Category Archives: Technology

(WSJ) Google Exposed User Data, Feared Repercussions of Disclosing to Public

(WSJGoogle opted not to disclose to users its discovery of a bug that gave outside developers access to private data. It found no evidence of misuse.

Google Chief Executive Sundar Pichai was briefed on a plan not to notify users of a software glitch that gave outside developers potential access to private data.
Google Chief Executive Sundar Pichai was briefed on a plan not to notify users of a software glitch that gave outside developers potential access to private data. PHOTO: DAVID PAUL MORRIS/BLOOMBERG NEWS

Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, according to people briefed on the incident and documents reviewed by The Wall Street Journal.

As part of its response to the incident, the Alphabet Inc. GOOGL 2.73% unit on Monday announced a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+. The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook Inc. FB 0.25% and is widely seen as one of Google’s biggest failures.

A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google’s legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica.

Chief Executive Sundar Pichai was briefed on the plan not to notify users after an internal committee had reached that decision, the people said.

The closure of Google+ is part of a broader review of privacy practices by Google that has determined the company needs tighter controls on several major products, the people said. In its announcement Monday, the company said it is curtailing the access it gives outside developers to user data on Android smartphones and Gmail.

Social Bug

How a software glitch allowed app developers to potentially access Google+ user data

2

1

User A signs up to Google+ and fills out profile fields: name, employer, job title, gender, birth date and relationship status.

User A goes into privacy settings to make profile data viewable only to certain friends on Google+, including User B.

User B signs up for an app that asks the user to log in using Google+ credentials. The user gives the app permission to access profile information.

The app developer collects data on User B. Because of the software glitch, the developer can also collect User A’s private profile data.

Google discovered and fixed the glitch in March 2018. It found no evidence of misuse of data.

Sources: People briefed on the incident and documents reviewed by The Wall Street Journal

The episode involving Google+, which hasn’t been previously reported, shows the company’s concerted efforts to avoid public scrutiny of how it handles user information, particularly at a time when regulators and consumer privacy groups are leading a charge to hold tech giants accountable for the vast power they wield over the personal data of billions of people.

The snafu threatens to give Google a black eye on privacy after public assurances that it was less susceptible to data gaffes like those that have befallen Facebook. It may also complicate Google’s attempts to stave off unfavorable regulation in Washington. Mr. Pichai recently agreed to testify before Congress in the coming weeks.

The Meaning of Life According to Google

The Meaning of Life According to Google

​Google handles 90% of the world’s internet searches, and it increasingly is promoting a single answer for many questions. Even subjective or unanswerable queries sometimes get seemingly definitive answers. Here’s how the algorithms are — and aren’t — working. Video/Photo Illustration: Heather Seidel/The Wall Street Journal

“Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” a Google spokesman said in a statement.

In weighing whether to disclose the incident, the company considered “whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response,” he said. “None of these thresholds were met here.”

The internal memo from legal and policy staff says the company has no evidence that any outside developers misused the data but acknowledges it has no way of knowing for sure. The profile data that was exposed included full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status; it didn’t include phone numbers, email messages, timeline posts, direct messages or any other type of communication data, one of the people said.

Google makes user data available to outside developers through more than 130 different public channels known as application programming interfaces, or APIs. These tools usually require a user’s permission to access any information, but they can be misused by unscrupulous actors posing as app developers to gain access to sensitive personal data.

A privacy task force formed inside Google, code named Project Strobe, has in recent months conducted a companywide audit of the company’s APIs, according to the people briefed on the process. The group is made up of more than 100 engineers, product managers and lawyers, the people said.

In a blog post on Monday, Google said it plans to clamp down on the data it provides outside developers through APIs. The company will stop letting most outside developers gain access to SMS messaging data, call log data and some forms of contact data on Android phones, and Gmail will only permit a small number of developers to continue building add-ons for the email service, the company said.

Google faced pressure to rein in developer access to Gmail earlier this year, after a Wall Street Journal examination found that developers commonly use free email apps to hook users into giving up access to their inboxes without clearly stating what data they collect. In some cases, employees at these app companies have read people’s actual emails to improve their software algorithms.

The coming changes are evidence of a larger rethinking of data privacy at Google, which has in the past placed relatively few restrictions on how external apps access users’ data, provided those users give permission. Restricting access to APIs will hurt some developers who have been helping Google build a universe of useful apps.

The Google+ data problem, discovered as part of the Strobe audit, was the result of a flaw in an API Google created to help app developers access an array of profile and contact information about the people who sign up to use their apps, as well as the people they are connected to on Google+. When a user grants a developer permission, any of the data they entered into a Google+ profile can be collected by the developer.

In March of this year, Google discovered that Google+ also permitted developers to retrieve the data of some users who never intended to share it publicly, according to the memo and two people briefed on the matter. Because of a bug in the API, developers could collect the profile data of their users’ friends even if that data was explicitly marked nonpublic in Google’s privacy settings, the people said.

During a two-week period in late March, Google ran tests to determine the impact of the bug, one of the people said. It found 496,951 users who had shared private profile data with a friend could have had that data accessed by an outside developer, the person said. Some of the individuals whose data was exposed to potential misuse included paying users of G Suite, a set of productivity tools including Google Docs and Drive, the person said. G Suite customers include businesses, schools and governments.

