Category Archives: Technology

(ZH) This is What The “Trade” War With China Is Really All About

(ZH) Forget soybeans, auto imports, iPhones, crude oil, and cheap Chinese gadgets. Also forget tariffs, duties, and subsidies. Even forget weapons.

The real reason behind the US-China “trade” war has little to do with actual trade, and everything to do with what China’s president, Xi Jinping, said when he visited a memory chip plant in the city of Wuhan earlier this year. In a white lab coat, he made an unexpectedly sentimental remark, comparing a computer chip to a human heart: “No matter how big a person is, he or she can never be strong without a sound and strong heart”.

What is really at the basis of the ongoing civilizational conflict between the US and China, a feud which many say has gradually devolved into a new cold war if few top politicians are willing to call it for what it is, are China’s ambitions to be a leader in next-generation technology, such as artificial intelligence, which rest on whether or not it can design and manufacture cutting-edge chips, and is why Xi has pledged at least $150 billion to build up the sector.

But, as the FT notes, China’s plan has alarmed the US, and chips, or semiconductorshave become the central battlefield in the trade war between the two countries. And it is a battle in which China has a very visible Achilles heel.

Even with the so-called truce between the two sides signed last weekend, and which promptly unraveled after the Huawei CFO’s arrest was unveiled last week, Washington plans to ramp up export controls next year on so-called foundational technologies — those that can enable development in a broad range of sectors — and the equipment for manufacturing chips is one of the key target areas under discussion.

This is a concern for China as the $412 billion global semiconductor industry rests on the shoulders of just six equipment companies, with three of them based in the US. Together, these companies make nearly all of the crucial hardware and software tools needed to manufacture chips, meaning an American export ban would choke off China’s access to the basic tools needed to make their latest chip designs.

“You cannot build a semiconductor facility without using the big major equipment companies, none of which are Chinese,” said Brett Simpson, the founder of Arete Research, an equity research group. “If you fight a war with no guns you’re going to lose. And they don’t have the guns.”

To observe China’s reliance on foreign products, look no further than the over $300 billion in semiconductor equipment China has imported over just the past 12 months.

Chart: @brad_setser

To be sure, under Beijing’s auspices, Chinese chip companies have made enormous gains in semiconductor design as well as chip testing and packaging, in an attempt to catch up to the US. Several private and state-owned Chinese companies — Intel-backed Tsinghua Unigroup, Cambricon Technologies and Huawei’s HiSilicon among them — have already begun to venture into designing the leading edge chips capable of AI applications.

But, as the FT, notes, the real difficulty is not in designing the chips, but in making them: “From a design perspective, Chinese companies are at least on par with anyone else in the world,” said Risto Puhakka, president of VSLI Research. “Where they have a challenge is if they decide to make a very cutting-edge chip.”

The country’s recent scramble, amid the push for China 2025 strategic plan, to become technologically self-sufficient in chip production is clearly visible in the next chart, showing the big spike in recent imports of equipment for semiconductor manufacturing.

Chart: @brad_setser

Still, as Chinese semiconductor plants try to catch up, they have few choices when outfitting or upgrading their chip foundries. The reason: only a few equipment suppliers remain after a decade of consolidation.

Foremost among them is the Netherland’s ASML, which makes the photolithography machines that print and etch designs on to silicon wafers. It is the only supplier of the extreme ultra violet (EUV) lithography machines needed to make a 7-nanometre processor, the industry’s current gold standard.

Over in the US, Lam Research and Applied Materials as well as Japanese company Tokyo Electron dominate the market for equipment that can deposit billions of transistors and other active components on to a single chip. Another US company, KLA Tencor, sells much of the technology used in testing and monitoring the quality of chip production.

It is China’s reliance on these companies, more than any down swing in the stock market, that has made it vulnerable.

“Firms like Applied Materials, Lam Research and KLA-Tencor made 10 to 20 per cent of their revenues in China in 2017, a share which is expected to rise in 2018,” said Dan Wang, an analyst at Beijing research group Gavekal Dragonomics. “China is a large and growing market for them, and these companies don’t want export controls that are too restrictive.”

What would happen if the trade war escalates to prevent China from catching up with the US technologically?

Under current laws, an export ban on semiconductor equipment would mean both foreign companies, such as Samsung and Intel with foundries located in China, as well as wholly owned Chinese foundries would be unable to buy American equipment, though foreign companies are likely to be able to apply for waivers.

“One of the ideas of export controls is to prevent the release of the tech to certain foreign nationals from China: as an example, that could mean to a Chinese national wherever they are located, or to anyone within the physical geographic region of China,” said Anthony Capobianco, a partner at Hogan Lovells in Washington DC.

A US ban would also impact non-American chip equipment suppliers, because of the integration of what is a highly specialised supply chain: “ASML cannot do without Applied Materials and the other way around. If you take even one out of the value chain, that may hamper Chinese fabs,” said a former ASML executive.

Puhakka of VSLI Research said: “[These equipment suppliers] have the research and development, the trade secrets in metallurgy, the recipes: all of that knowledge base is 40 years old.” said VSLI Research’s Mr Puhakka.

“This is not about money. This about the knowledge base . . . and that knowledge base is not moving” he added, delineating China’s core dilemma.

* * *

Still, slowly China is catching up and some mainland companies are starting to produce their own chip-making equipment. At the head of the pack are Shanghai-based AMEC, which makes both wafer fabrication and packaging equipment for 28nm chips, Shanghai Micro Electronics Equipment, which is creating chip-etching lithography machines, and CETC, the state defence company, which announced a 28nm ion implanting device this August.

But what matters in the global technological arms race is that no Chinese company is close to being able to offer equipment that can produce the current target size of 7nm chips. SMEE’s machines can only match what ASML was able to do about 15 years ago. Today’s most basic smartphones require chips that are between 14nm and 16nm in size, but the smallest chips offered by China’s biggest manufacturer, SMIC, is 28nm.

And if the US cuts them off from purchasing foreign equipment, Chinese plants will also miss out on accumulating operational experience. “Basically, it’s a double whammy,” said Mr Simpson from Arete Research.

“You’ve got two big bottlenecks. You need to get the equipment into your fabs [plants] and secondly, you’ve got to know how it runs and the intellectual property process to make use of that equipment,” he explained.

Of course, being behind doesn’t mean China would give up, and if faced with US export controls, Chinese-owned plants could simply continue producing lower-end semiconductors, such as analogue chips, used in everything from industrial robots to electric vehicles.

However, out of reach in the medium term would be making the most advanced chips able to support AI functions or 5G telecommunication networks. Leading edge chips are also where sales and margins are highest. TSMC expects revenue from sales of advanced chips 28nm and smaller to rise to as much as 70% by this year, up from 42% only four years ago.

The risk is that an overly aggressive posture would backfire, and force China to become entirely self sufficient, because in the long term, analysts said, a US export ban would likely cement Beijing’s resolve to cultivate a wholly home grown semiconductor industry along every step, from design to fabrication to packaging.

“In the short term, US export controls can seriously set back Chinese progress on semiconductors. In the longer term, it’s hard to say if China will be permanently set back,” said Gavekal’s Wang, noting that fear of US export controls helped marshal the resources that shaped Japan’s most dominant semiconductor equipment players.

“The more tightly the US controls these goods, the more important it becomes for China to make these goods itself.”

At the end of the day, however, it is a simple question of money, because if China is willing to throw enough money at the problem, the solution will come. And as we showed back in May, China has every intention of not only matching, but surpassing total US military spending – springing the biggest Thucydides Trap ever witnessed in civilization – and in light of the importance of an autonomous, self-reliant semiconductor industry, one can argue that much of this spending will go toward beating the US where it truly matters…

… in the technological arms race.

Because remember what Bank of America’s Michael Hartnett said half a year ago: for all the talk of the escalating confrontation between the US and China, the “trade war” of 2018 should be recognized for what it really is: “the first stage of a new arms race between the US & China to reach national superiority in technology over the longer-term via Quantum Computing, Artificial  Intelligence, Hypersonic Warplanes, Electronic Vehicles, Robotics, and Cyber-Security.”

Which is why, at this point delaying Beijing may be the best option for the US which is slowly but surely losing its one insurmountable technological advantage. But while that may win the short-term battle, will it merely lead to an even faster victory for China in the war, first trade and eventually, real.

(GUA) Google+ to shut down early after privacy flaw affects over 50m users

(GUA) Service to be closed four months earlier than expected in light of lapse that exposed names, email addresses and other information

Google CEO Sundar Pichai is scheduled to appear before a House committee.
 Google CEO Sundar Pichai is scheduled to appear before a House committee. Photograph: Manu Fernandez/AP

Google is still having trouble protecting the personal information on its Google+ service, prodding the company to accelerate its plans to shut down a little-used social network created to compete against Facebook.

A privacy flaw that inadvertently exposed the names, email addresses, ages and other personal information of 52.5 million Google+ users last month convinced Google to close the service in April instead of August, as previously announced. Google revealed the new closure date and its latest privacy lapse in a Monday blogpost.

It is the second time in two months that Google has disclosed the existence of a problem that enabled unauthorized access to Google+ profiles. In October, the company acknowledged finding a privacy flaw affecting 500,000 users that it waited more than six months to disclose.

Google moved more quickly to own up to the most recent privacy problem on Google+. This time around, the names, email addresses, ages and other personal information of the affected users were exposed for six days in November before it was fixed. No financial information or passwords were visible to intruders, according to Google. The company also said it has not seen evidence indicating that unauthorized users who accessed Google+ through the inadvertent peephole have misused any of the personal information.

Even if the latest privacy gaffe didn’t cause any major damage, it nevertheless marks another embarrassing incident for Google.

Like Facebook, Google makes most of its money by selling ads that draw upon what the company learns about the interests, habits and locations of people while they’re using its free services.

Google’s privacy issues on Google+ are likely to be a topic that US lawmakers delve into Tuesday, when CEO Sundar Pichai is scheduled to appear before a House committee. Some members of Congress are now mulling whether tougher regulations to curb the power of Google, Facebook and other technology companies are needed in addition demanding tighter controls over digital privacy.

Facebook has had even more trouble guarding the personal information that it scoops up on its social networking service, which now has more than 2.2 billion users. The most glaring breakdown emerged in March when Facebook acknowledged the personal information of as many as 87 million of its users had been shared with Cambridge Analytica, a data mining firm affiliated with Donald Trump’s 2016 presidential campaign.

(ZH) Israeli Company Sold iPhone Spyware To Saudis Knowing Riyadh Would Purge Dissidents

(ZH) Weeks ago NSA whistleblower Edward Snowden was the first to reveal that Saudi Arabia used Israeli spyware to target murdered Saudi journalist Jamal Khashoggi, accusing a Tel Aviv-based compmany called NSO Group of “selling a digital burglary tool,” adding it “is not just being used for catching criminals and stopping terrorist attacks, not just for saving lives, but for making money… such a level of recklessness… actually starts costing lives.” 

This has now been confirmed in detail by a new bombshell investigative report in the Israeli newspaper Haaretz, which outlines how NSO Group representatives met with Saudi intelligence officials in Vienna in 2017 in order to demonstrate the powerful and easy hacking capability of its advanced Pagasus 3 system, which using a mere SIM card number can turn a person’s phone into an all-purpose spying device sweeping up the user’s voice conversations, camera, messages, and social media usage.

Israeli-made Pegasus spyware has been extensively used by Saudi Arabia, UAE and Bahrain, via AFP

Among the first requests the Saudi delegation made of NSO while negotiating a $55 million deal to procure the technology was thatthe company help Riyadh uncover the true identities behind dissident Saudi Twitter accounts. The June 2017 deal for the hacking tool came just months before crown prince Mohammed bin Salman’s infamous purge which would see multiple dozens of princes and top officials rounded up and imprisoned in the Riyadh Ritz-Carlton hotel the following November, which also involved the days-long detention of Lebanese Prime Minister Saad al-Hariri.

These latest revelations originated in a complaint to Israeli police now under investigation involving at least one company-linked whistleblower who thinks the Saudis used NSO’s hacking tool to track down and ultimately murder dissidents.

Haaretz confirmed the secret deal with Saudi intelligence “based on testimony and photos, as well as travel and legal documents”. This comes at a sensitive moment when Israeli Prime Minister Benjamin Netanyahu has become increasingly vocal over his desire to deepen ties with Gulf states, especially by supplying advanced Israeli technology.

