SoylentNews

owl writes:

https://arstechnica.com/gadgets/2024/10/streaming-industry-has-unprecedented-surveillance-manipulation-capabilities/

The companies behind the streaming industry, including smart TV and streaming stick manufacturers and streaming service providers, have developed a "surveillance system" that has "long undermined privacy and consumer protection," according to a report from the Center for Digital Democracy (CDD) published today and sent to the Federal Trade Commission (FTC). Unprecedented tracking techniques aimed at pleasing advertisers have resulted in connected TVs (CTVs) being a "privacy nightmare," according to Jeffrey Chester, report co-author and CDD executive director, resulting in calls for stronger regulation.

The 48-page report, How TV Watches Us: Commercial Surveillance in the Streaming Era [PDF], cites Ars Technica, other news publications, trade publications, blog posts, and statements from big players in streaming—from Amazon to NBCUniversal and Tubi, to LG, Samsung, and Vizio. It provides a detailed overview of the various ways that streaming services and streaming hardware target viewers in newfound ways that the CDD argues pose severe privacy risks. The nonprofit composed the report as part of efforts to encourage regulation. Today, the CDD sent letters to the FTC [PDF], Federal Communications Commission (FCC), California attorney general [PDF], and California Privacy Protection Agency (CPPA) [PDF], regarding its concerns.

[...] The report notes "misleading" privacy policies that have minimal information on data collection and tracking methods and the use of marketing tactics like cookie-less IDs and identity graphs that make promises of not collecting or sharing personal information "meaningless."

Original Submission

Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent

upstart writes:

Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent:

Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy-Preserving Attribution (PPA) without explicitly seeking users' consent.

"Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites," noyb said. "In essence, the browser is now controlling the tracking, rather than individual websites."

Noyb also called out Mozilla for allegedly taking a leaf out of Google's playbook by "secretly" enabling the feature by default without informing users.

PPA, which is currently enabled in Firefox version 128 as an experimental feature, has its parallels in Google's Privacy Sandbox project in Chrome.

The initiative, now abandoned by Google, sought to replace third-party tracking cookies with a set of APIs baked into the web browser that advertisers can talk to in order to determine users' interests and serve targeted ads.

Put differently, the web browser acts as a middleman that stores information about the different categories that users can be slotted into based on their internet browsing patterns.

PPA, per Mozilla, is a way for sites to "understand how their ads perform without collecting data about individual people," describing it as a "non-invasive alternative to cross-site tracking."

It's also similar to Apple's Privacy Preserving Ad Click Attribution, which allows advertisers to measure the effectiveness of their ad campaigns on the web without compromising on user privacy.

The way PPA works is as follows: Websites that serve ads can ask Firefox to remember the ads in the form of an impression that includes details about the ads themselves, such as the destination website.

If a Firefox user ends up visiting the destination website and performs an action that's deemed valuable by the business – e.g., making an online purchase by clicking on the ad, also called "conversion" – that website can prompt the browser to generate a report.

AnonTechie writes:

Getting into arguments with strangers online or family members at the dinner table can feel a bit like debating with a brick wall. We are probably all guilty of feeling like we are right, even if we don't have all the facts. According to a recent psychology study, people tend to assume that they have all of the information that they need to make a decision or support their position–even if they don't. This phenomenon dubbed the "illusion of information adequacy" is detailed in a study published October 9 in the journal PLoS ONE.

"Interpersonal conflict is on the rise, driving increases in anger, anxiety, and general stress," Angus Fletcher, a study co-author and narrative theorist and neurophysiologist at the Ohio State University, tells Popular Science. "We wanted to look into those misunderstandings and see if they could be mitigated."

The team calls this belief that we are correct–even when we don't have all of the information–the illusion of adequacy.

Fletcher describes the illusion of adequacy as, "The less that our brain knows, the more confident it is that it knows all it needs to know. This makes us prone to thinking that we have all the crucial facts about a decision, leaping to confident conclusions and decisive judgments, when we are missing necessary information."