Because the company kept a limited set of activity logs, it was unable to determine which users were affected and what types of data may potentially have been improperly collected, the two people briefed on the matter said. The bug existed since 2015, and it is unclear whether a larger number of users may have been affected over that time.

Gmail scanned messages and sold ads related to their content, a practice that privacy groups said was a violation of user trust. Google responded that other email providers were already using computers to scan email to protect against spam and hackers, and that showing ads helped offset the cost of its free service. In 2014, Google stopped scanning inboxes of student, business and government users and last year said it was halting all Gmail scanning for ads.

2010: Buzz

Debut of Google Buzz was fumbled when the social site publicly displayed the contact lists of its users, leading to a probe by the Federal Trade Commission. Google settled with the FTC in 2011 and agreed to undergo 20 years of privacy audits by the agency. At the time of the settlement, Google said in a blog post that the Buzz launch “fell short of our usual standards for transparency and user control.”

2010: Street View

Google said its Street View camera cars collected private data through wireless networks while driving by people’s homes. Google stopped collecting Street View images in some countries as a result.

2013: Glass

Google Glass, a wearable computer headset with the ability to record video, was seen by some as a privacy intrusion when people began wearing them into private spaces like bathrooms. Google stopped selling the device to consumers and retooled it for professionals.

2013: Prism

Leaks revealed Google was part of a program called Prism, which allowed the U.S. National Security Agency to collect data on internet users. Google denied it ever gave the government direct access to its servers.

2018: YouTube

Privacy groups complained YouTube violated a federal law protecting children’s privacy by collecting data from users under 13. The company said users under 13 aren’t permitted to use YouTube. Google and the FTC have said they will evaluate the complaint.

2018: Android

The Associated Press found that Google collects location data of Android users even after their “location history” is turned off, a policy called misleading by privacy groups and lawmakers. Google told the AP that its descriptions of its location tools are clear.

2018: Google+

A software bug gave outside developers access to the private user profile data of a half-million Google+ users, and executives decided not to inform the public, partly out of fear of regulatory scrutiny. Google officials said the incident didn’t rise to the threshold of alerting users, and found no evidence any of the data were accessed..

Google believes up to 438 applications had access to the unauthorized Google+ data, the people said. Strobe investigators, after testing some of the apps and checking to see if any of the developers had previous complaints against them, determined none of the developers looked suspicious, the people said. The company’s ability to determine what was done with the data was limited because the company doesn’t have “audit rights” over its developers, the memo said. The company didn’t call or visit with any of the developers, the people said.

The question of whether to notify users went before Google’s Privacy and Data Protection Office, a council of top product executives who oversee key decisions relating to privacy, the people said.

Internal lawyers advised that Google wasn’t legally required to disclose the incident to the public, the people said. Because the company didn’t know what developers may have what data, the group also didn’t believe notifying users would give any actionable benefit to the end users, the people said.

The memo from legal and policy staff wasn’t a factor in the decision, said a person familiar with the process, but reflected internal disagreements over how to handle the matter.

The document shows Google officials felt that disclosure could have serious ramifications. Revealing the incident would likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal,” the memo said. It “almost guarantees Sundar will testify before Congress.”

A range of factors go into determining whether a company must notify users of a potential data breach. There is no federal breach notification law in the U.S., so companies must navigate a patchwork of state laws with differing standards, said Al Saikali, a lawyer with Shook, Hardy & Bacon LLP. He isn’t affiliated with any of the parties.

While many companies wouldn’t notify users if a name and birth date were accessed, some firms would, Mr. Saikali said. Some firms notify users even when it is unclear that the data in question was accessed, he said. “Fifty percent of the cases I work on are judgment calls,” he said. “Only about half the time do you get conclusive evidence that says that this bad guy did access information.”

Europe’s General Data Protection Regulation, which went into effect in May of this year, requires companies to notify regulators of breaches within 72 hours, under threat of a maximum fine of 2% of world-wide revenue. The information potentially leaked via Google’s API would constitute personal information under GDPR, but because the problem was discovered in March, it wouldn’t have been covered under the European regulation, Mr. Saikali said.

Google could also face class-action lawsuits over its decision not to disclose the incident, Mr. Saikali said. “The story here that the plaintiffs will tell is that Google knew something here and hid it. That by itself is enough to make the lawyers salivate,” he said.

In its contracts with paid users of G Suite apps, Google tells customers it will notify them about any incidents involving their data “promptly and without undue delay” and will “promptly take reasonable steps to minimize harm.” That requirement may not apply to Google+ profile data, however, even if it belonged to a G Suite customer.

(CNBC) Roubini doubles down on criticisms of crypto, calls it a ‘stinking cesspool that is in meltdown’

(CNBC)

  • Roubini said a recent sharp downturn in the prices of cryptocurrencies showed that the nascent digital assets have poor fundamentals.
  • On Thursday he said in testimony to U.S. senators that crypto is “the mother or father of all scams and bubbles.”
  • Cryptocurrencies received much attention from major central bankers, financial executives and economists late last year when bitcoin surged close to $20,000.

Nouriel Roubini

Jin Lee | Bloomberg | Getty Images
Nouriel Roubini

The cryptocurrency world is a “stinking cesspool” and is fundamentally worth nothing, according to Nouriel Roubini, the economist famed for predicting the 2008 financial crisis.