Offices of Israeli NSO Group company. via AP/Haaretz

One among a series of meetings documented included a who’s who of top Saudi intelligence officials. According to Haaretz:

Arriving at the hotel were Abdullah al-Malihi, a close associate of Prince Turki al-Faisal – a former head of Saudi Arabia’s intelligence services – and another senior Saudi official, Nasser al-Qahtani, who presented himself as the deputy of the current intelligence chief. Their interlocutors were two Israeli businessmen, representatives of NSO, who presented to the Saudis highly advanced technology.

Apparently the Saudi delegation was awed by the ease of use hacking tool after a successful demonstration which involved the following:

During the June 2017 meeting, NSO officials showed a PowerPoint presentation of the system’s capabilities. To demonstrate it, they asked Qahtani to go to a nearby mall, buy an iPhone and give them its number. During that meeting they showed how this was enough to hack into the new phone and record and photograph the participants in the meeting.

NSO, which Edward Snowden has dubbed “the worst of the worst” in terms of aiding and abetting human rights violations, is now under fire especially as evidence proves the company knew full well the technology would be used by Saudi authorities not for disrupting terror attacks or criminal activities, but for purging political dissent.

Edward Snowden

@Snowden

Haaretz confirms reports by @Citizenlab showing Saudi Arabia’s purge of regime opponents was fueled by the group, an out of control Israeli hacking company. Before Khashoggi’s murder, three of his contacts were targeted by SA using NSO’s burglary kit. https://www.haaretz.com/israel-news/.premium-israeli-company-negotiated-to-sell-advanced-cybertech-to-the-saudis-1.6680618 

Israeli NSO negotiated with Saudis advanced cyberattack capabilities sale, Haaretz reveals

haaretz.com

1,378 people are talking about this

The purchase of Pegasus 3 also appears part of a broader regime blitz to acquire pervasive and powerful spying technology at a time when MbS was preparing to consolidate his power after next in line Muhammad bin Nayef was deposed by King Salman.

The Haaretz report reveals how far the Saudis were willing to go:

In the Vienna meeting of April 2017, the Saudis presented a list of 23 systems they sought to acquire. Their main interest was cybersystems. For a few dozens of millions of dollars, they would be able to hack into the phones of regime opponents in Saudi Arabia and around the world and collect classified information about them.

According to the European businessman, the Saudis, already at the first meeting, passed along to the representatives of one of the companies details of a Twitter account of a person who had tweeted against the regime. They wanted to know who was behind the account, but the Israeli company refused to say.

Currently, NSO has denied the Haaretz report as well as Edward Snowden’s accusations, calling its contents full of “partial rumors and gossip” and also claiming to be in conformity with “all matters relating to export policies and licenses,” according to a statement.

Pegasus’ use worldwide, according to Citizen Lab:

Meanwhile, Snowden has subsequently pointed out: “Journalists working this story should note that none of NSO Group’s many, many statements made after the Khashoggi murder deny selling their digital weaponry to Saudi Arabia,” and added, “Every country in which this company has operated should be pressured to open criminal investigations.”

Given that we do know that Saudi Arabia and Israel have grown increasingly close in a historically unprecedented covert intelligence sharing partnership over the past at least one year, it’s likely that the Pegasus 3 spyware revelations are merely the tip of the iceberg in terms of what defense technology has already been shared.

We expect to see many more such stories come to light as international media continues its rare scrutiny of MbS and the Saudi regime.

(ZDnet) Many free mobile VPN apps are based in China or have Chinese ownership

(ZDnet) Chinese affiliation raises a sign of alarm in light of China’s recent clampdown of “unauthorized” VPN services.

Roughly 60 percent of the top free mobile VPN apps returned by Google Play Store and Apple Play Store searches are from developers based in China or with Chinese ownership, raising serious concerns about data privacy, a study published today has revealed.

“Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders,” said Simon Migliano, Head of Research at Metric Labs, a company that runs the Top10VPN portal.

The researcher says he analyzed the top 20 free VPN apps that appear in searches for VPN apps on the Google and Apple mobile app stores, for both the US and UK locales.

He says that 17 of the 30 apps he analyzed (10 apps appeared on both stores) had formal links to China, either being a legally registered Chinese entity or by having Chinese ownership, based on business registration and shareholder information Migliano shared with ZDNet.

chinese-vpn-apps.png

“Furthermore, we found the majority of free VPN apps had little-to-no formal privacy protections and non-existent user support,” Migliano said.

The expert says that 86 percent of the apps he analyzed had “unacceptable privacy policies.” For example, some apps didn’t say if they logged traffic, some apps appeared to use generic privacy policies that didn’t even mention the term VPN, while some apps didn’t feature a privacy policy at all. On top of this, other apps admitted in their policies to sharing data with third-parties, tracking users, and sending and sharing data with Chinese third-parties.

Almost half of the free VPN apps also appeared to take the privacy policy as a joke, with some hosting the policy as a plain text file on Pastebin, AWS servers, or raw IP addresses, with no domain name.

In addition, 64 percent of the apps also didn’t bother setting up a dedicated website for their VPN service, operating strictly from the Play Store.

The results of this study should worry VPN users, from both a privacy standpoint, but also from a technical and professional point of view.

The study’s results are also worrisome especially for businesses that use these apps internally or have employees who use the apps without prior approval.

Data exchanged via these VPNs, some of which may be company trade secrets, may end up being logged, and in the worst case scenario logged on Chinese servers, where it may be at the disposal of Chinese authorities, which have a long and well-documented history of hacking, favoring, and helping local businesses at the expense of foreign competitors.

In addition, China has also enacted strict regulation in the past two years that has clamped down on VPN services and has forced local VPN providers to register with state authorities in order to obtain a license to operate in the country.

This regulation has resulted in several arrests, and some VPN operators being sentenced to heavy prison sentences.

Due to its lack of legal boundaries and heavy-handed authoritarian mode of operation, the Chinese state has now a firm grasp on any VPN providers located inside its borders.

According to Migliano, users and companies should rethink their approach of using some of the above-listed apps, on both the grounds of the operator being under the possible influence of the Chinese authoritarian regime, but also due to some of these VPN provider’s poor to privacy policies, a sign that they don’t really value customer privacy as well.

Migliano’s report, available here, lists all the problems he discovered with each of the 30 VPN apps in finer detail.

(NYT) At China’s Internet Conference, a Darker Side of Tech Emerges

(NYT)

Facial recognition is a hot area in Chinese tech, furthering the development of both funny video selfies and smart surveillance cameras.CreditCreditJonathan Browning for The New York Times

WUZHEN, China — Every year at the World Internet Conference, held since 2014 in the photogenic canal town of Wuzhen near Shanghai, companies and government officials have convened to send a message: China is a high-tech force to be reckoned with.

With that message now settled beyond much doubt, this year’s conference showcased something different. China’s tech industry is becoming more serious about grappling with its products’ unintended consequences — and about helping the government.

Discussions of technology’s promise were leavened with contemplation of its darker side effects, such as fraud and data breaches. A forum on protecting personal information featured representatives from China’s highest prosecutor and its powerful internet regulator. And several tech companies pledged their support for Beijing’s counterterrorism efforts, even as China faces international criticism for detaining and indoctrinating Muslims in the name of fighting terrorism in the western region of Xinjiang.

Please disable your ad blocker
Advertising helps fund Times journalism.

“Tencent has been dedicated to dealing with terrorist information online and other internet crimes, in line with the government’s crackdown,” Chen Yong, an executive in Tencent’s security management department, said at the event.

Image
A robot that senses your hand movement and matches it on the screen was on display at the World Internet Conference in Wuzhen, China, this week.CreditJonathan Browning for The New York Times

The conference, which ends Friday, also reflected some new challenges facing China. It was held at the same time as another big event: a six-day import expo in Shanghai aimed at showing China as a big buyer of foreign goods. With American tariffs threatening to slow a weakening Chinese economy, the country’s leader, Xi Jinping, spoke at the expo on Monday to proclaim that China could be a positive force in global trade.

At Wuzhen, by contrast, Mr. Xi appeared only by proxy. The head of the Communist Party’s propaganda department, Huang Kunming, conveyed a message of thanks from Mr. Xi and then delivered an opening address that extolled the world-changing power of internet access.

Emissaries from Silicon Valley were also in short supply. Last year, the speakers at Wuzhen included Tim Cook, Apple’s chief executive, as well as Sundar Pichai of Google. This year, the sole Western tech executive to give a keynote address was Steve Mollenkopf, the chief executive of the chip maker Qualcomm.

His appearance served as a reminder of American companies’ continuing travails in China, which could deepen as the two powers wrestle over high-tech supremacy. Qualcomm scrapped a $44 billion deal to buy a Dutch chip manufacturer this year after China’s antitrust authorities declined to approve it, a move widely viewed as retaliation in the trade war.

China’s technology industry is becoming more serious about grappling with its products’ unintended consequences — and about helping the government.CreditJonathan Browning for The New York Times

Among Chinese companies this week, private enterprises showed off the ways in which they increasingly support and work with the government, while state-backed companies demonstrated they were not doomed to be tech laggards.

The Tencent executive, Mr. Chen, described in an interview the company’s relationship with law enforcement.

Political activists have reported being followed based on what they have said on WeChat. Chat records have turned up as evidence in court, fueling speculation about whether Tencent, the app’s developer, may be the source.

Mr. Chen said Tencent reports illegal activity discovered on its platforms to the government, after which the authorities can request specific user information. Metadata describing when and where users logged into a Tencent app can be stored for up to six months, he said. But Mr. Chen denied that the company gave law enforcement officials a back door through which they could freely peruse chat records and user data.

The company IrisKing, which has significant government support, makes tools that are helping to recover trafficked children in China. It is also working with authorities in Xinjiang to compile a database of all its residents’ irises.CreditJonathan Browning for The New York Times

“We only store the content that the law prescribes,” he said. “However long the law says to store it, that’s how long we store it. Whatever the law says to store, that’s what we store.”

In the conference’s exhibition halls, there were lighter touches to be found. A company called Utry let loose several eager, if herky-jerky, robots that followed people around on wheels, offering to carry their bags. Kuaishou, the maker of a popular video app, demonstrated its facial-recognition prowess by scanning visitors’ faces and then, within seconds, displaying who in its vast video library most resembled them. (The results varied.)

Facial recognition is a hot area in Chinese tech, providing the technology behind both funny video selfies and smart surveillance cameras. One company attending the conference is taking things a step further.

IrisKing, which is based in Beijing and has substantial state backing, started out by making iris-recognition software for coal mines. With their faces and fingertips covered in soot, miners needed another technology for clocking in and out of work.

Now, IrisKing’s tools also help identify refugees in Syria and recover trafficked children in China, said Wang Xintao, a marketing manager for the company.

The company has also started working with the authorities in Xinjiang, Mr. Wang said. The goal? To have a database of the irises of all Xinjiang residents within two years, he said.

 

(Reuters) Portugal to build satellite launch pad, lab with China

(Reuters) Portugal plans to build an international launch pad for small satellites in the Azores and has agreed with China to set up a joint research centre to make satellites on the mainland, its science and technology minister said on Tuesday.

The government has received tentative proposals from 14 consortiums from Europe, the United States and Russia to design the launch pad jointly with local organisations, and to use the site in the future, Manuel Heitor said.

During the Web Summit – Europe’s largest technology conference taking place in Lisbon this week – Heitor told reporters the “space port” on the mid-Atlantic island of Santa Maria should be ready for commercial launches by mid-2021.

Portugal aims to pick the winning offer by mid-2019.

Heitor also announced the 50 million euro ($57 million) joint project with China, to be funded in equal parts by the two countries and envisaging a laboratory in Portugal next year.

The micro satellites to be designed there will connect with land- and ocean-based sensors to collect data used in agriculture, fishery and oceanography.

Portugal’s funding for satellite research will come from state and private sources and involve local company Tekever, which makes surveillance drones for military and civilian applications, including searching for migrants from Africa.

