found the following story:

Russian authorities have arrested members of the TipTop cybercrime group, believed to have infected more than 800,000 Android smartphones with malware since 2015.

The group operated by renting Android banking trojans from underground hacking forums, which they later hid inside Android apps distributed via search engine ads and third-party app stores.

TipTop has been active since 2015, and operators have been making between $1,500 and $10,500 in daily profits, according to Group-IB, the cyber-security firm who helped Russian authorities track down the gang's members. The group's favorite malware was the Hqwar (Agent.BID) banking trojan, which they rented and used in most of their campaigns.

Hqwar is capable of reading SMS messages, recording phone calls, and initiating USSD-requests. However, it's primary function is to show fake login screens on top of legitimate banking apps, and steal victims' login credentials. Group-IB said TipTop temporarily stopped distributing Hqwar in 2016, when they experimented with its competitors, such as Asacub (Honli), Cron, and CatsElite (MarsElite), but returned to it in 2017 when they used it alongside the Lokibot and modernized Marcher (Rahunok) trojans.

[...] In 2017, Kaspersky ranked Hqwar as the fourth most popular Android malware. A year later, Kaspersky cited Hqwar as one of the root causes in the sudden jump in the number of Android mobile banking trojans, together with Asacub.

[...] While official documents or statements don't mention anything about the suspect collaborating with authorities, officials from the Russian Ministry of Internal Affairs said they also made other arrests with the information gathered from this case, while other suspects are under investigation.

Original Submission

upstart writes:

Submitted via IRC for Fnord666

Fresh images of HMS Terror shipwreck could clear up lingering mysteries

Parks Canada has released new images from the first underwater exploration of the shipwreck of the HMS Terror. The ongoing study of the shipwreck and its artifacts should shed more light on Captain Sir John S. Franklin's doomed Arctic expedition to cross the Northwest Passage in 1846. Franklin's two ships, the HMS Erebus and the HMS Terror, became icebound in the Victoria Strait, and all 129 crew members ultimately died. It's been an enduring mystery that has captured imaginations ever since. Novelist Dan Simmons immortalized the expedition in his 2007 horror novel, The Terror, which was later adapted into an anthology TV series for AMC in 2018. (Season 2 of the TV show, set in the Japanese internment camps of World War II, is currently airing.)

The Terror was actually a repurposed warship, having survived the War of 1812 among other skirmishes. The expedition set sail on May 19, 1845 and was last seen in July 1845 in Baffin Bay by the captains of two whaling ships. Historians have managed to piece together a reasonably credible rough account of what happened. The crew spent the winter of 1845-1846 on Beechey Island, where the graves of three crew members were found. When the weather cleared, the expedition sailed into the Victoria Strait before getting trapped in the ice off King William Island in September 1846. Franklin himself died on June 11, 1847, per a surviving note dated the following April. It's believed that everyone else died while encamped for the winter, or while attempting to walk back to civilization.

[...] The remains of the HMS Erebus were discovered by Parks Canada in September 2014, just west of O'Reilly Island, with the help of a remotely operated vehicle (ROV). Almost exactly two years later, an Arctic Research Foundation team found the wreck of the Terror, in Terror Bay, off the southern coast of King William Island, some 62 miles (100 km) from where historians had expected it to be. There had been rumors of sightings in the area, particularly from Inuit hunters, and one reported that he'd seen a mast jutting from the ice in that area a few years earlier. That proved to be the tip the foundation's team needed; it took them just 2.5 hours to locate the Terror.

[...] They captured footage not just of the exterior but also of the interior crew's cabins and captain's quarters. The team is especially excited about the latter location, since they expect to find preserved written documents, hopefully gleaning valuable information about the fate of the ship and her crew, along with details about their lives abroad the ship. They've already identified intact map cabinets, a tripod, and two thermometers. The only area they weren't able to explore were the captain's sleeping quarters.

Original Submission

martyb writes:

WordPress Sites Under Attack as Hacker Group tries to Create Rogue Admin Accounts":

The attacks are an escalation part of a hacking campaign that started last month. During previous attacks, the hackers exploited vulnerabilities in the same plugins to plant malicious code on the hacked sites. This code was meant to show popup ads or to redirect incoming visitors to other websites.

However, two weeks ago, the group behind these attacks changed its tactics. Mikey Veenstra, a threat analyst with cybersecurity firm Defiant, told ZDNet today that starting with August 20, the hacker group modified the malicious code planted on hacked sites.

Instead of just inserting pop-ups and redirects, the malicious code also ran a function in order to test if the site visitor had the ability to create user accounts on the site, a feature only available for WordPress admin accounts.