In a series of tweets, Roubini said late Thursday that a recent sharp downturn in the prices of cryptocurrencies — which came amid an intense period of selling for global stock markets — showed that the nascent digital assets have poor fundamentals.

Nouriel Roubini

@Nouriel

Yes Whales of the World Do Unite to Prop Up Your Stinking Cesspool That is In Meltdown!! That will save shit-coin land

Prettycynic@prettycynic

I Wish all the Whales would unite and shut this piece of trash up👿🐋 https://twitter.com/Nouriel/status/1050552714705408000 

“The bloodbath is worsening,” he said in a response to one Twitter user, pointing out that digital currencies had fallen much more steeply than equities during Wednesday and Thursday’s sell-offs. “So tell me: which better fundamentals? Can’t convert s—coins into productive manure.”

Nouriel Roubini

@Nouriel

Which fundamentals are improving after a 70-99% implosion? Yesterday even as US stocks were down 3% major crypto-currencies – ETH, XRP, etc – plunged another 10%. The bloodbath is worsening. So tell me: which better fundamentals? Can’t convert shitcoins into productive manure

Ari Paul

@AriDavidPaul

Replying to @OJRenick and 4 others

I don’t see a contradiction. Cryptocurrencies are down across the board 70-99% as we unwind Q4’s speculative bubble. Fundamentals are generally gradually improving as price corrects. Common for equities in recessions too.

Roubini, who has often been referred to as “Dr. Doom” due to his bearish market outlook, is known to be highly skeptical of cryptocurrencies. On Thursday, he said in testimony to U.S. senators that crypto is “the mother or father of all scams and bubbles.”Virtual currencies like bitcoin are known to be highly volatile, sometimes adding or shedding hundreds of dollars in value within hours.

He continued in a separate post: “It is indeed laughable to think that useless crypto-currencies or s—coins have any fundamentals of value. Their fundamental value is ZERO or actually negative … if you price correctly their negative externality of hogging energy and destroying the environment.”

Nouriel Roubini

@Nouriel

It is indeed laughable to think that useless crypto-currencies or shitcoins have any fundamentals of value. Their fundamental value is ZERO or actually negative is if you price correctly their negative externality of hogging energy and destroying the environment

samvega@samvega
Replying to @AriDavidPaul and 5 others

“Fundamentals” of cryptcoins 🙂😃😆😂🤣🙃🙂😋

Cryptocurrencies received much attention from major central bankers, financial executives and economists late last year when the world’s largest by market value, bitcoin, surged to a record high close to $20,000.

Some, including J.P. Morgan CEO Jamie Dimon, had called the phenomenon “tulip mania” — in reference to the bubble in tulip prices in the 17th century — while others have said they favor the underlying blockchain technology associated with cryptocurrencies.

Bitcoinether and XRP — collectively the three largest digital assets by market capitalization — have plummeted from their record highs however. Bitcoin has fallen almost 70 percent since its all-time high; ether, the digital token of the Ethereum blockchain, has plunged more than 85 percent; and XRP, a cryptocurrency promoted by blockchain firm Ripple, has slipped nearly 90 percent.

Prices were seen to stabilize somewhat Friday morning however, with bitcoin barely moving, ether down by 1.9 percent and XRP up 2.2 percent on the day, according to CoinMarkCap data.

(BBG) Autonomous Flights Are One Step Closer to Reality

(BBG) The air cargo industry is already considering one-person flight crews. Self-flying planes may be next.

Aerospace and innovation have gone hand-in-hand since the days of Orville and Wilbur Wright. Airplanes were once simple metal tubes powered by propellers. Long-haul flying meant four engines and at least three pilots on the flight deck at all times.

Today, aircraft require only two pilots and are built mostly of carbon composites. Even on the longest routes—more than 17 hours—regulators permit airlines to fly with merely two engines. Given the inexorable nature of technological evolution, it seems logical to expect that soon only a single pilot will be required. And beyond that, given the advent of driverless technology on the ground and unmanned aircraft above, could pilotless commercial airliners be far off?

A range of companies, from such aerospace giants as Boeing Co. and Airbus SE to tiny startups, are working on various aspects of a difficult puzzle: how to create the next generation of air travel—one whose pilots are far less ubiquitous and new flying vehicles communicate with each other. More important, how is that world to be as safe as the one we’re in now?

“It is not as complicated as it sounds, and it is not as dangerous as it sounds,” said Elpert Hodge, executive vice president of M2C Aerospace Inc., a New England startup working to build a flight system for single-pilot commercial aircraft operations. The startup hopes to meet airlines’ desire to cut costs while addressing a pilot shortage that’s already curtailed air service in some regions. The technology to achieve this is likely to be available soon. The comfort level of regulators and average citizens will almost certainly lag.

“How do we maintain levels of safety that we enjoy today … when you’ve got an artificial intelligence-based system in the cockpit?” Greg Hyslop, Boeing’s chief technology officer, said in September at a conference at the Massachusetts Institute of Technology. “How do you show and certify that to be safe to the point where the flying public would say, ‘Yes, I trust that.’”