(AFP) Under fire tech sector gathers in Portugal

(AFP)

© AFP | Web Summit’s Irish chief executive Paddy Cosgrave says technology is going through ‘a funk’
LISBON (AFP) – Europe?s largest tech event, the Web Summit, gets underway in Lisbon on Monday amid a backlash over internet firms’ role in spreading “fake news” and how they use consumer data.

Some 70,000 people are expected to take part in the four-day gathering, dubbed “the Davos for geeks”, including speakers from leading global tech companies, politicians and start-ups hoping to attract attention from the over 1,500 investors who are scheduled to attend.

But this time around tech firms find themselves on the defensive, with critics accusing them of not doing enough to curb the spread of “fake news” which has helped polarise elections campaigns around the world, and of maximising profits by harvesting data on consumers? browsing habits.

Employees of Google, Facebook and other tech giants have in recent months gone public with their regrets, calling the products they helped build harmful to society and overly addictive.

“I think technology is going through a funk… it’s a period of reflexion,” Web Summit founder and CEO Paddy Cosgrave told AFP ahead of the official opening of the event.

“With every new technology you go through these cycles. The initial excitement of the printed press was replaced in time by a great fear that it was actually a bad thing. Over time it has actually worked out OK.”

– Engine of division –

The British computer scientist who in 1989 invented the worldwide web as a way to exchange information, Tim Berners-Lee, is expected to call for a new “contract” for the internet during his opening address to the gathering later on Monday.

He has just launched Inrupt, a start-up which is building an open source platform called “Solid” which will decentralise the web and allow users to choose where their data is kept, along with who can see and access it.

“For all the good we?ve achieved, the web has evolved into an engine of inequity and division; swayed by powerful forces who use it for their own agendas,” he wrote in a blog post describing the project.

Solid intends to allow users to bypass tech giants such as Google and Facebook. The two tech giants now have direct influence over nearly three quarters of all internet traffic thanks to the vast amounts of apps and services they own such as YouTube, WhatsApp and Instagram.

Tech giants are also under fire having built up virtual monopolies in their areas.

Amazon for example accounts for 93 percent of all e-book sales while Google swallows up 92 percent of all European internet-search ad spending.

– Violent voices magnified –

Among those expected to speak at the event is Christopher Wylie, a whistleblower who earlier this year said users? data from Facebook was used by British political consultancy Cambridge Analytica to help elect US President Donald Trump — a claim denied by the company.

Another tech veteran who has become critical of the sector, Twitter co-founder Ev Williams, will on Thursday give the closing address of the event.

He left Twitter in 2011 and went on to co-found online publishing platform Mash, which is subscription based and unlike Twitter favours in-depth writing about issues.

“We got used to everything being free and we underestimated the cost of that,” he told the New York Times in May, adding “there?s clearly an appetite now for content platforms to be regulated”.

The problem with the current model is that negative stories get more attention online, and thus gain more advertisers, according to Mitchell Baker, the president of the Mozilla Foundation, a non-profit organisation which promotes Internet innovation.

“Today everyone has a voice but the problem is… the loudest and often most violent voices get magnified because the most negative, scariest things attract our attention,” she told AFP in a recent interview.

The Web Summit was launched in Dublin in 2010 and moved to Lisbon six years later. The Portuguese government estimates the event will generate 300 million euros ($347 million) for Lisbon in hotel and other revenues.

(CNBC) Tim Cook: Personal data collection is being ‘weaponized against us with military efficiency’

(CNBC)

  • Apple and its CEO have long touted personal privacy, distancing themselves from recent, growing scandals among tech companies — but the comments from Cook are some of the strongest to date.
  • CEO Tim Cook said the business of selling ads against personal data has become a “data industrial complex” and stopped just short of naming tech giants like Facebook and Google in his criticisms.
Apple backs federal privacy laws in the US, says Tim Cook

Apple backs federal privacy laws in the US, says Tim Cook  

“Every day, billions of dollars change hands, and countless decisions are made, on the basis of our likes and dislikes, our friends and families, our relationships and conversations. Our wishes and fears, our hopes and dreams,” Cook said. “These scraps of data, each one harmless enough on its own, are carefully assembled, synthesized, traded, and sold.”

“Your profile is then run through algorithms that can serve up increasingly extreme content, pounding our harmless preferences into hardened convictions,” Cook said.

Apple and its chief executive have long touted personal privacy, distancing themselves from recent, growing scandals among tech companies — but the comments from Cook are some of the strongest to date.

He said the business of selling ads against personal data has become a “data industrial complex,” but stopped short of naming tech giants like Facebook and Google in his criticisms. However, Facebook and Google are the two largest companies that make money selling ads the way Cook described.

“We shouldn’t sugarcoat the consequences. This is surveillance. And these stockpiles of personal data serve only to enrich the companies that collect them,” Cook said. “This should make us very uncomfortable. It should unsettle us.”

GDPR: Why everyone is freaking out over four letters

GDPR: Why everyone is freaking out over four letters  

Cook’s comments at the 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC) received warm applause in the Belgian capital.

Many of the world’s data protection regulators gathered in Brussels — a city increasingly at the forefront of tech regulation — as the conference coincided with the introduction of General Data Protection Regulation (GDPR) earlier this year.

GDPR refers to a piece of legislation that aims to give consumers control of personal data collected by tech companies. It came into force in May, just weeks after the Cambridge Analytica data misuse scandal enveloped Facebook — and raised the profile of data protection as a consumer need.

The scandal also prompted governments worldwide to finally consider taking action against an often-overlooked area of law. But, U.S. lawmakers are seen as lagging behind their European peers.

Apple’s chief executive lauded the “successful implementation” of GDPR on Wednesday. And, in a thinly-veiled message to tech behemoths stateside, Cook insisted U.S.-based companies had no need to fear more stringent privacy regulation laws.

“This crisis is real. It is not imagined, or exaggerated, or crazy. And those of us who believe in technology’s potential for good must not shrink from this moment,” Cook said.

“We at Apple are in full support of a comprehensive federal privacy law in the United States. There, and everywhere, it should be rooted in four essential rights,” Cook said — the right to have personal data minimized, the right to knowledge, the right to access, and the right to security, he said.

—CNBC’s Josh Lipton contributed to this report.

Here’s Cook’s full speech:

Good morning.

It is an honor to be here with you today in this grand hall, a room that represents what is possible when people of different backgrounds, histories and philosophies come together to build something bigger than themselves.

I am deeply grateful to our hosts. I want to recognize Ventsislav Karadjov for his service and leadership. And it’s a true privilege to be introduced by his co-host, a statesman I admire greatly, Giovanni Butarelli.

Now Italy has produced more than its share of great leaders and public servants. Machiavelli taught us how leaders can get away with evil deeds, and Dante showed us what happens when they get caught.

Giovanni has done something very different. Through his values, his dedication, his thoughtful work, Giovanni, his predecessor Peter Hustinx — and all of you — have set an example for the world. We are deeply grateful.

We need you to keep making progress — now more than ever. Because these are transformative times. Around the world, from Copenhagen to Chennai to Cupertino, new technologies are driving breakthroughs in humanity’s greatest common projects. From preventing and fighting disease, to curbing the effects of climate change, to ensuring every person has access to information and economic opportunity.

At the same time, we see vividly — painfully — how technology can harm rather than help. Platforms and algorithms that promised to improve our lives can actually magnify our worst human tendencies. Rogue actors and even governments have taken advantage of user trust to deepen divisions, incite violence and even undermine our shared sense of what is true and what is false.

This crisis is real. It is not imagined, or exaggerated, or crazy. And those of us who believe in technology’s potential for good must not shrink from this moment.

Now, more than ever — as leaders of governments, as decision-makers in business and as citizens — we must ask ourselves a fundamental question: What kind of world do we want to live in?

I’m here today because we hope to work with you as partners in answering this question.

At Apple, we are optimistic about technology’s awesome potential for good. But we know that it won’t happen on its own. Every day, we work to infuse the devices we make with the humanity that makes us. As I’ve said before, technology is capable of doing great things. But it doesn’t want to do great things. It doesn’t want anything. That part takes all of us.

That’s why I believe that our missions are so closely aligned. As Giovanni puts it, we must act to ensure that technology is designed and developed to serve humankind, and not the other way around.

We at Apple believe that privacy is a fundamental human right. But we also recognize that not everyone sees things as we do. In a way, the desire to put profits over privacy is nothing new.

As far back as 1890, future Supreme Court Justice Louis Brandeis published an article in the Harvard Law Review, making the case for a “Right to Privacy” in the United States.

He warned: “Gossip is no longer the resource of the idle and of the vicious, but has become a trade.”

Today that trade has exploded into a data industrial complex. Our own information, from the everyday to the deeply personal, is being weaponized against us with military efficiency.

Every day, billions of dollars change hands and countless decisions are made on the basis of our likes and dislikes, our friends and families, our relationships and conversations, our wishes and fears, our hopes and dreams.

These scraps of data, each one harmless enough on its own, are carefully assembled, synthesized, traded and sold.

Taken to its extreme, this process creates an enduring digital profile and lets companies know you better than you may know yourself. Your profile is then run through algorithms that can serve up increasingly extreme content, pounding our harmless preferences into hardened convictions. If green is your favorite color, you may find yourself reading a lot of articles — or watching a lot of videos — about the insidious threat from people who like orange.

In the news almost every day, we bear witness to the harmful, even deadly, effects of these narrowed worldviews.

We shouldn’t sugarcoat the consequences. This is surveillance. And these stockpiles of personal data serve only to enrich the companies that collect them.

This should make us very uncomfortable. It should unsettle us. And it illustrates the importance of our shared work and the challenges still ahead of us.

Fortunately this year you’ve shown the world that good policy and political will can come together to protect the rights of everyone. We should celebrate the transformative work of the European institutions tasked with the successful implementation of the GDPR. We also celebrate the new steps taken, not only here in Europe, but around the world. In Singapore, Japan, Brazil, New Zealand and many more nations, regulators are asking tough questions and crafting effective reforms.

It is time for the rest of the world — including my home country — to follow your lead.

We at Apple are in full support of a comprehensive federal privacy law in the United States. There and everywhere, it should be rooted in four essential rights: First, the right to have personal data minimized. Companies should challenge themselves to de-identify customer data — or not to collect it in the first place. Second, the right to knowledge. Users should always know what data is being collected and what it is being collected for. This is the only way to empower users to decide what collection is legitimate and what isn’t. Anything less is a sham. Third, the right to access. Companies should recognize that data belongs to users, and we should all make it easy for users to get a copy of, correct and delete their personal data. And fourth, the right to security. Security is foundational to trust and all other privacy rights.

Now, there are those who would prefer I hadn’t said all of that. Some oppose any form of privacy legislation. Others will endorse reform in public, and then resist and undermine it behind closed doors.

They may say to you, “Our companies will never achieve technology’s true potential if they are constrained with privacy regulation.” But this notion isn’t just wrong, it is destructive.

Technology’s potential is, and always must be, rooted in the faith people have in it, in the optimism and creativity that it stirs in the hearts of individuals, in its promise and capacity to make the world a better place.

It’s time to face facts. We will never achieve technology’s true potential without the full faith and confidence of the people who use it.

At Apple, respect for privacy — and a healthy suspicion of authority — have always been in our bloodstream. Our first computers were built by misfits, tinkerers and rebels — not in a laboratory or a board room, but in a suburban garage. We introduced the Macintosh with a famous TV ad channeling George Orwell’s 1984 — a warning of what can happen when technology becomes a tool of power and loses touch with humanity.

And way back in 2010, Steve Jobs said in no uncertain terms: “Privacy means people know what they’re signing up for, in plain language, and repeatedly.”

It’s worth remembering the foresight and courage it took to make that statement. When we designed this device we knew it could put more personal data in your pocket than most of us keep in our homes. And there was enormous pressure on Steve and Apple to bend our values and to freely share this information. But we refused to compromise. In fact, we’ve only deepened our commitment in the decade since.

From hardware breakthroughs that encrypt fingerprints and faces securely — and only — on your device, to simple and powerful notifications that make clear to every user precisely what they’re sharing and when they are sharing it.

We aren’t absolutists, and we don’t claim to have all the answers. Instead, we always try to return to that simple question: What kind of world do we want to live in?

At every stage of the creative process, then and now, we engage in an open, honest and robust ethical debate about the products we make and the impact they will have. That’s just a part of our culture.