Source: Popular Science

Citation: Gehlbach H, Robinson CD, Fletcher A (2024) The illusion of information adequacy. PLoS ONE 19(10): e0310216. https://doi.org/10.1371/journal.pone.0310216

Journal Reference: The illusion of information adequacy

Original Submission

owl writes:

https://www.da.vidbuchanan.co.uk/blog/dram-emfi.html#can-you-get-root-with-only-a-cigarette-lighter

Before you can write an exploit, you need a bug. When there are no bugs, we have to get creative—that's where Fault Injection comes in. Fault injection can take many forms, including software-controlled data corruption, power glitching, clock glitching, electromagnetic pulses, lasers, and more.

Hardware fault injection is something that typically requires specialized (and expensive) equipment. The costs stem from requiring a high degree of precision in terms of both when and where the fault is injected. There are many valiant attempts at bringing down the costs, with notable projects ranging from the RP2040-based PicoEMP, all the way to "Laser Fault Injection for The Masses". (The RP2040 crops up a lot due to its low cost combined with the "PIO" peripheral, which can do I/O with tight timings and latency)

A while back I read about using a piezo-electric BBQ Igniter coupled to an inductor as a low-budget tool for electro-magnetic fault injection (EMFI), and I was captivated. I wondered, how far can you take such a primitive tool? At the time, the best thing I could come up with was exploiting a software implementation of AES running on an Arduino, using DFA—it worked!

But I wasn't fully satisfied. I wanted to exploit something more "real," but I was out of ideas for the time being....

Original Submission

Amazon plans to show more ads on Prime Video in 2025 to test how much viewers can handle. Even though some subscribers may not like ads, Amazon has not seen a big drop in customers since adding them. By adding more commercials and shoppable ads, Amazon is trying to see how much ads people will tolerate while watching their favorite shows.

Amazon will "ramp up" Prime Video ads in 2025: https://arstechnica.com/gadgets/2024/10/amazon-prime-video-is-getting-more-ads-next-year/

Original Submission

Our resident anonymous Anonymous Coward has offered the following story with which to start your weekend:

Motor Trend tells this quirky story about the Facebook boss, https://www.motortrend.com/news/mark-zuckerberg-porsche-cayenne-minivan-custom/

"Pricilla wanted a minivan, so I've been designing something I'm pretty sure should exist: a Porsche Cayenne Turbo GT Minivan."

I'm pretty sure that this unholy combination should _not_ exist! Motor Trend seems to concur,

As for the conversion, it looks fairly well-executed, though it does make the Cayenne look somewhat like a sea mammal with wheels. It's weird, but we don't hate it. It's unclear how long it took West Coast Customs to do the conversion or how much it cost, though we assume the answer is "a long time" and "expensive."

It's bad enough that Porsche took a turn to the ordinary when they started making SUVs, as a cash grab to suppliment their traditional expertise in sports and racing cars. But a minivan is a step too far...

Original Submission

owl writes:

https://arstechnica.com/cars/2024/10/connected-car-failure-puts-kibosh-on-sale-of-3300-fisker-oceans/

Starting a new car company isn't easy—just ask Henrik Fisker, whose second bite at that particular cherry ended the same way as his first when it filed for bankruptcy this July. At the time, Fisker said it wanted to try to "preserve certain customer programs," but Ars wondered what this actually meant, particularly now that electric vehicles are so dependent on software support and cloud connectivity. Now, thanks to a recent court filing spotted by TechCrunch, we know the answer: nothing good.

Car publications were already warning consumers to steer clear of the Ocean as early as this March, despite massive price cuts that saw these electric SUVs being offered for less than $25,000. A New York-based company called American Lease was less deterred by this warning and in June agreed to purchase the remaining Fisker inventory—approximately 3,300 cars for a total of $46.3 million dollars. By October, American Lease had paid Fisker $42.5 million and had taken delivery of about 1,100 Oceans.

That was the plan until the end of last week, at least. Last Friday evening, Fisker informed American Lease that the Oceans "cannot, as a technical matter, be 'ported' from the Fisker server to which the vehicles are currently linked to a distinct server owned and/or controlled by" American Lease.