Photographer: Akos Stiller/Bloomberg

Airlines are reluctant to even broach the topic, given how passengers may react to being one stricken pilot away from an empty cockpit. And they are more so when it comes to fully automatic aircraft: “It’s certainly not anything that American is working on or trying to make happen,” Doug Parker, chief executive of the world’s largest airline, American Airlines Group Inc., said of autonomous aircraft at an industry forum Sept. 12. “The comfort [pilots] provide is not something that most consumers are going to want to forgo.”

But for the air-cargo industry, where package containers don’t require safety assurances, the prospect of single-pilot operations—and eventually autonomous flight—holds a definite appeal, especially in areas where air cargo growth may outpace pilot supply.

“Clearly, for transporting cargo, you could see autonomous aircraft,” Hyslop said. “It’s going to be much longer, if ever, if we’d see that for passenger travel, though.” That doesn’t matter to Wall Street. Airline analysts are already counting the billions of dollars in savings airlines could reap by culling humans.

“Long-haul commercial flights could see reduced cockpit crews from 2023, shortly after cargo planes,” analysts at UBS Group AG wrote in an extensive July report. They estimated a profit potential of $15 billion for flying with a single pilot and $35 billion if airplanes were to fly themselves.

None of this is as far-fetched as it might seem. Adoption of new technology in aviation has risen significantly over the past few years, according to the UBS report. The analysts conceded, though, that they expect “consumer acceptance to be a challenge.” Surveys by the bank found that 63 percent of people oppose flying in a pilotless aircraft, while only 52 percent were averse to single-pilot planes. Then again, what did people think of autonomous cars just a few years ago?

Photographer: Susana Gonzalez

A key component of airline automation will be AI. As the technology spreads into areas from cars to factories to electronics, more consumers are apt to grow comfortable with it.

“There is a percentage of millennials who have no problem with that,” said Hodge, a former pilot. “So as much as you can demonstrate the safety of it, that’s what brings the public along.” Throw in some cost savings and safety concerns begin to dissipate: The same UBS survey found that 50 percent more people would fly in a single-pilot aircraft if it came with a ticket discount.

The topic has garnered interest in Washington as well. The House version of a budget bill this year funding the Federal Aviation Administration included language that would start a “research and development program in support of single-piloted cargo aircraft assisted with remote piloting and computer piloting.” The measure, which was stripped from the compromise bill signed into law Oct. 5, was introduced by Texas Republican Lamar Smith, chairman of the House Science, Space, and Technology Committee. He sought to address concerns regarding major Chinese investments into AI and autonomous flight, according to a committee staffer.

The Cargo Airline Association, which represents carriers such as FedEx Corp. and United Parcel Service Inc., wasn’t involved in the House bill, said Steve Alterman, the association’s president. While the CAA doesn’t have a position on the idea, pilot associations do: They’re aghast.

“Having anything less than two [pilots] is inviting catastrophe,” said Lee Collins, president of the Coalition of Airline Pilots Associations, which represents more than 30,000 pilots, including those at American Airlines Group Inc. and UPS.

“This technology is neither mature nor proven yet to the extent that it can ensure safety,” Collins said, adding that autonomous piloting systems are “a terrorist hijacker’s absolute dream come true.” Tim Cannoll, president of the Air Line Pilots Association, the largest U.S. pilot union, echoed his concerns in a recent column: “Single-piloted operations should be totally unacceptable to the American public because they are unsafe.”

Pilots argue that aviation requires human judgment in the cockpit to respond to the myriad unexpected events that can befall a flight. And while pilots and their unions have a vested interest in maintaining the two-pilot system, they have ready examples to drive home their point. Several pointed to the engine explosion aboard a Dallas-bound Southwest Airlines Co. flight in April that killed a passenger. It left a hole in the side of the Boeing 737-700’s fuselage, but the pilot was able to land in Philadelphia with no further injuries.

Flight controls in the cockpit of an Airbus SE A350-1000 twinjet passenger aircraft.
Photographer: SeongJoon Cho/Bloomberg

Air travel, goes the common refrain, is the safest form of transport. Over the past 12 years, technological advances have been accompanied by a remarkable increase in safety all while traffic volume doubled. Globally, carriers will fly an estimated 4.4 billion passengers this year, according to the International Air Transport Association. Crashes are rare. In the U.S., there were no airline fatalities from 2009 to 2018—a period of time encompassing almost 100 million flights.

In many respects, modern aircraft are already automated to the degree that pilots spend a lot of time monitoring instruments while the plane flies automatically. But you’d be mistaken if you were to assume this makes them superfluous.

It’s true that a Boeing 787 or Airbus A350 offers tools that a pilot from the 1980s could only dream about. It’s also true that the world’s airspace is more congested and complex than it’s ever been. American, for example, requires that each plane in its fleet conduct an autopilot approach and automated landing at least once every 60 days. The policy doesn’t apply to American’s Boeing 737s, which operate with a different system. The aircraft flies the approach according to the path programmed into the flight management system (FMS), following all speed and altitude restrictions and optimizing the descent. Instruments guide the aircraft to touchdown and braking. The autopilot disengages once the aircraft slows to taxi speed.