We don’t do it because we have to. We do it because we ought to. The values behind our products are as important to us as any feature.

We understand that the dangers are real — from cyber-criminals to rogue nation states. We’re not willing to leave our users to fend for themselves. And we’ve shown we’ll defend those principles when challenged.

Those values — that commitment to thoughtful debate and transparency — they’re only going to get more important. As progress speeds up, these things should continue to ground us and connect us, first and foremost, to the people we serve.

Artificial Intelligence is one area I think a lot about. Clearly it’s on the minds of many of my peers as well.

At its core, this technology promises to learn from people individually to benefit us all. Yet advancing AI by collecting huge personal profiles is laziness, not efficiency. For artificial intelligence to be truly smart, it must respect human values, including privacy.

If we get this wrong, the dangers are profound.

We can achieve both great artificial intelligence and great privacy standards. It’s not only a possibility, it is a responsibility.

In the pursuit of artificial intelligence, we should not sacrifice the humanity, creativity and ingenuity that define our human intelligence.

And at Apple, we never will.

In the mid-19th century, the great American writer Henry David Thoreau found himself so fed up with the pace and change of industrial society that he moved to a cabin in the woods by Walden Pond.

Call it the first digital cleanse.

Yet even there, where he hoped to find a bit of peace, he could hear a distant clatter and whistle of a steam engine passing by. “We do not ride on the railroad,” he said. “It rides upon us.”

Those of us who are fortunate enough to work in technology have an enormous responsibility.

It is not to please every grumpy Thoreau out there. That’s an unreasonable standard, and we’ll never meet it.

We are responsible, however, for recognizing that the devices we make and the platforms we build have real, lasting, even permanent effects on the individuals and communities who use them.

We must never stop asking ourselves, what kind of world do we want to live in?

The answer to that question must not be an afterthought, it should be our primary concern.

We at Apple can — and do — provide the very best to our users while treating their most personal data like the precious cargo that it is. And if we can do it, then everyone can do it.

Fortunately, we have your example before us.

Thank you for your work, for your commitment to the possibility of human-centered technology, and for your firm belief that our best days are still ahead of us.

Thank you very much.

(NYT) Google Turns Over Identities of Bloggers on Benfica

(NYT

Benfica’s enormous popularity in Portugal has taken a hit the past year as blogs released damaging confidential information about the club.CreditCreditManuel De Almeida/EPA, via Shutterstock

Google Inc. and other internet service providers have turned over confidential user information to a Portuguese soccer team that may help it identify anonymous bloggers who have written about allegations of wrongdoing against the team.

The information was turned over as part of a lawsuit filed by the team, the Lisbon-based Benfica, earlier this year in United States District Court in California as part of an effort to stop the bloggers.

Benfica, the serial national champion, has been battling a tide of leaked information for much of the past year that has cast a negative shadow over it . The leaks have been drip-fed onto a specially created website since December, producing sensational headlines and leading to a crisis within a club that counts some of the country’s most important politicians and business figures as members.

However, Benfica was unable to stop the leaks through Portugal’s legal system. So the club, a two-time European champion, turned in April to California’s courts. It issued subpoenas to Google and a handful of other companies that own the platforms used by the bloggers.

The efforts have paid off. “We only confirm that we made agreements with those digital platforms,” said a spokesman for Benfica. He declined to provide further details of the information the team received.

In a statement, Google said it complied with the legal process. “Google gave notice to impacted users who then had an opportunity to challenge the legal process in a U.S. court,” said a spokeswoman for the company.

The owner of the popular Artista do Dia blog is among those whose user identity has very likely been passed on to Benfica by Google. He received an email from Google in September telling him he could try to quash Benfica’s demand through a legal challenge.

Faced with thousands of dollars of legal fees, the author, whose identity The New York Times has been confirmed, was only able to reply with an impassioned email, in which he outlined that he had not been responsible for the leak, and like many others, had written about a subject of enormous public interest.

“I thought Google and billions of users of Google services were protected by a company with principles and, above all, respect for users who trust their platforms,” said the writer, a professional services worker with two children. “I think it opens a very serious precedent that will only allow those with financial possibilities to remain anonymous.”

Benfica’s status within Portugal is immense. The team counts at least half of the country’s 10 million citizens as fans, the weight of which gives it a greater cultural and social significance than most ordinary sports teams. Even in good times, details of exploits inside its Estadio da Luz home dominate local media.

Image
Porto’s Portuguese coach Sergio Conceicao, who leads one of Benfica’s top rivals.CreditFrancisco Leong/Agence France-Presse — Getty Images

The leaks, which began last year, have purported to show influence peddling schemes that targeted top soccer officials and, perhaps most worryingly for the club, efforts to influence the refereeing system. Benfica denies wrongdoing. It has separately been charged with illegally obtaining confidential information from a mole working inside the justice ministry.

The bloggers’ cases are not without precedent. They are similar to a yearslong legal battle between Chevron and internet providers Google, Yahoo and Microsoft in which the company sought identity information belonging to activists, attorneys, journalists and others who have spoken out against the company.

Albert Gidari, consulting director of privacy at the Stanford Center for Internet and Society, said under current regulations Google had little option but to comply with Benfica’s subpoena. Internet companies get hundreds of thousands of similar requests, said Gidari, who spent 20 years representing some of the world’s biggest technology companies including Google. “It isn’t scalable to know what’s behind each case,” he said.

Google already goes “one step beyond” what it is required to do by giving notice of the subpoena to users, he added.

Benfica’s search for the bloggers and web users has dominated the headlines since The New York Times first reported on the issue earlier this month. Benfica fans have also tried to unmask the identity of those behind the blogs. In at least one case, the name and photograph of a man suspected of being one of the bloggers was widely circulated on the internet but turned out to be wrong.

Fans of Benfica’s rivals, Sporting Clube de Portugal and F.C. Porto, are behind most of the blogs the team is targeting for legal action. Benfica alleges the two other teams are part of a conspiracy to discredit it, a claim that is typical in soccer in Portugal, where club executives frequently launch allegations against one another. The leaks first appeared on a weekly television show on Porto’s channel, before a website called O Mercado de Benfica appeared in December 2017.

Porto’s communications director Francisco Marques said he received the data anonymously from an individual purporting to be a fan of the club. Marques said he passed all the files he received to the police. He suspects the website publishing the leaked information is run by the same person.

In its lawsuit in California, Benfica claimed the details published online were “trade secrets” that buttressed its success in winning championships and cultivated an academy system that generated “more than any other club in the world” in player sales this decade. The claim did not mention police raids on Benfica’s offices or ongoing investigations into alleged results manipulation and corruption it faces.

“Despite commencing numerous actions, both civil and criminal, in Portugal, Benfica has thus far been unable to stem the tide of stolen information or identify the thieves. It is clear to Benfica that only with the cooperation of the hosting organizations will Benfica be able to stop the campaign to discredit it,” its U.S. lawyers wrote.

Gidari, the former privacy lawyer, said the suit seemed similar to others brought by other large organizations confronting the public disclosure of damaging information.

He added that though in some cases there may be valid reasons behind subpoenas, they are often “strategic lawsuits brought to silence critics.”

(WSJ) Google Exposed User Data, Feared Repercussions of Disclosing to Public

(WSJGoogle opted not to disclose to users its discovery of a bug that gave outside developers access to private data. It found no evidence of misuse.

Google Chief Executive Sundar Pichai was briefed on a plan not to notify users of a software glitch that gave outside developers potential access to private data.
Google Chief Executive Sundar Pichai was briefed on a plan not to notify users of a software glitch that gave outside developers potential access to private data. PHOTO: DAVID PAUL MORRIS/BLOOMBERG NEWS

Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, according to people briefed on the incident and documents reviewed by The Wall Street Journal.

As part of its response to the incident, the Alphabet Inc. GOOGL 2.73% unit on Monday announced a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+. The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook Inc. FB 0.25% and is widely seen as one of Google’s biggest failures.

A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google’s legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica.

Chief Executive Sundar Pichai was briefed on the plan not to notify users after an internal committee had reached that decision, the people said.

The closure of Google+ is part of a broader review of privacy practices by Google that has determined the company needs tighter controls on several major products, the people said. In its announcement Monday, the company said it is curtailing the access it gives outside developers to user data on Android smartphones and Gmail.

Social Bug

How a software glitch allowed app developers to potentially access Google+ user data

2

1

User A signs up to Google+ and fills out profile fields: name, employer, job title, gender, birth date and relationship status.

User A goes into privacy settings to make profile data viewable only to certain friends on Google+, including User B.

User B signs up for an app that asks the user to log in using Google+ credentials. The user gives the app permission to access profile information.

The app developer collects data on User B. Because of the software glitch, the developer can also collect User A’s private profile data.

Google discovered and fixed the glitch in March 2018. It found no evidence of misuse of data.

Sources: People briefed on the incident and documents reviewed by The Wall Street Journal

The episode involving Google+, which hasn’t been previously reported, shows the company’s concerted efforts to avoid public scrutiny of how it handles user information, particularly at a time when regulators and consumer privacy groups are leading a charge to hold tech giants accountable for the vast power they wield over the personal data of billions of people.

The snafu threatens to give Google a black eye on privacy after public assurances that it was less susceptible to data gaffes like those that have befallen Facebook. It may also complicate Google’s attempts to stave off unfavorable regulation in Washington. Mr. Pichai recently agreed to testify before Congress in the coming weeks.

The Meaning of Life According to Google

The Meaning of Life According to Google

​Google handles 90% of the world’s internet searches, and it increasingly is promoting a single answer for many questions. Even subjective or unanswerable queries sometimes get seemingly definitive answers. Here’s how the algorithms are — and aren’t — working. Video/Photo Illustration: Heather Seidel/The Wall Street Journal

“Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” a Google spokesman said in a statement.

In weighing whether to disclose the incident, the company considered “whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response,” he said. “None of these thresholds were met here.”

The internal memo from legal and policy staff says the company has no evidence that any outside developers misused the data but acknowledges it has no way of knowing for sure. The profile data that was exposed included full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status; it didn’t include phone numbers, email messages, timeline posts, direct messages or any other type of communication data, one of the people said.

Google makes user data available to outside developers through more than 130 different public channels known as application programming interfaces, or APIs. These tools usually require a user’s permission to access any information, but they can be misused by unscrupulous actors posing as app developers to gain access to sensitive personal data.

A privacy task force formed inside Google, code named Project Strobe, has in recent months conducted a companywide audit of the company’s APIs, according to the people briefed on the process. The group is made up of more than 100 engineers, product managers and lawyers, the people said.

In a blog post on Monday, Google said it plans to clamp down on the data it provides outside developers through APIs. The company will stop letting most outside developers gain access to SMS messaging data, call log data and some forms of contact data on Android phones, and Gmail will only permit a small number of developers to continue building add-ons for the email service, the company said.

Google faced pressure to rein in developer access to Gmail earlier this year, after a Wall Street Journal examination found that developers commonly use free email apps to hook users into giving up access to their inboxes without clearly stating what data they collect. In some cases, employees at these app companies have read people’s actual emails to improve their software algorithms.

The coming changes are evidence of a larger rethinking of data privacy at Google, which has in the past placed relatively few restrictions on how external apps access users’ data, provided those users give permission. Restricting access to APIs will hurt some developers who have been helping Google build a universe of useful apps.

The Google+ data problem, discovered as part of the Strobe audit, was the result of a flaw in an API Google created to help app developers access an array of profile and contact information about the people who sign up to use their apps, as well as the people they are connected to on Google+. When a user grants a developer permission, any of the data they entered into a Google+ profile can be collected by the developer.

In March of this year, Google discovered that Google+ also permitted developers to retrieve the data of some users who never intended to share it publicly, according to the memo and two people briefed on the matter. Because of a bug in the API, developers could collect the profile data of their users’ friends even if that data was explicitly marked nonpublic in Google’s privacy settings, the people said.

During a two-week period in late March, Google ran tests to determine the impact of the bug, one of the people said. It found 496,951 users who had shared private profile data with a friend could have had that data accessed by an outside developer, the person said. Some of the individuals whose data was exposed to potential misuse included paying users of G Suite, a set of productivity tools including Google Docs and Drive, the person said. G Suite customers include businesses, schools and governments.