Basically, this malicious code waited for the site owner to access their own websites. When they did, the malicious code created a new admin account named wpservices, using the email address of wpservices@yandex.com, and password of w0rdpr3ss.

According to Veenstra, these recent attacks are targeting older vulnerabilities in the following plugins.

• Bold Page Builder
• Blog Designer
• Live Chat with Facebook Messenger
• Yuzo Related Posts
• Visual CSS Style Editor
• WP Live Chat Support
• Form Lightbox
• Hybrid Composer
• All former NicDark plugins (nd-booking, nd-travel, nd-learning, et. al.)

Follow the provided links to access up-to-date versions and then check to make sure you have no rogue admin-level accounts.

Original Submission

upstart writes:

Submitted via IRC for Carny

Forget single genes: CRISPR now cuts and splices whole chromosomes

Imagine a word processor that allowed you to change letters or words but balked when you tried to cut or rearrange whole paragraphs. Biologists have faced such constraints for decades. They could add or disable genes in a cell or even—with the genome-editing technology CRISPR—make precise changes within genes. Those capabilities have led to recombinant DNA technology, genetically modified organisms, and gene therapies. But a long-sought goal remained out of reach: manipulating much larger chunks of chromosomes in Escherichia coli, the workhorse bacterium. Now, researchers report they've adapted CRISPR and combined it with other tools to cut and splice large genome fragments with ease.

"This new paper is incredibly exciting and a huge step forward for synthetic biology," says Anne Meyer, a synthetic biologist at the University of Rochester in New York who was not involved in the paper published in this week's issue of Science. The technique will enable synthetic biologists to take on "grand challenges," she says, such as "writing of information to DNA and storing it in a bacterial genome or creating new hybrid bacterial species that can carry out novel [metabolic reactions] for biochemistry or materials production."

The tried and true tools of genetic engineering simply can't handle long stretches of DNA. Restriction enzymes, the standard tool for cutting DNA, can snip chunks of genetic material and join the ends to form small circular segments that can be moved out of one cell and into another. (Stretches of linear DNA don't survive long before other enzymes, called endonucleases, destroy them.) But the circles can accommodate at most a couple of hundred thousand bases, and synthetic biologists often want to move large segments of chromosomes containing multiple genes, which can be millions of bases long or more. "You can't get very large pieces of DNA in and out of cells," says Jason Chin, a synthetic biologist at the Medical Research Council (MRC) Laboratory of Molecular Biology in Cambridge, U.K.

[...] The new tools will bolster industrial biotechnology by making it easier to vary the levels of proteins that microbes make, Liu and others say. They also promise an easy way to rewrite bacterial genomes wholesale, Meyer adds. One such project aims to alter genomes so they can code not just for proteins' normal 20 amino acids, but also for large numbers of nonnatural amino acids throughout the genome. That could lead to synthetic life forms capable of producing molecules far beyond the reach of natural organisms.

Original Submission

upstart writes:

Submitted via IRC for Bytram

Venmo's Public Transactions Policy Stirs Privacy Concerns

In an open letter, the Mozilla Foundation and EFF scolded Venmo for its data privacy policies, which they say could open the door to stalking and spear-phishing.

Your simple $5 Venmo payment to a friend after splitting a pizza could easily expedite various malicious attacks, from stalking to spear-phishing, according to researcher concerns.

Many have weighed in on Venmo’s privacy practices, but the latest are Mozilla Foundation and the Electronic Frontier Foundation (EFF), which on Thursday blasted popular mobile transaction app for its data-privacy policies. The companies specifically pointed out the lack of privacy around Venmo transactions, which are public by default, and around public lists of users’ friends that they can interact with on the app, for which there is not even an option to hide.

Venmo, a mobile payment service owned by PayPal, is an app that enables friends on the app to pay or request payments from one another. The app’s popularity is not to be understated, with 40 million active users in 2019, and $12 billion in transactions on the platform in the first quarter of 2018.

In a Thursday joint public letter the Mozilla Foundation and EFF penned their concerns. “We are writing to express our deep concern about Venmo’s disregard for the importance of user privacy, and to call on Venmo to make two critical changes to its privacy settings: Make transactions private by default, and give users privacy settings for their friend lists,” the organizations said in their letter.

The plea to Venmo comes after the app’s privacy policies have been criticized by several researchers, who showed how they could scrape millions of Venmo payments – even if they don’t use the app.  That’s because Venmo utilizes a public API endpoint to return the data for its transaction feed –  meaning that anyone, even those not using the app, could make a GET request to see anyone else’s transactions.

[...] “The list of people with whom you exchange money paints a startlingly clear picture of the people who live, date and do business with you,” they said. “Just as Venmo has given users newsfeed privacy settings, it must give them, at a minimum, equivalent friend list privacy settings.”

Original Submission