These systems are typically used when visibility is extremely limited and weather is unfavorable. As a passenger, you’ll probably never know when your aircraft lands itself; pilots rarely announce the occasions. This technology, which is employed with two pilots are monitoring its performance, increases an airline’s ability to operate in conditions in which a human would be less capable. People get to their destinations, fewer flights are canceled, and the nation’s economy avoids the costs of delays.

But—and this is the key point pilots make—they can intervene at any time to override the machine’s decisions during the approach and landing.

Hodge’s company, M2C Aerospace, is located about 40 miles west of Boston in the town of Milford, Massachusetts. It wants to become a market leader in devising a flight management system (FMS) for commercial aircraft that doesn’t require two pilots, he said. M2C plans to begin simulator testing early next year, followed by test flights with an ATR turboprop aircraft flying from Antigua, his home country—and whose government is among M2C’s investors.

“My thinking to get the FAA on board is being able to demonstrate safety for two years, no mishaps,” said Hodge, a former pilot and entrepreneur who founded cargo carrier Elan Air and later sold it to DHL Express. M2C is also working to raise $15 million to fund its FMS project, which Hodge predicts will see sales of $500 million in two years and $1 billion within five years.

Memphis-based FedEx has expressed interest in purchasing space on an eventual Caribbean single-pilot cargo operation, Hodge said. A FedEx spokeswoman declined to comment.

“Aviation is getting there,” he said. “It’s not if, it’s when.”

(Economist) Wind-powered ships are making a comeback

(Economist) A maritime technology from the 1920s is back in fashion

AN OIL tanker that ferries nearly 110,000 tonnes of the black stuff between the Middle East and Europe does not sound like a green ship. But Maersk Pelican is unique among the world’s biggest cargo ships in that it does not rely on fossil fuels alone for propulsion. On September 29th it arrived in Saudi Arabia on its first voyage since the installation of two 30-metre rotor sails.

Coal- and oil-powered cargo ships wiped out wind power in the 19th century. But interest in wind propulsion, and in rotor sails in particular, is growing as shipping lines seek ways to slash fuel bills. Placed on a ship’s decks, these giant rotating cylinders propel it using the “Magnus effect”, the force that causes a spinning ball to curve through the air.

The concept was demonstrated by Anton Flettner, a German engineer, in the 1920s, but rotor sails failed to catch on, partly because coal was a cheap alternative. The first ones he made were metal and so heavy that they slowed ships.

The rotor sails that Norsepower, a Finnish firm, has developed are made of carbon fibre and are far lighter, says Tuomas Riski, its chief executive. They are also automated, so no extra sailors are needed to operate them, unlike Flettner’s version. As well as Maersk Pelican, Norsepower has already fitted them to several other ships, including Estraden, a ferry which operates between the Netherlands and Britain, and Viking Grace, which sails between Sweden and Finland.

The interest in the sails comes because they can slash fuel bills and emissions, says Tommy Thomassen, chief technical officer of Maersk Tankers. The Maersk Pelican’s two rotor sails will cut its fuel bills by 7-10%, he forecasts; if it added two more that could rise to 15-20%. Such savings help with another priority for the shipping industry; complying with new climate-change targets. In April the International Maritime Organisation, a UN agency, agreed to cut by half the global shipping sector’s carbon emissions from 2008 levels by 2050.

Sails can make serious contributions to that target. Most other technologies (such as adding bulbous bows) shave only a few percent off fuel bills. Electric batteries cannot store enough energy for long sea voyages.

Upfront costs remain a problem. Norsepower’s rotor sails cost €1m-2m ($1.15m-2.3m) to install; it takes five years on average to earn that back in lower fuel bills. Mr Riski hopes to slash that figure to three years by making the sails more cheaply in China. It would then become worthwhile for charterers, which only tend to lease ships for under three years, to install them.

Rotor sails are not the only ones about. Modern versions of the sort of sails fitted to conventional ships, as well as kites attached to the front of the vessel, have also been mooted as energy-saving solutions. But these are a health-and-safety risk to sailors in bad weather. Wind power may be back in fashion but no one needs to mount the rigging.

(RT) Digital strip search: NZ travellers to be fined if they refuse to hand over passwords

(RT)

Digital strip search: NZ travellers to be fined if they refuse to hand over passwords
In what has been described as a “grave invasion of personal privacy,” New Zealand Customs have introduced a new rule that could force tourists and citizens to hand over their device passwords or face a $NZ5000 ($3220) fine.

The Customs and Excise Act 2018, which came into effect on Monday, gives officials authority to access codes, passwords, encryption keys and even fingerprints or any related information that enables access to an electronic device. The rule applies to foreign visitors and New Zealand citizens alike, when the customs officials have “reasonable cause to suspect” a person or their device warrants a digital search.

Authorities are allowed to copy, review and evaluate data from devices and can also remove or hold them for a time “reasonably”necessary to conduct the search. If people refuse a request, they face a fine of $5000 or having their device confiscated so officials can attempt to access it by other means.

Before the rule came into effect, customs officials could demand to see people’s devices, but could not compel them to hand over passwords. The rule doesn’t extend to allowing customs agents to delve into people’s cloud storage, it only applies to what is already on their devices.

New Zealand Customs say the rule is necessary because people carry so much information on their devices, including the “majority of prohibited material and documents.”

It also said that in 2017, border officials examined 537 devices of the 14 million travelers who were searched and they don’t expect an increase as a result of the rule’s implementation.