[...] American Lease says it "cannot overstate the significance of this unwelcome news," particularly since it had already paid Fisker the vast majority of the agreed price. American Lease is also more than a little unhappy that the news was delivered a few days before a court hearing scheduled for today and says it's unclear how long Fisker has known that its cars cannot be ported to a new server.

Original Submission

looorg writes:

The Royal Swedish Academy of Sciences has decided to award the Nobel Prize in Physics 2024 to

John J. Hopfield
Princeton University, NJ, USA

Geoffrey E. Hinton
University of Toronto, Canada

"for foundational discoveries and inventions that enable machine learning with artificial neural networks"

John Hopfield invented a network that uses a method for saving and recreating patterns. We can imagine the nodes as pixels. The Hopfield network utilises physics that describes a material's characteristics due to its atomic spin – a property that makes each atom a tiny magnet. The network as a whole is described in a manner equivalent to the energy in the spin system found in physics, and is trained by finding values for the connections between the nodes so that the saved images have low energy. When the Hopfield network is fed a distorted or incomplete image, it methodically works through the nodes and updates their values so the network's energy falls. The network thus works stepwise to find the saved image that is most like the imperfect one it was fed with.

Geoffrey Hinton used the Hopfield network as the foundation for a new network that uses a different method: the Boltzmann machine. This can learn to recognise characteristic elements in a given type of data. Hinton used tools from statistical physics, the science of systems built from many similar components. The machine is trained by feeding it examples that are very likely to arise when the machine is run. The Boltzmann machine can be used to classify images or create new examples of the type of pattern on which it was trained. Hinton has built upon this work, helping initiate the current explosive development of machine learning.

https://www.nobelprize.org/prizes/physics/2024/press-release/
https://en.wikipedia.org/wiki/John_Hopfield
https://sv.wikipedia.org/wiki/Geoffrey_Hinton

Original Submission

Freeman writes:

https://arstechnica.com/gaming/2024/10/nes-tetris-first-ever-rebirth-loops-past-level-255-and-back-to-zero/

Months ago, 13-year-old Willis "Blue Scuti" Gibson became the first person to "beat" NES Tetris, crashing the game after a 1,511-line, 157-level performance. Over the weekend, 16-year-old Michael "dogplayingtetris" Artiaga became the first to reach an even more impressive plateau in the game, looping past Level 255 and instantly rolling the game all the way back to the ultra-slow Level 0.

It took Artiaga a bit over 80 minutes and a full 3,300 cleared lines to finally achieve the game's first near-mythical "rebirth" live in front of hundreds of Twitch viewers.
[...]
Artiaga's record does come with a small asterisk since he used a version of the game that was modified to avoid the crashes that stopped Blue Scuti's historic run.
[...]
NES Tetris was never designed for play past Level 29, though, which means unintended glitches start to get in the way of any truly endless Tetris sessions. At Level 138, a memory overflow error causes the Tetris pieces to show up in some increasingly funky colors, including palettes that are incredibly hard to make out at Levels 146 and 148.
[...]
Even with a modified game, though, Artiaga faced another massive mountain of a glitch before he could achieve rebirth: Level 235. While the Tetris Level counter usually cycles every 10 lines, vagaries of the game's binary-coded decimal line counter cause the level count to get stuck on 235 for a whopping 810 lines. To make matters worse, the Level 235 glitched color palette is a dull green that is hard to see against the game's black background, making the level a true test of endurance.
[...]
Artiaga—who started playing high-level Tetris competitively at the age of 10 in 2019—has won the Classic Tetris World Championship two times, in addition to setting multiple records in the game and dominating many smaller tournaments. Despite all that, he said during his stream that "this is the best thing I've ever done in Tetris, bro."
[...]
"Oh my god, I'm so glad that game is over, bro," Artiaga said on stream. "I never want to play this game again, bro... I was starting to lose my mind."

Now that the Tetris rebirth has been proven humanly possible (with crash-avoidance mods, at least), the community will no doubt move on to see who, if anyone, can complete a double rebirth in a single uninterrupted Tetris session.
[...]
One thing's for sure: The classic Tetris scene has certainly come a long way since the days of the Level 29 "kill screen."

Side Note: Tetris is now over 40 years old.