Because the company kept a limited set of activity logs, it was unable to determine which users were affected and what types of data may potentially have been improperly collected, the two people briefed on the matter said. The bug existed since 2015, and it is unclear whether a larger number of users may have been affected over that time.

Gmail scanned messages and sold ads related to their content, a practice that privacy groups said was a violation of user trust. Google responded that other email providers were already using computers to scan email to protect against spam and hackers, and that showing ads helped offset the cost of its free service. In 2014, Google stopped scanning inboxes of student, business and government users and last year said it was halting all Gmail scanning for ads.

2010: Buzz

Debut of Google Buzz was fumbled when the social site publicly displayed the contact lists of its users, leading to a probe by the Federal Trade Commission. Google settled with the FTC in 2011 and agreed to undergo 20 years of privacy audits by the agency. At the time of the settlement, Google said in a blog post that the Buzz launch “fell short of our usual standards for transparency and user control.”

2010: Street View

Google said its Street View camera cars collected private data through wireless networks while driving by people’s homes. Google stopped collecting Street View images in some countries as a result.

2013: Glass

Google Glass, a wearable computer headset with the ability to record video, was seen by some as a privacy intrusion when people began wearing them into private spaces like bathrooms. Google stopped selling the device to consumers and retooled it for professionals.

2013: Prism

Leaks revealed Google was part of a program called Prism, which allowed the U.S. National Security Agency to collect data on internet users. Google denied it ever gave the government direct access to its servers.

2018: YouTube

Privacy groups complained YouTube violated a federal law protecting children’s privacy by collecting data from users under 13. The company said users under 13 aren’t permitted to use YouTube. Google and the FTC have said they will evaluate the complaint.

2018: Android

The Associated Press found that Google collects location data of Android users even after their “location history” is turned off, a policy called misleading by privacy groups and lawmakers. Google told the AP that its descriptions of its location tools are clear.

2018: Google+

A software bug gave outside developers access to the private user profile data of a half-million Google+ users, and executives decided not to inform the public, partly out of fear of regulatory scrutiny. Google officials said the incident didn’t rise to the threshold of alerting users, and found no evidence any of the data were accessed..

Google believes up to 438 applications had access to the unauthorized Google+ data, the people said. Strobe investigators, after testing some of the apps and checking to see if any of the developers had previous complaints against them, determined none of the developers looked suspicious, the people said. The company’s ability to determine what was done with the data was limited because the company doesn’t have “audit rights” over its developers, the memo said. The company didn’t call or visit with any of the developers, the people said.

The question of whether to notify users went before Google’s Privacy and Data Protection Office, a council of top product executives who oversee key decisions relating to privacy, the people said.

Internal lawyers advised that Google wasn’t legally required to disclose the incident to the public, the people said. Because the company didn’t know what developers may have what data, the group also didn’t believe notifying users would give any actionable benefit to the end users, the people said.

The memo from legal and policy staff wasn’t a factor in the decision, said a person familiar with the process, but reflected internal disagreements over how to handle the matter.

The document shows Google officials felt that disclosure could have serious ramifications. Revealing the incident would likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal,” the memo said. It “almost guarantees Sundar will testify before Congress.”

A range of factors go into determining whether a company must notify users of a potential data breach. There is no federal breach notification law in the U.S., so companies must navigate a patchwork of state laws with differing standards, said Al Saikali, a lawyer with Shook, Hardy & Bacon LLP. He isn’t affiliated with any of the parties.

While many companies wouldn’t notify users if a name and birth date were accessed, some firms would, Mr. Saikali said. Some firms notify users even when it is unclear that the data in question was accessed, he said. “Fifty percent of the cases I work on are judgment calls,” he said. “Only about half the time do you get conclusive evidence that says that this bad guy did access information.”

Europe’s General Data Protection Regulation, which went into effect in May of this year, requires companies to notify regulators of breaches within 72 hours, under threat of a maximum fine of 2% of world-wide revenue. The information potentially leaked via Google’s API would constitute personal information under GDPR, but because the problem was discovered in March, it wouldn’t have been covered under the European regulation, Mr. Saikali said.

Google could also face class-action lawsuits over its decision not to disclose the incident, Mr. Saikali said. “The story here that the plaintiffs will tell is that Google knew something here and hid it. That by itself is enough to make the lawyers salivate,” he said.

In its contracts with paid users of G Suite apps, Google tells customers it will notify them about any incidents involving their data “promptly and without undue delay” and will “promptly take reasonable steps to minimize harm.” That requirement may not apply to Google+ profile data, however, even if it belonged to a G Suite customer.

(CNBC) Roubini doubles down on criticisms of crypto, calls it a ‘stinking cesspool that is in meltdown’

(CNBC)

  • Roubini said a recent sharp downturn in the prices of cryptocurrencies showed that the nascent digital assets have poor fundamentals.
  • On Thursday he said in testimony to U.S. senators that crypto is “the mother or father of all scams and bubbles.”
  • Cryptocurrencies received much attention from major central bankers, financial executives and economists late last year when bitcoin surged close to $20,000.

Nouriel Roubini

Jin Lee | Bloomberg | Getty Images
Nouriel Roubini

The cryptocurrency world is a “stinking cesspool” and is fundamentally worth nothing, according to Nouriel Roubini, the economist famed for predicting the 2008 financial crisis.

In a series of tweets, Roubini said late Thursday that a recent sharp downturn in the prices of cryptocurrencies — which came amid an intense period of selling for global stock markets — showed that the nascent digital assets have poor fundamentals.

Nouriel Roubini

@Nouriel

Yes Whales of the World Do Unite to Prop Up Your Stinking Cesspool That is In Meltdown!! That will save shit-coin land

Prettycynic@prettycynic

I Wish all the Whales would unite and shut this piece of trash up👿🐋 https://twitter.com/Nouriel/status/1050552714705408000 

“The bloodbath is worsening,” he said in a response to one Twitter user, pointing out that digital currencies had fallen much more steeply than equities during Wednesday and Thursday’s sell-offs. “So tell me: which better fundamentals? Can’t convert s—coins into productive manure.”

Nouriel Roubini

@Nouriel

Which fundamentals are improving after a 70-99% implosion? Yesterday even as US stocks were down 3% major crypto-currencies – ETH, XRP, etc – plunged another 10%. The bloodbath is worsening. So tell me: which better fundamentals? Can’t convert shitcoins into productive manure

Ari Paul

@AriDavidPaul

Replying to @OJRenick and 4 others

I don’t see a contradiction. Cryptocurrencies are down across the board 70-99% as we unwind Q4’s speculative bubble. Fundamentals are generally gradually improving as price corrects. Common for equities in recessions too.

Roubini, who has often been referred to as “Dr. Doom” due to his bearish market outlook, is known to be highly skeptical of cryptocurrencies. On Thursday, he said in testimony to U.S. senators that crypto is “the mother or father of all scams and bubbles.”Virtual currencies like bitcoin are known to be highly volatile, sometimes adding or shedding hundreds of dollars in value within hours.

He continued in a separate post: “It is indeed laughable to think that useless crypto-currencies or s—coins have any fundamentals of value. Their fundamental value is ZERO or actually negative … if you price correctly their negative externality of hogging energy and destroying the environment.”

Nouriel Roubini

@Nouriel

It is indeed laughable to think that useless crypto-currencies or shitcoins have any fundamentals of value. Their fundamental value is ZERO or actually negative is if you price correctly their negative externality of hogging energy and destroying the environment

samvega@samvega
Replying to @AriDavidPaul and 5 others

“Fundamentals” of cryptcoins 🙂😃😆😂🤣🙃🙂😋

Cryptocurrencies received much attention from major central bankers, financial executives and economists late last year when the world’s largest by market value, bitcoin, surged to a record high close to $20,000.

Some, including J.P. Morgan CEO Jamie Dimon, had called the phenomenon “tulip mania” — in reference to the bubble in tulip prices in the 17th century — while others have said they favor the underlying blockchain technology associated with cryptocurrencies.

Bitcoinether and XRP — collectively the three largest digital assets by market capitalization — have plummeted from their record highs however. Bitcoin has fallen almost 70 percent since its all-time high; ether, the digital token of the Ethereum blockchain, has plunged more than 85 percent; and XRP, a cryptocurrency promoted by blockchain firm Ripple, has slipped nearly 90 percent.

Prices were seen to stabilize somewhat Friday morning however, with bitcoin barely moving, ether down by 1.9 percent and XRP up 2.2 percent on the day, according to CoinMarkCap data.

(BBG) Autonomous Flights Are One Step Closer to Reality

(BBG) The air cargo industry is already considering one-person flight crews. Self-flying planes may be next.

Aerospace and innovation have gone hand-in-hand since the days of Orville and Wilbur Wright. Airplanes were once simple metal tubes powered by propellers. Long-haul flying meant four engines and at least three pilots on the flight deck at all times.

Today, aircraft require only two pilots and are built mostly of carbon composites. Even on the longest routes—more than 17 hours—regulators permit airlines to fly with merely two engines. Given the inexorable nature of technological evolution, it seems logical to expect that soon only a single pilot will be required. And beyond that, given the advent of driverless technology on the ground and unmanned aircraft above, could pilotless commercial airliners be far off?

A range of companies, from such aerospace giants as Boeing Co. and Airbus SE to tiny startups, are working on various aspects of a difficult puzzle: how to create the next generation of air travel—one whose pilots are far less ubiquitous and new flying vehicles communicate with each other. More important, how is that world to be as safe as the one we’re in now?

“It is not as complicated as it sounds, and it is not as dangerous as it sounds,” said Elpert Hodge, executive vice president of M2C Aerospace Inc., a New England startup working to build a flight system for single-pilot commercial aircraft operations. The startup hopes to meet airlines’ desire to cut costs while addressing a pilot shortage that’s already curtailed air service in some regions. The technology to achieve this is likely to be available soon. The comfort level of regulators and average citizens will almost certainly lag.

“How do we maintain levels of safety that we enjoy today … when you’ve got an artificial intelligence-based system in the cockpit?” Greg Hyslop, Boeing’s chief technology officer, said in September at a conference at the Massachusetts Institute of Technology. “How do you show and certify that to be safe to the point where the flying public would say, ‘Yes, I trust that.’”

Photographer: Akos Stiller/Bloomberg

Airlines are reluctant to even broach the topic, given how passengers may react to being one stricken pilot away from an empty cockpit. And they are more so when it comes to fully automatic aircraft: “It’s certainly not anything that American is working on or trying to make happen,” Doug Parker, chief executive of the world’s largest airline, American Airlines Group Inc., said of autonomous aircraft at an industry forum Sept. 12. “The comfort [pilots] provide is not something that most consumers are going to want to forgo.”

But for the air-cargo industry, where package containers don’t require safety assurances, the prospect of single-pilot operations—and eventually autonomous flight—holds a definite appeal, especially in areas where air cargo growth may outpace pilot supply.

“Clearly, for transporting cargo, you could see autonomous aircraft,” Hyslop said. “It’s going to be much longer, if ever, if we’d see that for passenger travel, though.” That doesn’t matter to Wall Street. Airline analysts are already counting the billions of dollars in savings airlines could reap by culling humans.

“Long-haul commercial flights could see reduced cockpit crews from 2023, shortly after cargo planes,” analysts at UBS Group AG wrote in an extensive July report. They estimated a profit potential of $15 billion for flying with a single pilot and $35 billion if airplanes were to fly themselves.

None of this is as far-fetched as it might seem. Adoption of new technology in aviation has risen significantly over the past few years, according to the UBS report. The analysts conceded, though, that they expect “consumer acceptance to be a challenge.” Surveys by the bank found that 63 percent of people oppose flying in a pilotless aircraft, while only 52 percent were averse to single-pilot planes. Then again, what did people think of autonomous cars just a few years ago?

Photographer: Susana Gonzalez

A key component of airline automation will be AI. As the technology spreads into areas from cars to factories to electronics, more consumers are apt to grow comfortable with it.

“There is a percentage of millennials who have no problem with that,” said Hodge, a former pilot. “So as much as you can demonstrate the safety of it, that’s what brings the public along.” Throw in some cost savings and safety concerns begin to dissipate: The same UBS survey found that 50 percent more people would fly in a single-pilot aircraft if it came with a ticket discount.