New Zealand Council for Civil Liberties (CCL) slammed the rule and in a statement highlighted how a serious criminal could “easily store the data on the internet, travel with a wiped phone, and restore it once they enter the country.” It said the rule would mostly affect innocent travellers who will be compelled to hand over access to their personal devices.

RT UK

@RTUKnews

security files found on USB stick dumped in the street – report https://on.rt.com/8qxi 

Heathrow Airport security files found on USB stick dumped in the street – report — RT UK News

Heathrow Airport is investigating how a USB stick with over 170 documents, some of them relating to its security system, ended up on a sidewalk in west London. The stick was handed over to the Mirror…

rt.com

“Nowadays we’ve got everything on our phones; we’ve got all our personal life, all our doctors’ records, our emails, absolutely everything on it, and customs can take that and keep it,” spokesperson Thomas Beagle told TVNZ. “They don’t have to tell you what the cause of that suspicion is, there’s no way to challenge it.””

(NYT) The Flourishing Business of Fake YouTube Views

(NYT) Plays can be bought for pennies and delivered in bulk, inflating videos’

popularity and making the social media giant vulnerable to manipulation.

Martin Vassilev makes a good living selling fake views on YouTube videos. Working from home in Ottawa, he has sold about 15 million views so far this year, putting him on track to bring in more than $200,000, records show.

Mr. Vassilev, 32, does not provide the views himself. His website, 500Views.com, connects customers with services that offer views, likes and dislikes generated by computers, not humans. When a supplier cannot fulfill an order, Mr. Vassilev — like a modern switchboard operator — quickly connects with another.

“I can deliver an unlimited amount of views to a video,” Mr. Vassilev said in an interview. “They’ve tried to stop it for so many years, but they can’t stop it. There’s always a way around.”

After Google, more people search on YouTube than on any other site. It is the most popular platform among teenagers, according to a 2018 study by the Pew Research Center, beating out giants like Facebook and Instagram. With billions of views a day, the video site helps spur global cultural sensations, spawn careers, sell brands and promote political agendas.

Just as other social media companies have been plagued by impostor accounts and artificial influence campaigns, YouTube has struggled with fake views for years.

The fake-view ecosystem of which Mr. Vassilev is a part can undermine YouTube’s credibility by manipulating the digital currency that signals value to users. While YouTube says fake views represent just a tiny fraction of the total, they still have a significant effect by misleading consumers and advertisers. Drawing on dozens of interviews, sales records, and trial purchases of fraudulent views, The New York Times examined how the marketplace worked and tested YouTube’s ability to detect manipulation.

Inflating views violates YouTube’s terms of service. But Google searches for buying views turn up hundreds of sites offering “fast” and “easy” ways to increase a video’s count by 500, 5,000 or even five million. The sites, offering views for just pennies each, also appear in Google search ads.

To test the sites, a Times reporter ordered thousands of views from nine companies. Nearly all of the purchases, made for videos not associated with the news organization, were fulfilled in about two weeks.

One of the businesses was Devumi.com. According to company records, it collected more than $1.2 million over three years by selling 196 million YouTube views. Nearly all the views remain today. An analysis of those records, from 2014 to 2017, shows that most orders were completed in weeks, though those for a million views or more took longer. Providing large volumes cheaply and quickly is often a sign that a service is not offering real viewership.

Devumi’s customers included an employee of RT, a media organization funded by the Russian government, and an employee of Al Jazeera English, another state-backed company. Other buyers were a filmmaker working for Americans for Prosperity, a conservative political advocacy group, and the head of video at The New York Post. (Al Jazeera and The Post said the workers were not authorized to make such purchases and were no longer employed there.)

Multiple musicians bought views to appear more popular: YouTube views factor into metrics from the ratings company Nielsen and song charts including Billboard’s Hot 100.

Some companies bought views for clients with the promise of social media promotion that would result in real people watching their videos.

Dr. Judith Oppenheimer, 78, paid a company $5,000 to promote a book she had self-published in hopes of securing a mainstream deal. Her video soon had over 58,000 views, delivered through Devumi.

“There was no increase in sales and no book deal,” she said. “Soon after I signed the contract I thought, ‘I’ll have no proof of what they do or don’t do.’ Now it begins to make sense. They can do it in a day.”

Purveyors depend on constantly evolving tactics to deliver views, including automated or “bot” traffic and pop-under videos on unsuspecting users’ computers, but YouTube says it has effective processes to defend against these approaches.

“This has been a problem we have been working on for many, many years,” said Jennifer Flannery O’Connor, YouTube’s director of product management. The company’s systems continuously monitor a video’s activity, and the anti-fraud team often buys views to understand better how these sites operate, she said. “Our anomaly detection systems are really good.”

Still, the challenges are significant. At one point in 2013, YouTube had as much traffic from bots masquerading as people as it did from real human visitors, according to the company. Some employees feared this would cause the fraud detection system to flip, classifying fake traffic as real and vice versa — a prospect engineers called “the Inversion.”

“The problem itself was extraordinary,” said Blake Livingston, a member of YouTube’s fraud and abuse team at the time who has since left the company.

But fixes were made that relieved the fake-traffic surge, which YouTube said resulted from an attack against the website.