Previously on SoylentNews:
Tetris -- A Cognitive Vaccine - 20240927
Hackers Discover How to Reprogram NES Tetris From Within the Game - 20240512
NES Tetris Beaten - 20240106
Hackers' Delight: a History of MIT Pranks and Hacks - 20231124
Tetris' Creators Reveal the Game's Greatest Unsolved Mysteries - 20230428
Happy 30th Birthday Tetris! - 20140608

Original Submission

Snotnose writes:

Think the recent kerfluffle over deepfakes is something new? Guess again.

Concern about deceptively edited photos feels like a very modern anxiety, yet a century ago similar worries were being litigated...

Portrait photography gave rise to an industry of photo 'retouching' – analog 'beauty filters' – to flatter subjects in a way portrait painters once did. This trend lead to questions about technology distorting our perceptions of beauty, reality and truth:

Other commercial applications of photo retouching emerged: in 1911 tourists visiting Washington D.C. could acquire fake photographs of themselves posing with then President of the United States William Taft. This troubled Government officials. Upon discovering the practice in 1911, a United States Attorney ordered it stopped.

The following year a fugitive - wanted for people trafficking - was found in possession of a fake photo posing with President Taft, it was reported he'd used it to buy the trust of his victims:

That this seemingly benign practice had been weaponized prompted some to demand it be regulated against abuse. The justice department prepared a law, that was introduced by then Senator Henry Cabot Lodge - who'd similarly been troubled after reportedly finding a photograph of himself with someone he'd never met.

Now I have to wonder if Grandpa really did befriend a bigfoot.

Original Submission

U.S. Wiretap Systems Targeted in China-Linked Hack

From Schneier's Blog

A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.

https://www.schneier.com/blog/archives/2024/10/china-possibly-hacking-us-lawful-access-backdoor.html

It's a weird story. The first line of the article is: "A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers." This implies that the attack wasn't against the broadband providers directly, but against one of the intermediary companies that sit between the government CALEA requests and the broadband providers.

For years, the security community has pushed back against these backdoors, pointing out that the technical capability cannot differentiate between good guys and bad guys. And here is one more example of a backdoor access mechanism being targeted by the "wrong" eavesdroppers.

Pluralistic: China Hacked Verizon, AT&T and Lumen Using the FBI's Backdoor (07 Oct 2024) – Pluralist

upstart writes:

Pluralistic: China hacked Verizon, AT&T and Lumen using the FBI's backdoor (07 Oct 2024) – Pluralistic: Daily links from Cory Doctorow:

China hacked Verizon, AT&T and Lumen using the FBI's backdoor (permalink)

State-affiliated Chinese hackers penetrated AT&T, Verizon, Lumen and others; they entered their networks and spent months intercepting US traffic – from individuals, firms, government officials, etc – and they did it all without having to exploit any code vulnerabilities. Instead, they used the back door that the FBI requires every carrier to furnish:

https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b?st=C5ywbp&reflink=desktopwebshare_permalink

In 1994, Bill Clinton signed CALEA into law. The Communications Assistance for Law Enforcement Act requires every US telecommunications network to be designed around facilitating access to law-enforcement wiretaps. Prior to CALEA, telecoms operators were often at pains to design their networks to resist infiltration and interception. Even if a telco didn't go that far, they were at the very least indifferent to the needs of law enforcement, and attuned instead to building efficient, robust networks.

Predictably, CALEA met stiff opposition from powerful telecoms companies as it worked its way through Congress, but the Clinton administration bought them off with hundreds of millions of dollars in subsidies to acquire wiretap-facilitation technologies. Immediately, a new industry sprang into being; companies that promised to help the carriers hack themselves, punching back doors into their networks. The pioneers of this dirty business were overwhelmingly founded by ex-Israeli signals intelligence personnel, though they often poached senior American military and intelligence officials to serve as the face of their operations and liase with their former colleagues in law enforcement and intelligence.

Telcos weren't the only opponents of CALEA, of course. Security experts – those who weren't hoping to cash in on government pork, anyways – warned that there was no way to make a back door that was only useful to the "good guys" but would keep the "bad guys" out.