The topic has garnered interest in Washington as well. The House version of a budget bill this year funding the Federal Aviation Administration included language that would start a “research and development program in support of single-piloted cargo aircraft assisted with remote piloting and computer piloting.” The measure, which was stripped from the compromise bill signed into law Oct. 5, was introduced by Texas Republican Lamar Smith, chairman of the House Science, Space, and Technology Committee. He sought to address concerns regarding major Chinese investments into AI and autonomous flight, according to a committee staffer.

The Cargo Airline Association, which represents carriers such as FedEx Corp. and United Parcel Service Inc., wasn’t involved in the House bill, said Steve Alterman, the association’s president. While the CAA doesn’t have a position on the idea, pilot associations do: They’re aghast.

“Having anything less than two [pilots] is inviting catastrophe,” said Lee Collins, president of the Coalition of Airline Pilots Associations, which represents more than 30,000 pilots, including those at American Airlines Group Inc. and UPS.

“This technology is neither mature nor proven yet to the extent that it can ensure safety,” Collins said, adding that autonomous piloting systems are “a terrorist hijacker’s absolute dream come true.” Tim Cannoll, president of the Air Line Pilots Association, the largest U.S. pilot union, echoed his concerns in a recent column: “Single-piloted operations should be totally unacceptable to the American public because they are unsafe.”

Pilots argue that aviation requires human judgment in the cockpit to respond to the myriad unexpected events that can befall a flight. And while pilots and their unions have a vested interest in maintaining the two-pilot system, they have ready examples to drive home their point. Several pointed to the engine explosion aboard a Dallas-bound Southwest Airlines Co. flight in April that killed a passenger. It left a hole in the side of the Boeing 737-700’s fuselage, but the pilot was able to land in Philadelphia with no further injuries.

Flight controls in the cockpit of an Airbus SE A350-1000 twinjet passenger aircraft.
Photographer: SeongJoon Cho/Bloomberg

Air travel, goes the common refrain, is the safest form of transport. Over the past 12 years, technological advances have been accompanied by a remarkable increase in safety all while traffic volume doubled. Globally, carriers will fly an estimated 4.4 billion passengers this year, according to the International Air Transport Association. Crashes are rare. In the U.S., there were no airline fatalities from 2009 to 2018—a period of time encompassing almost 100 million flights.

In many respects, modern aircraft are already automated to the degree that pilots spend a lot of time monitoring instruments while the plane flies automatically. But you’d be mistaken if you were to assume this makes them superfluous.

It’s true that a Boeing 787 or Airbus A350 offers tools that a pilot from the 1980s could only dream about. It’s also true that the world’s airspace is more congested and complex than it’s ever been. American, for example, requires that each plane in its fleet conduct an autopilot approach and automated landing at least once every 60 days. The policy doesn’t apply to American’s Boeing 737s, which operate with a different system. The aircraft flies the approach according to the path programmed into the flight management system (FMS), following all speed and altitude restrictions and optimizing the descent. Instruments guide the aircraft to touchdown and braking. The autopilot disengages once the aircraft slows to taxi speed.

These systems are typically used when visibility is extremely limited and weather is unfavorable. As a passenger, you’ll probably never know when your aircraft lands itself; pilots rarely announce the occasions. This technology, which is employed with two pilots are monitoring its performance, increases an airline’s ability to operate in conditions in which a human would be less capable. People get to their destinations, fewer flights are canceled, and the nation’s economy avoids the costs of delays.

But—and this is the key point pilots make—they can intervene at any time to override the machine’s decisions during the approach and landing.

Hodge’s company, M2C Aerospace, is located about 40 miles west of Boston in the town of Milford, Massachusetts. It wants to become a market leader in devising a flight management system (FMS) for commercial aircraft that doesn’t require two pilots, he said. M2C plans to begin simulator testing early next year, followed by test flights with an ATR turboprop aircraft flying from Antigua, his home country—and whose government is among M2C’s investors.

“My thinking to get the FAA on board is being able to demonstrate safety for two years, no mishaps,” said Hodge, a former pilot and entrepreneur who founded cargo carrier Elan Air and later sold it to DHL Express. M2C is also working to raise $15 million to fund its FMS project, which Hodge predicts will see sales of $500 million in two years and $1 billion within five years.

Memphis-based FedEx has expressed interest in purchasing space on an eventual Caribbean single-pilot cargo operation, Hodge said. A FedEx spokeswoman declined to comment.

“Aviation is getting there,” he said. “It’s not if, it’s when.”

(Economist) Wind-powered ships are making a comeback

(Economist) A maritime technology from the 1920s is back in fashion

AN OIL tanker that ferries nearly 110,000 tonnes of the black stuff between the Middle East and Europe does not sound like a green ship. But Maersk Pelican is unique among the world’s biggest cargo ships in that it does not rely on fossil fuels alone for propulsion. On September 29th it arrived in Saudi Arabia on its first voyage since the installation of two 30-metre rotor sails.

Coal- and oil-powered cargo ships wiped out wind power in the 19th century. But interest in wind propulsion, and in rotor sails in particular, is growing as shipping lines seek ways to slash fuel bills. Placed on a ship’s decks, these giant rotating cylinders propel it using the “Magnus effect”, the force that causes a spinning ball to curve through the air.

The concept was demonstrated by Anton Flettner, a German engineer, in the 1920s, but rotor sails failed to catch on, partly because coal was a cheap alternative. The first ones he made were metal and so heavy that they slowed ships.

The rotor sails that Norsepower, a Finnish firm, has developed are made of carbon fibre and are far lighter, says Tuomas Riski, its chief executive. They are also automated, so no extra sailors are needed to operate them, unlike Flettner’s version. As well as Maersk Pelican, Norsepower has already fitted them to several other ships, including Estraden, a ferry which operates between the Netherlands and Britain, and Viking Grace, which sails between Sweden and Finland.

The interest in the sails comes because they can slash fuel bills and emissions, says Tommy Thomassen, chief technical officer of Maersk Tankers. The Maersk Pelican’s two rotor sails will cut its fuel bills by 7-10%, he forecasts; if it added two more that could rise to 15-20%. Such savings help with another priority for the shipping industry; complying with new climate-change targets. In April the International Maritime Organisation, a UN agency, agreed to cut by half the global shipping sector’s carbon emissions from 2008 levels by 2050.

Sails can make serious contributions to that target. Most other technologies (such as adding bulbous bows) shave only a few percent off fuel bills. Electric batteries cannot store enough energy for long sea voyages.

Upfront costs remain a problem. Norsepower’s rotor sails cost €1m-2m ($1.15m-2.3m) to install; it takes five years on average to earn that back in lower fuel bills. Mr Riski hopes to slash that figure to three years by making the sails more cheaply in China. It would then become worthwhile for charterers, which only tend to lease ships for under three years, to install them.

Rotor sails are not the only ones about. Modern versions of the sort of sails fitted to conventional ships, as well as kites attached to the front of the vessel, have also been mooted as energy-saving solutions. But these are a health-and-safety risk to sailors in bad weather. Wind power may be back in fashion but no one needs to mount the rigging.

(RT) Digital strip search: NZ travellers to be fined if they refuse to hand over passwords

(RT)

Digital strip search: NZ travellers to be fined if they refuse to hand over passwords
In what has been described as a “grave invasion of personal privacy,” New Zealand Customs have introduced a new rule that could force tourists and citizens to hand over their device passwords or face a $NZ5000 ($3220) fine.

The Customs and Excise Act 2018, which came into effect on Monday, gives officials authority to access codes, passwords, encryption keys and even fingerprints or any related information that enables access to an electronic device. The rule applies to foreign visitors and New Zealand citizens alike, when the customs officials have “reasonable cause to suspect” a person or their device warrants a digital search.

Authorities are allowed to copy, review and evaluate data from devices and can also remove or hold them for a time “reasonably”necessary to conduct the search. If people refuse a request, they face a fine of $5000 or having their device confiscated so officials can attempt to access it by other means.

Before the rule came into effect, customs officials could demand to see people’s devices, but could not compel them to hand over passwords. The rule doesn’t extend to allowing customs agents to delve into people’s cloud storage, it only applies to what is already on their devices.

New Zealand Customs say the rule is necessary because people carry so much information on their devices, including the “majority of prohibited material and documents.”

It also said that in 2017, border officials examined 537 devices of the 14 million travelers who were searched and they don’t expect an increase as a result of the rule’s implementation.

New Zealand Council for Civil Liberties (CCL) slammed the rule and in a statement highlighted how a serious criminal could “easily store the data on the internet, travel with a wiped phone, and restore it once they enter the country.” It said the rule would mostly affect innocent travellers who will be compelled to hand over access to their personal devices.

RT UK

@RTUKnews

security files found on USB stick dumped in the street – report https://on.rt.com/8qxi 

Heathrow Airport security files found on USB stick dumped in the street – report — RT UK News

Heathrow Airport is investigating how a USB stick with over 170 documents, some of them relating to its security system, ended up on a sidewalk in west London. The stick was handed over to the Mirror…

rt.com

“Nowadays we’ve got everything on our phones; we’ve got all our personal life, all our doctors’ records, our emails, absolutely everything on it, and customs can take that and keep it,” spokesperson Thomas Beagle told TVNZ. “They don’t have to tell you what the cause of that suspicion is, there’s no way to challenge it.””

(NYT) The Flourishing Business of Fake YouTube Views

(NYT) Plays can be bought for pennies and delivered in bulk, inflating videos’

popularity and making the social media giant vulnerable to manipulation.

Martin Vassilev makes a good living selling fake views on YouTube videos. Working from home in Ottawa, he has sold about 15 million views so far this year, putting him on track to bring in more than $200,000, records show.

Mr. Vassilev, 32, does not provide the views himself. His website, 500Views.com, connects customers with services that offer views, likes and dislikes generated by computers, not humans. When a supplier cannot fulfill an order, Mr. Vassilev — like a modern switchboard operator — quickly connects with another.

“I can deliver an unlimited amount of views to a video,” Mr. Vassilev said in an interview. “They’ve tried to stop it for so many years, but they can’t stop it. There’s always a way around.”

After Google, more people search on YouTube than on any other site. It is the most popular platform among teenagers, according to a 2018 study by the Pew Research Center, beating out giants like Facebook and Instagram. With billions of views a day, the video site helps spur global cultural sensations, spawn careers, sell brands and promote political agendas.

Just as other social media companies have been plagued by impostor accounts and artificial influence campaigns, YouTube has struggled with fake views for years.

The fake-view ecosystem of which Mr. Vassilev is a part can undermine YouTube’s credibility by manipulating the digital currency that signals value to users. While YouTube says fake views represent just a tiny fraction of the total, they still have a significant effect by misleading consumers and advertisers. Drawing on dozens of interviews, sales records, and trial purchases of fraudulent views, The New York Times examined how the marketplace worked and tested YouTube’s ability to detect manipulation.

Inflating views violates YouTube’s terms of service. But Google searches for buying views turn up hundreds of sites offering “fast” and “easy” ways to increase a video’s count by 500, 5,000 or even five million. The sites, offering views for just pennies each, also appear in Google search ads.

To test the sites, a Times reporter ordered thousands of views from nine companies. Nearly all of the purchases, made for videos not associated with the news organization, were fulfilled in about two weeks.

One of the businesses was Devumi.com. According to company records, it collected more than $1.2 million over three years by selling 196 million YouTube views. Nearly all the views remain today. An analysis of those records, from 2014 to 2017, shows that most orders were completed in weeks, though those for a million views or more took longer. Providing large volumes cheaply and quickly is often a sign that a service is not offering real viewership.

Devumi’s customers included an employee of RT, a media organization funded by the Russian government, and an employee of Al Jazeera English, another state-backed company. Other buyers were a filmmaker working for Americans for Prosperity, a conservative political advocacy group, and the head of video at The New York Post. (Al Jazeera and The Post said the workers were not authorized to make such purchases and were no longer employed there.)

Multiple musicians bought views to appear more popular: YouTube views factor into metrics from the ratings company Nielsen and song charts including Billboard’s Hot 100.

Some companies bought views for clients with the promise of social media promotion that would result in real people watching their videos.

Dr. Judith Oppenheimer, 78, paid a company $5,000 to promote a book she had self-published in hopes of securing a mainstream deal. Her video soon had over 58,000 views, delivered through Devumi.