Years later, the battle against fake views continues, even as YouTube contends with disinformation campaigns, like Russia’s efforts during the 2016 election, and language it considers hate speech, including posts by the recently banned Infowars site.

YouTube would not disclose the number of fake views it blocked each day, but said its teams worked to keep them to less than 1 percent of the total. Still, with the platform registering billions of views a day, tens of millions of fake views could be making it through daily.

“View count manipulation will be a problem as long as views and the popularity they signal are the currency of YouTube,” Mr. Livingston said.

Carlton E. Bynum II runs a website, GetLikes.click, from a home office in Houston that sells YouTube views as well as Instagram and Twitter followers, Facebook likes and SoundCloud plays.Scott Dalton for The New York Times

“I can deliver an unlimited amount of views to a video,” said Martin Vassilev, owner of 500Views.com, a website based in Ottawa. Renaud Philippe for The New York Times

Real Money, Sham Audience

It took Mr. Vassilev about 18 months to go from being on welfare and living with his father in Canada to buying a white BMW 328i and a house of his own.

By late 2014, his website was on the first page of Google search results for buying YouTube views, fulfilling 150 to 200 orders a day and bringing in more than $30,000 a month, he said. “I really couldn’t believe you could make that much money online,” he said. The Times reporter’s order on his site, for 25,000 views, was fulfilled one day later.

A spokeswoman for Google, which is owned by the same company as YouTube, said that sites selling views appeared in search results because they were relevant, but that there was “room for improvement” in warning users.

Mr. Vassilev declined to name his clients but said that many orders came from public relations or marketing firms.

Today, he fills most orders through SMMKings.com, a wholesale supplier run by Sean Tamir, 29. Mr. Tamir charges him about a dollar for a thousand views, which Mr. Vassilev resells for $13.99, throwing in 100 free likes.

Several times a year, YouTube makes changes to its detection system to try to disrupt fake views, Mr. Tamir said. A recent episode came in late January, but many of the sites were functioning a few weeks later when The Times made most of its purchases. Suppliers say they get around system updates by making their traffic appear more humanlike, ensuring that it comes from users with prior views, for example.

One purveyor, Carlton E. Bynum II, 24, uses advertising to attract customers. He collected more than $191,000 in revenue this year but spent over $109,000 in ads that appeared at the top of Google, according to financial records. His site, GetLikes.click, run from a home office in Houston, sells YouTube views as well as Instagram and Twitter followers, Facebook likes and SoundCloud plays.

A spokeswoman for Google, which is owned by the same company as YouTube, said that that sites selling views appeared in search results because they were relevant, but that there was “room for improvement” in warning users.

Google does not allow ads with terms like “buy YouTube views.” But Mr. Bynum said one workaround was to misspell the words and submit an ad multiple times if it was denied at first. When asked about advertising for paid YouTube views, Google removed some of the ads, including Mr. Bynum’s, but similar ones returned after two weeks.

Before Mr. Bynum sold views, he was buying them for himself. After he was discharged from the Marine Corps last year, he began posting product reviews on YouTube and taking a cut when visitors made purchases using his links. The views he bought would often cause his videos to rank higher than his competitors’ in search, he said. The effect would snowball: His videos would gain traffic through search, and he would make more money. (A YouTube spokeswoman said views were just one factor among many that affected search rankings.)

“It worked great,” he said. “I can get views within a day. I can get likes within hours.”

Mr. Bynum said he believed real people were watching his videos. “But let’s say there’s a small chance I’m wrong and it is bots,” he said. “Their videos are still getting ranked.”

Mr. Vassilev, who also said he used fake views to increase the search ranking of videos promoting his website, makes no pretense that what he is selling is authentic viewership. “It’s impossible,” he said.

“They told me if I got a certain number of hits I would sell a certain amount,” said Elizabeth Clayton, a self-published poet. William Widmer for The New York Times

“The beautiful thing about these social media platforms is when they came out it was genuine,” said Aleem Khalid, a musician. “But now I feel it’s all fake.” Joshua Lott for The New York Times

Promised a Following

The salesman on the phone said it would be simple: Elizabeth Clayton, a retired English and psychology professor, could pay Hancock Press $4,200 to publicize her self-published works of poetry. The company said online promotion, including 40,000 guaranteed YouTube views, would translate into sales, emails show.

Ms. Clayton, 77, was optimistic. She had been publishing for seven years but had not sold much. One royalty check came to $1.47, another to $0.75. She signed up for Hancock to promote two videos, costing her $8,400, records show.

“They told me if I got a certain number of hits I would sell a certain amount,” she said.

Instead of traditional marketing, Hancock paid $270 for 55,000 views from Devumi for each video, the records show. The views eventually reached about 60,000, where they remain. But there was no increase in sales. “They couldn’t tell me anything about the people that were watching the video,” Ms. Clayton said. “I suspected something, but I couldn’t get any information.”

Wayne Hancock, the 92-year-old chief executive of the Arkansas-based company, said he believed real people were watching the videos. That’s how Devumi marketed its views. Mr. Hancock’s daughter, K. C. Shay, who helps run the business, dismissed Ms. Clayton’s documents and the Devumi receipts as fakes.