These experts were – then as now – dismissed as neurotic worriers who simultaneously failed to understand the need to facilitate mass surveillance in order to keep the nation safe, and who lacked appropriate faith in American ingenuity. If we can put a man on the moon, surely we can build a security system that selectively fails when a cop needs it to, but stands up to every crook, bully, corporate snoop and foreign government. In other words: "We have faith in you! NERD HARDER!"

Snotnose writes:

Your super secret airplane just crashed and everyone knows where. Now what?

'At the crash site investigators collected evidence and evaluated the remains of the aircraft for clues to the cause of the tragedy. Then came the task of cleaning the site and leaving no pieces of the highly classified aircraft for scavengers, the media, or others to find. A clean-up team moved out a thousand feet from the last of the recognizable debris and then dug and sifted all the dirt in the area.

'On Jul. 23, controlled explosive charges were detonated on the hillside to free pieces of the aircraft buried as the result of the crash.'

Then, according to Knowledge Stew, the Air Force brought in a crashed F-101A Voodoo, an aircraft that had been out of service with the Air Force since 1972 and with the Air National Guard since 1982. The crashed Voodoo had been in storage at the secretive Area 51 in Nevada for more than 20 years, and it was broken up and put in place of the F-117 debris. Almost a month later, the Air Force said the area was no longer restricted.

Original Submission

Arthur T Knackerbracket has processed the following story:

Networking giant Cisco is getting out of the LoRaWAN market for IoT device connectivity, announcing end-of-availability and end-of-life dates for its gateways and associated products, with no planned migration pathway for customers.

Switchzilla made this information public in a notice on its website announcing the end-of-sale and end-of-life dates for Cisco LoRaWAN. The last day customers will be able to order any affected products will be January 1, 2025, with all support ceasing by the end of the decade.

The list includes Cisco's 800 MHz and 900 MHz LoRaWAN Gateways, plus associated products such as omni-directional antennas and software for the Gateways and Interface Modules.

If anyone was in any doubt, the notification spells it out: "Cisco will be exiting the LoRaWAN space. There is no planned migration for Cisco LoRaWAN gateways."

The move will come as a blow for any organizations that have built IoT deployments using LoRaWAN that may have considered Cisco to be a safe and dependable supplier. The networking colossus was pushing new products as recently as last year, when it announced a pluggable interface module (PIM) for the Cisco Catalyst IR1100 Rugged Series Routers with LoRaWAN connectivity.

LoRaWAN is a low power, wide area network specification, specifically designed to connect devices such as sensors over relatively long distances. It is built on LoRa, a form of wireless communication that uses spread spectrum modulation, and makes use of license-free sub-gigahertz industrial, scientific, and medical (ISM) radio bands. The tech is overseen by the LoRa Alliance.

[...] One analyst we spoke to who covers the IoT space said this likely isn't a profitable part of the business as far as Cisco is concerned. Since LoRa has a long range, fewer gateways are required than in Wi-Fi deployments, for example, and there are many vendors making LoRa sensors and hardware, resulting in a competitive market.

[...] "Exiting the LoRaWAN market is probably part of a more focused look at networking, paring away areas where they either weren't dominant, they don't see growth potential or that isn't in line with their overall networking roadmap."

Any Cisco LoRaWAN customers can perhaps take comfort from the fact that the final date to receive applicable service and support as stipulated in active service contracts is December 31, 2029. However, the last date that Cisco Engineering may release a planned maintenance release or software patch is much nearer – December 31, 2026.

Original Submission

Arthur T Knackerbracket has processed the following story:

As the saying goes, everything is bigger in Texas, but as datacenter footprints explode amid the AI boom, regulators fear even the Lone Star state's utilities won't be able to keep up for much longer.

The Texas' Public Utility Commission is now warning datacenter operators looking to set up shop in the US state within the next 12 to 15 months that they won't be able to rely entirely on the local grid and will have to supply at least some of their own power. As some of you will know, Texas has at times suffered blackouts from demand overload, and outages sparked by storms damaging infrastructure.

"We can't afford to lose any of our resources off the system at this point, especially given those load-growth projections," Thomas Gleeson, who chairs the commission, told Blomberg during the Gulf Coast Power Association conference in Austin this week.