“There was no increase in sales and no book deal,” she said. “Soon after I signed the contract I thought, ‘I’ll have no proof of what they do or don’t do.’ Now it begins to make sense. They can do it in a day.”

Purveyors depend on constantly evolving tactics to deliver views, including automated or “bot” traffic and pop-under videos on unsuspecting users’ computers, but YouTube says it has effective processes to defend against these approaches.

“This has been a problem we have been working on for many, many years,” said Jennifer Flannery O’Connor, YouTube’s director of product management. The company’s systems continuously monitor a video’s activity, and the anti-fraud team often buys views to understand better how these sites operate, she said. “Our anomaly detection systems are really good.”

Still, the challenges are significant. At one point in 2013, YouTube had as much traffic from bots masquerading as people as it did from real human visitors, according to the company. Some employees feared this would cause the fraud detection system to flip, classifying fake traffic as real and vice versa — a prospect engineers called “the Inversion.”

“The problem itself was extraordinary,” said Blake Livingston, a member of YouTube’s fraud and abuse team at the time who has since left the company.

But fixes were made that relieved the fake-traffic surge, which YouTube said resulted from an attack against the website.

Years later, the battle against fake views continues, even as YouTube contends with disinformation campaigns, like Russia’s efforts during the 2016 election, and language it considers hate speech, including posts by the recently banned Infowars site.

YouTube would not disclose the number of fake views it blocked each day, but said its teams worked to keep them to less than 1 percent of the total. Still, with the platform registering billions of views a day, tens of millions of fake views could be making it through daily.

“View count manipulation will be a problem as long as views and the popularity they signal are the currency of YouTube,” Mr. Livingston said.

Carlton E. Bynum II runs a website, GetLikes.click, from a home office in Houston that sells YouTube views as well as Instagram and Twitter followers, Facebook likes and SoundCloud plays.Scott Dalton for The New York Times

“I can deliver an unlimited amount of views to a video,” said Martin Vassilev, owner of 500Views.com, a website based in Ottawa. Renaud Philippe for The New York Times

Real Money, Sham Audience

It took Mr. Vassilev about 18 months to go from being on welfare and living with his father in Canada to buying a white BMW 328i and a house of his own.

By late 2014, his website was on the first page of Google search results for buying YouTube views, fulfilling 150 to 200 orders a day and bringing in more than $30,000 a month, he said. “I really couldn’t believe you could make that much money online,” he said. The Times reporter’s order on his site, for 25,000 views, was fulfilled one day later.

A spokeswoman for Google, which is owned by the same company as YouTube, said that sites selling views appeared in search results because they were relevant, but that there was “room for improvement” in warning users.

Mr. Vassilev declined to name his clients but said that many orders came from public relations or marketing firms.

Today, he fills most orders through SMMKings.com, a wholesale supplier run by Sean Tamir, 29. Mr. Tamir charges him about a dollar for a thousand views, which Mr. Vassilev resells for $13.99, throwing in 100 free likes.

Several times a year, YouTube makes changes to its detection system to try to disrupt fake views, Mr. Tamir said. A recent episode came in late January, but many of the sites were functioning a few weeks later when The Times made most of its purchases. Suppliers say they get around system updates by making their traffic appear more humanlike, ensuring that it comes from users with prior views, for example.

One purveyor, Carlton E. Bynum II, 24, uses advertising to attract customers. He collected more than $191,000 in revenue this year but spent over $109,000 in ads that appeared at the top of Google, according to financial records. His site, GetLikes.click, run from a home office in Houston, sells YouTube views as well as Instagram and Twitter followers, Facebook likes and SoundCloud plays.

A spokeswoman for Google, which is owned by the same company as YouTube, said that that sites selling views appeared in search results because they were relevant, but that there was “room for improvement” in warning users.

Google does not allow ads with terms like “buy YouTube views.” But Mr. Bynum said one workaround was to misspell the words and submit an ad multiple times if it was denied at first. When asked about advertising for paid YouTube views, Google removed some of the ads, including Mr. Bynum’s, but similar ones returned after two weeks.

Before Mr. Bynum sold views, he was buying them for himself. After he was discharged from the Marine Corps last year, he began posting product reviews on YouTube and taking a cut when visitors made purchases using his links. The views he bought would often cause his videos to rank higher than his competitors’ in search, he said. The effect would snowball: His videos would gain traffic through search, and he would make more money. (A YouTube spokeswoman said views were just one factor among many that affected search rankings.)

“It worked great,” he said. “I can get views within a day. I can get likes within hours.”

Mr. Bynum said he believed real people were watching his videos. “But let’s say there’s a small chance I’m wrong and it is bots,” he said. “Their videos are still getting ranked.”

Mr. Vassilev, who also said he used fake views to increase the search ranking of videos promoting his website, makes no pretense that what he is selling is authentic viewership. “It’s impossible,” he said.

“They told me if I got a certain number of hits I would sell a certain amount,” said Elizabeth Clayton, a self-published poet. William Widmer for The New York Times

“The beautiful thing about these social media platforms is when they came out it was genuine,” said Aleem Khalid, a musician. “But now I feel it’s all fake.” Joshua Lott for The New York Times

Promised a Following

The salesman on the phone said it would be simple: Elizabeth Clayton, a retired English and psychology professor, could pay Hancock Press $4,200 to publicize her self-published works of poetry. The company said online promotion, including 40,000 guaranteed YouTube views, would translate into sales, emails show.

Ms. Clayton, 77, was optimistic. She had been publishing for seven years but had not sold much. One royalty check came to $1.47, another to $0.75. She signed up for Hancock to promote two videos, costing her $8,400, records show.

“They told me if I got a certain number of hits I would sell a certain amount,” she said.

Instead of traditional marketing, Hancock paid $270 for 55,000 views from Devumi for each video, the records show. The views eventually reached about 60,000, where they remain. But there was no increase in sales. “They couldn’t tell me anything about the people that were watching the video,” Ms. Clayton said. “I suspected something, but I couldn’t get any information.”

Wayne Hancock, the 92-year-old chief executive of the Arkansas-based company, said he believed real people were watching the videos. That’s how Devumi marketed its views. Mr. Hancock’s daughter, K. C. Shay, who helps run the business, dismissed Ms. Clayton’s documents and the Devumi receipts as fakes.

But Devumi records show that Hancock Press spent about $26,000 over three years, obtaining more than five million views for 75 or so authors. Interviews with six other Hancock clients are consistent with Ms. Clayton’s experience.

Devumi did not respond to repeated requests for comment. The company, whose website says that it has closed, came under investigation in two states in January after The Times reported that it sold fake Twitter followers.

Many Devumi clients came from the music industry, where buying views is common and often seen as necessary. “YouTube is one of the premier sources of music consumption and an important indicator of musical trends and popularity,” said Silvio Pietroluongo, a vice president at Billboard.

As a new artist, Aleem Khalid hired Crowd Surf, a promotion company, in 2014. Without his knowledge, he said, the firm bought 10,000 views each on three of his videos. They now have between 11,000 and 42,000 views. “The beautiful thing about these social media platforms is when they came out it was genuine. But now I feel it’s all fake,” said Mr. Khalid, 25. (Cassie Petrey, a co-founder of Crowd Surf, said she thought Devumi was producing real views, based on statements on its website.)

Others who relied on Devumi said they were similarly surprised at the company’s tactics. Ami Horowitz, the conservative filmmaker, bought 10,000 views for a video he appeared in — “What We Learned at the People’s Climate March” — on the YouTube channel for Americans for Prosperity, the Koch brothers’ political influence group. Mr. Horowitz, who is often a guest on Fox News, also bought views for a video about the protests in Ferguson, Mo.

In a statement, he said he had believed Devumi worked like traditional web advertising. But “it wasn’t what we expected,” he said, adding that he never used Devumi or similar services again. A spokeswoman for Americans for Prosperity called the behavior unethical and said the group would “not knowingly engage” in it.

Spotting the Forgeries

YouTube’s engineers, statisticians and data scientists are constantly improving in their ability to fight what Ms. O’Connor calls a “very hard problem,” but the attacks have “continually gotten stronger and more sophisticated,” she said.

After the Times reporter presented YouTube with the videos for which he had bought views, the company said sellers had exploited two vulnerabilities that had already been fixed. Later that day, the reporter bought more views from six of the same vendors. The view count rose again, though more slowly. A week later, all but two of the vendors had delivered the full amount.

Some exceeded the purchased amount at first, but didn’t bounce back from YouTube’s filters.

Even when it looks closely, YouTube can miss videos with fake views. A 2017 Google public report on disinformation during the 2016 election looked at RT’s YouTube channels, concluding that there was “no evidence of manipulation of our platform or policy violations.” Yet The Times recently found that an RT employee bought fake views for videos in 2016, which YouTube acknowledged it did not detect.

James Brown, a correspondent for RT, had purchased 30,000 views and 300 likes across three videos that focused on problems involving homelessness and immigration in Europe. Mr. Brown said he took Devumi at its word that the views would be real people. An RT spokeswoman said the company was unaware of the purchases and was conducting an internal review.

“It concerns me that while Twitter and Facebook appear to have made some credible progress in this area, YouTube still struggles to identify inauthentic and coordinated activity on its platform,” said Senator Mark Warner of Virginia, the top Democrat on the Intelligence Committee.

View-selling sites continue to advertise with apparent impunity. A post on the YouTube Creator Blog warning users against fake views has numerous comments linking to view-selling sites.

“The only way YouTube could eliminate this is if they removed the view counter altogether,” said Mr. Vassilev, the fake-view seller. “But that would defeat the purpose of YouTube.”

(GC) Two reasons to reconsider your Facebook membership

(GC)

Two reasons to reconsider your Facebook membership

It’s been a bad week for Facebook and its two billion-plus users.

Firstly it was discovered by computer scientists at Northeastern University that Facebook was allowing advertisers to target advertising at individuals by exploiting phone numbers only given by the users for the purposes of two-factor authentication (2FA).

In short, even if you had set your Facebook privacy controls to their most restrictive settings – advertisers could still target you because you had (quite sensibly) enabled two-factor authentication to protect your account from hackers.

Similarly, according to the research, it seems there are pitfalls if users provide their phone number to receive alerts about unrecognised logins on their Facebook account:

Facebook allows users to add email addresses or phone numbers to receive alerts about logins from unrecognized devices. We added a phone number and an email address to an author’s account to receive login alerts, and found that both the email address and phone number became targetable after 17 days.”

It’s one thing to use information that users choose to include in their Facebook profile for targeted advertising. It’s quite another to take advantage of information that was only shared with the site to boost security.

Remember, unrecognised login alerts and 2FA are features that users should be actively encouraged to enable, to better protect their Facebook accounts. When Facebook is revealed to be helping advertisers exploit such private, personal information, it only encourages users not to enable these protections in the first place.

And that’s not all… The researchers confirmed that Facebook was using “shadow contact information”, collected from other Facebook users’ address books, and associating them with your account. Facebook hides the fact that it has connected, for instance, alternative email addresses and phone numbers to your profile but uses it to assist targeted advertising.

As Kashmir Hill of Gizmodo explains:

…if User A, whom we’ll call Anna, shares her contacts with Facebook, including a previously unknown phone number for User B, whom we’ll call Ben, advertisers will be able to target Ben with an ad using that phone number, which I call “shadow contact information,” about a month later.

All of this amounts to what the EFF describes as “deceptive and invasive” practices by Facebook, which ignore “reasonable security and privacy expectations”.

Such behaviour by Facebook inevitably erodes users’ trust in the service.

And then the world found out about the security breach.

On Friday 28th September, Facebook went public with details of a “security issue” that it had discovered earlier in the week.

Approximately 50 million accounts were left exposed to attackers who were able to exploit a vulnerability in the site’s “View As” feature (actually a combination of three bugs). This security hole allowed hackers to steal users’ access tokens:

Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”

The bad news is that these Facebook access tokens could not only be used to access Facebook accounts, but also other third-party apps that use Facebook for login.

According to Facebook, the vulnerability in its code was introduced in July 2017, and on September 16th 2018 it saw a massive spike in traffic on its servers as hackers exploited the flaw and harvested access tokens for other users’ accounts. It took until September 25th for Facebook to determine that there had been a security breach.

Facebook says it has temporarily disabled its “View As” feature until it has completed a “thorough security review”.

You can learn more about both of these issues in this edition of the “Smashing Security” podcast:

Smashing Security #098: ‘A Facebook omnishambles’Listen on Apple Podcasts | Google Podcasts | RSS for you nerds.

What a week. It’s enough to make you reconsider your relationship with Facebook, isn’t it?

I quit Facebook earlier this year. If you’re finding it hard to imagine doing the same, why not listen to this “Smashing Security” podcast we put together describing the process of quitting Facebook:

Smashing Security #75: ‘Quitting Facebook’Listen on Apple Podcasts | Google Podcasts | RSS for you nerds.

If it helps, just consider your Facebook departure as “temporary” while you complete a “thorough security review.” You may find you don’t miss it at all.

(ECO) Portugal vai pagar 11 milhões por ano ao Web Summit até 2028

(ECOO contrato inclui uma cláusula de rescisão de 340 milhões de euros por cada ano em que o evento não se realize na capital.

Portugal vai pagar 11 milhões de euros por ano ao Web Summit para manter o evento em Portugal nos próximos dez anos. O valor do investimento, repartido entre o Fundo de Desenvolvimento Turístico lisboeta e o Ministério da Economia, foi anunciado pelo presidente da Câmara de Lisboa, Fernando Medina, esta manhã no Altice Arena.

Além dos 11 milhões de investimento anual, a autarquia lisboeta planeia também investir no complexo da FIL, primeiro de “forma temporária e depois definitiva”, adiantou Medina, num valor que ainda não foi divulgado. A ideia é que o espaço de exposição da FIL fique com o dobro da capacidade expositora. Terá sido esta alteração que ajudou a organização a decidir por Portugal, em detrimento de cidades como Madrid, Valência e Londres. O objetivo da Câmara de Lisboa é aumentar a infraestrutura que depois será rentabilizada com outros eventos. Medina quer “fazer de Lisboa uma capital da inovação, do empreendedorismo e do talento”.

“Este investimento vai permitir fazer crescer o Web Summit para 100 mil participantes, ou mais”, disse Fernando Medina.

O Web Summit, maior evento de tecnologia e empreendedorismo criado em Dublin e que se mudou para Lisboa em 2015, fica na cidade até 2028 mas, se por qualquer razão decidir sair do país antes dessa data, terá uma contrapartida. O contrato assinado pelo Governo, autarquia e organização inclui ainda uma cláusula de rescisão de 340 milhões de euros por cada anoque não se realize na capital.

“Quando você cresce, nós crescemos consigo”, sublinhou António Costa, na cerimónia de anúncio oficial de que o Web Summit vai ficar em Portugal. O primeiro-ministro revelou que, o ano passado, o Estado conseguiu arrecadar 30 milhões de euros de receita fiscal direta. Mas mais do que uma questão de receitas para o Estado, o Chefe de Governo frisou que se trata de tentar que Portugal seja visto como “um país da inovação e da tecnologia”. “Dá a imagem de que o país é capaz de atrair para Portugal empresa altamente tecnológicas que criam emprego altamente qualificado”, acrescentou.

“Estamos muito felizes por ficar em Lisboa nos próximos 10 anos”, disse Paddy Cosgrave na abertura da conferência de imprensa, ao lado de António Costa e Fernando Medina.

Estamos muito felizes por ficar em Lisboa nos próximos 10 anos.

Paddy Cosgrave

CEO e cofundador do Web Summit

“Este homem [referindo-se a Fernando Medina] ligou-me depois da meia-noite quando as coisas não estavam a avançar. (…) E fez dos melhores discursos depois da meia noite que já ouvi, seguramente depois de jantar num bom restaurante e com um bom vinho. (…) Fui para o meu hotel, depois fui jantar sozinho, cruzei-me com um grupo de engenheiros do Exército, e depois com um grupo de trabalhadores jovens da Farfetch, que me perguntaram para onde ia o evento. Todos estes momentos em que fui abordado me inspiraram”, contou o CEO do Web Summit sobre o processo de negociação com Lisboa para a continuidade do Web Summit.

Admitindo que o acordo de dez anos possa “ser a decisão mais louca” que já tomou já vida, Paddy está confiante de que “será, a médio prazo uma boa decisão”, disse, elogiando as equipas de Theresa May e de outros países que mantiveram conversações com a organização do evento nos últimos meses.

“Acho que em Lisboa vamos construir um bom futuro”, acrescentou. “Foi um enorme esforço, estamos tão contentes e queremos planear o futuro é tornar o Web Summit uma coisa muito melhor do que é hoje”.

(BGR) EU commissioner probing Facebook calls it ‘a channel of dirt’ after deleting her account

(BGR) Vera Jourova, the European Commissioner for Justice, Consumers and Gender Equality, has been outspoken in her defense of why she thinks the EU needs to hold Facebook’s feet to the regulatory fire. The EU, for its part, has warned the social networking giant that it needs to be more clear with consumers in terms of how their data is used, but today Vera went even farther.

She blasted the company’s “misleading terms of service” and said if it doesn’t make things right by the end of the year, she’ll call on consumer protection authorities in EU countries to start levying sanctions. That’s according to a Wall Street Journal report in which Vera is also quoted as lamenting during a press conference, “I am becoming rather impatient. We have been in dialogue with Facebook almost two years … I want to see results.”

In an interesting footnote to this, it turns out she’s so frustrated with Facebook that she’s also shut down her own Facebook account, saying during the press conference that she’d received an “influx of hatred.” “I don’t want to avoid communication with people, even with critical people,” she reportedly said by way of defending her move — saying, in other words, she’s not trying to isolate herself from critics.

It’s just that her experience as a Facebook user has been that the service is, in her own words, “a channel of dirt.”

She explained her position a little more via Twitter:

Věra Jourová

@VeraJourova

I want to be extremely clear to its users about how their service operates and makes money. Not many people know that has made available their data to third parties or that for instance it holds full copyright about any picture or content you put on it.

Věra Jourová

@VeraJourova

I appreciate willingness to work with us and authorities to solve all the issues by December this year.

A Facebook spokesperson told the WSJ, in response to her criticisms, that the company “will continue our close cooperation to understand any further concerns and make appropriate updates.”

“At issue for Ms. Jourova was the clarity of Facebook’s terms of service,” according to the paper. “The company updated them in the spring, but Ms. Jourova said they remain insufficiently explicit about how the company monetizes users’ data. A spokeswoman for the EU’s executive arm said that directing users via hyperlinks to Facebook’s ‘data policy,’ which gives some more detail on ad targeting, isn’t enough for consumers.”

The paper goes on to point out that this issue is “legally separate” from complaints against Facebook from activists under the EU’s privacy law.

(CNBC) Jamie Dimon says cyber warfare is the biggest risk to the financial system

(CNBC)

  • The “biggest vulnerability” for the financial system is the threat of cyberattacks, J.P. Morgan’s Jamie Dimon said on Thursday.

Biggest vulnerability today is cyber, JPMorgan CEO says

Biggest vulnerability today is cyber, JPMorgan CEO says  

Banks may be in sound condition post-Lehman Brothers, but the financial system could crack again if hit with a devastating cyber attack, J.P. Morgan Chief Executive Jamie Dimon warned on Thursday.

“I think the biggest vulnerability is cyber, just for about everybody” he told CNBC’s Indian affiliate CNBC TV-18 on Thursday. “I think we have to focus on it, the United States government has to focus on it.”

“We have to make sure because cyber — terrorist and cyber countries — they could cause real damage. We’re already spending a lot of money and J.P. Morgan is secure but we should really worry about that,” Dimon told CNBC-TV18’s Shereen Bhan in New Delhi.

Dimon put inflation running too hot as his second biggest concern, warning the reactionary raising of interest rates from the U.S. Federal Reserve could be the cause of a “traditional” recession.

Industry experts have placed increasing importance on the threat of cyber warfare as attacks become more sophisticated.

Jamie Dimon, chief executive officer of JPMorgan Chase & Co

Eric Piermont | AFP | Getty Images
Jamie Dimon, chief executive officer of JPMorgan Chase & Co

In the past, western officials have warned of increasing suspicious cyber activity originating from countries of concern including Russia, Iran and North Korea.

Earlier this year, America’s Department of Homeland Security and Federal Bureau of Investigation, alongside the U.K.’s National Cyber Security Center, released a joint technical alert warning of the threat of malicious digital activity being carried out by the Kremlin.

Meanwhile, authorities are worried about the heightened threat of cyberattacks from Iran on the U.S. and Europe, especially as the country becomes increasingly ostracized by the U.S., which has reintroduced sanctions on Tehran.

(CNBC) SpaceX will fly Japanese billionaire Yusaku Maezawa as the first ever private tourist to the moon

(CNBC)

  • Japanese billionaire Yusaku Maezawa put down a significant deposit with SpaceX to become the first ever private tourist to fly around the moon on the company’s Big Falcon Rocket (BFR)
  • Maezawa wants to take six to eight artists from around the world on the nearly week-long trip.
  • The mission is expected to launch in 2023.
Japanese billionaire entrepreneur Yusaku Maezawa speaks at SpaceX's headquarters in Hawthorne, California. 

Michael Sheetz | CNBC
Japanese billionaire entrepreneur Yusaku Maezawa speaks at SpaceX’s headquarters in Hawthorne, California.

Japanese billionaire Yusaku Maezawa signed with SpaceX to fly around the moon on the company’s next generation rocket, CEO Elon Musk announced on Monday.

Maezawa will attempt to be the first to return to the moon in nearly half a century, launching aboard a Big Falcon Rocket (BFR), which SpaceX is developing. BFR is the flagship for Musk’s vision of creating a permanent, self-sustaining human presence on Mars, and testing on the behemoth rocket is expected to begin next year.

The trip is expected to launch in 2023.

“Ever since I was a kid, I have loved the moon. It’s always there and continues to inspire humanity,” said Maezawa, one of the richest people in Japan, who made his fortune as the founder of online retailers Start Today and Zozotown.

SpaceX announced in February 2017 that two passengers would be flying around the moon in the company’s Crew Dragon capsule, launched by its Falcon Heavy rocket. But earlier this year, Musk said SpaceX was considering using BFR instead and on Monday confirmed that Maezawa is “the same person” who was announced before, just with a larger group now onboard.

BFR is a massive, 35-story tall rocket designed to launch and land like SpaceX’s Falcon 9, but also carrying dozens of people on board instead of just satellites. Musk confirmed BFR’s “design has been changed,” after receiving questions about new renders of the rocket posted online.

A rendering shows a SpaceX BFR launch vehicle on a trip around the Moon.

SpaceX
A rendering shows a SpaceX BFR launch vehicle on a trip around the Moon.

He declined to reveal the amount Maezawa paid for the mission, saying he was “not disclosing the amount but he’s paying a very significant amount of money.”

“To be clear. This is dangerous … it’s not a sure thing … there are some chances things could go wrong,” Musk reiterated.

Only two dozen people have ever been to the moon, with the final Apollo mission in 1972 marking the last time a human visited the moon.

“This is a project that I designed and made: #dearMoon,” Maezawa announced.

“I choose to go to the moon with artists,” he added. “In 2023, as the host, I would like to invite 6 to 8 artists from around the world to join me on this mission to the Moon.” He hasn’t decided which artists to bring yet.

Over the last month, he teased this announcement in several tweets, starting when he said there was a “big announcement” coming “about mid September.” Then, the day after SpaceX said it would soon announce a passenger signed to fly to the moon, Maezawa tweeted “there are no limits.”

Yusaku Maezawa 前澤友作

@yousuck2020

There are no limits.

Maezawa tweeted twice again, on each of the two days before Musk’s announcement, with a picture of a wristwatch with the caption “it’s time” and a black photo with only the word “imagine” with the caption “never stop.”

The Japanese entrepreneur was also in Florida at NASA’s Kennedy Space Center to watch the maiden launch of SpaceX’s Falcon Heavy rocket, tweeting a video and congratulations to Musk on “the historic moment.”

Yusaku Maezawa 前澤友作

@yousuck2020

Congratulations on the successful launch of FalconHeavy!!! I had been the scene at the historic moment. Incredible!!!@SpaceX @elonmusk

— CNBC’s Paul McNamara contributed to this report.