Chief among Gleeson's concerns is datacenters setting up shop near existing power plants and buying up the supply of electricity, making it harder for the grid to keep the lights on for everyone else. Instead, Gleeson wants to see datacenter operators arranging and supporting their own generation facilities before putting strain on existing infrastructure.

[...] To ensure their bit-barn projects don't run out of juice, some operators are cozying up to operating and even defunct nuclear power plants. This northern spring, Amazon paid $650 million for Talen Energy's Cumulus datacenter located directly adjacent to the 2.5 gigawatt Susquehanna nuclear power plant. Under the deal, Amazon will have access to up to 960 megawatts of power.

[...] However, bringing retired nuclear plants back online isn't always as easy as it sounds. As The Register recently reported, many older facilities will require extensive repairs and modernization before they're ready to start turning steam into electricity again.

day of the dalek writes:

NOAA has issued a rare G4 watch for a severe geomagnetic storm that is expected on October 10 and 11. G4 refers to NOAA's scale for the intensity of geomagnetic storms, which ranges from G1 to G5. Prior to the geomagnetic storm in May of this year that reached G5 intensity, the last G4 watch was issued in January of 2005.

This watch was issued for a coronal mass ejection (CME) that occurred around 03 UTC on October 9 and is expected to reach Earth around 12-15 UTC on October 10. An article from the Washington Post states that the speed of the CME, around 2.5 million miles per hour, is the fastest that a CME has been ejected toward Earth during the current solar cycle. From my very limited understanding of space weather, it seems that faster CMEs generate higher ram pressures against Earth's magnetosphere and can result in more severe geomagnetic storms. The x-ray brightness of solar flares gets a lot of attention, and this was an X-class flare (the highest level on the classification scale), this was an X1.8 flare whereas flares have been observed at least up to X28. The high speed of the CME, however, seems to be a factor in the potential for a severe geomagnetic storm.

One of the main questions that we can't answer until the CME gets to within about a million miles of Earth is the orientation of its magnetic field. If the CME's magnetic field is aligned in the same direction as Earth's, it will produce a less severe geomagnetic storm than if it's aligned in the opposite direction. An excellent resource for data about space weather and this CME is NOAA's space weather enthusiasts dashboard. There's a lot of data on that page that is useful if you're concerned about the possibility of viewing auroras or potential disruptions to the power grid, so hopefully some of the comments can explain a bit more about what it means. I don't know a whole lot about space weather, but I'll try to offer a cursory explanation of what I believe some of it means.

The solar visible light shows where sunspots are currently observed, whereas the LASCO C3 images are observed from satellites can be used to see CMEs when they occur. A CME will appear like an explosion outward from the sun's corona. The data is input into a model called WSA-ENLIL, which predicts the density and radial velocity (outward from the sun) of solar wind plasma. A higher plasma density or a faster radial velocity should result in a stronger geomagnetic storm. This is also useful for estimating when a CME will reach Earth. I believe the GOES magnetometer data is used to measure how much the Earth's magnetic field is compressed or stretched and can identify the onset of geomagnetic storms. The ACE MAG and SWEPAM data are satellite-derived measurements of the solar wind. In addition to showing the plasma speed, temperature, and density, the Bz and Phi variables show the orientation of the magnetic field in the solar wind. If Bz is positive, it's a northward-oriented magnetic field. However, a negative Bz indicates a southward-oriented magnetic field, the opposite direction of Earth's magnetic field, and this can result in more severe geomagnetic storms. Basically, a strongly negative Bz around -10 or even -20 would be more favorable for a strong geomagnetic storm. The aurora forecast is a short-term forecast (~30 minutes to an hour) of the probability of auroral activity over a location, though auroras may be visible near the horizon in areas equatorward of what the forecast shows.

There's a lot of data on NOAA's space weather dashboard that can be useful for anyone hoping to see the auroras. My understanding of space weather is very limited, so if anyone else has a better understanding of what the data means, please share the information in the comments. Although a G4 or even a G5 geomagnetic storm is possible, but there's still a lot of uncertainty until the CME gets very close to Earth.

Original Submission