But Devumi records show that Hancock Press spent about $26,000 over three years, obtaining more than five million views for 75 or so authors. Interviews with six other Hancock clients are consistent with Ms. Clayton’s experience.

Devumi did not respond to repeated requests for comment. The company, whose website says that it has closed, came under investigation in two states in January after The Times reported that it sold fake Twitter followers.

Many Devumi clients came from the music industry, where buying views is common and often seen as necessary. “YouTube is one of the premier sources of music consumption and an important indicator of musical trends and popularity,” said Silvio Pietroluongo, a vice president at Billboard.

As a new artist, Aleem Khalid hired Crowd Surf, a promotion company, in 2014. Without his knowledge, he said, the firm bought 10,000 views each on three of his videos. They now have between 11,000 and 42,000 views. “The beautiful thing about these social media platforms is when they came out it was genuine. But now I feel it’s all fake,” said Mr. Khalid, 25. (Cassie Petrey, a co-founder of Crowd Surf, said she thought Devumi was producing real views, based on statements on its website.)

Others who relied on Devumi said they were similarly surprised at the company’s tactics. Ami Horowitz, the conservative filmmaker, bought 10,000 views for a video he appeared in — “What We Learned at the People’s Climate March” — on the YouTube channel for Americans for Prosperity, the Koch brothers’ political influence group. Mr. Horowitz, who is often a guest on Fox News, also bought views for a video about the protests in Ferguson, Mo.

In a statement, he said he had believed Devumi worked like traditional web advertising. But “it wasn’t what we expected,” he said, adding that he never used Devumi or similar services again. A spokeswoman for Americans for Prosperity called the behavior unethical and said the group would “not knowingly engage” in it.

Spotting the Forgeries

YouTube’s engineers, statisticians and data scientists are constantly improving in their ability to fight what Ms. O’Connor calls a “very hard problem,” but the attacks have “continually gotten stronger and more sophisticated,” she said.

After the Times reporter presented YouTube with the videos for which he had bought views, the company said sellers had exploited two vulnerabilities that had already been fixed. Later that day, the reporter bought more views from six of the same vendors. The view count rose again, though more slowly. A week later, all but two of the vendors had delivered the full amount.

Some exceeded the purchased amount at first, but didn’t bounce back from YouTube’s filters.

Even when it looks closely, YouTube can miss videos with fake views. A 2017 Google public report on disinformation during the 2016 election looked at RT’s YouTube channels, concluding that there was “no evidence of manipulation of our platform or policy violations.” Yet The Times recently found that an RT employee bought fake views for videos in 2016, which YouTube acknowledged it did not detect.

James Brown, a correspondent for RT, had purchased 30,000 views and 300 likes across three videos that focused on problems involving homelessness and immigration in Europe. Mr. Brown said he took Devumi at its word that the views would be real people. An RT spokeswoman said the company was unaware of the purchases and was conducting an internal review.

“It concerns me that while Twitter and Facebook appear to have made some credible progress in this area, YouTube still struggles to identify inauthentic and coordinated activity on its platform,” said Senator Mark Warner of Virginia, the top Democrat on the Intelligence Committee.

View-selling sites continue to advertise with apparent impunity. A post on the YouTube Creator Blog warning users against fake views has numerous comments linking to view-selling sites.

“The only way YouTube could eliminate this is if they removed the view counter altogether,” said Mr. Vassilev, the fake-view seller. “But that would defeat the purpose of YouTube.”

(GC) Two reasons to reconsider your Facebook membership

(GC)

Two reasons to reconsider your Facebook membership

It’s been a bad week for Facebook and its two billion-plus users.

Firstly it was discovered by computer scientists at Northeastern University that Facebook was allowing advertisers to target advertising at individuals by exploiting phone numbers only given by the users for the purposes of two-factor authentication (2FA).

In short, even if you had set your Facebook privacy controls to their most restrictive settings – advertisers could still target you because you had (quite sensibly) enabled two-factor authentication to protect your account from hackers.

Similarly, according to the research, it seems there are pitfalls if users provide their phone number to receive alerts about unrecognised logins on their Facebook account:

Facebook allows users to add email addresses or phone numbers to receive alerts about logins from unrecognized devices. We added a phone number and an email address to an author’s account to receive login alerts, and found that both the email address and phone number became targetable after 17 days.”

It’s one thing to use information that users choose to include in their Facebook profile for targeted advertising. It’s quite another to take advantage of information that was only shared with the site to boost security.

Remember, unrecognised login alerts and 2FA are features that users should be actively encouraged to enable, to better protect their Facebook accounts. When Facebook is revealed to be helping advertisers exploit such private, personal information, it only encourages users not to enable these protections in the first place.

And that’s not all… The researchers confirmed that Facebook was using “shadow contact information”, collected from other Facebook users’ address books, and associating them with your account. Facebook hides the fact that it has connected, for instance, alternative email addresses and phone numbers to your profile but uses it to assist targeted advertising.

As Kashmir Hill of Gizmodo explains:

…if User A, whom we’ll call Anna, shares her contacts with Facebook, including a previously unknown phone number for User B, whom we’ll call Ben, advertisers will be able to target Ben with an ad using that phone number, which I call “shadow contact information,” about a month later.

All of this amounts to what the EFF describes as “deceptive and invasive” practices by Facebook, which ignore “reasonable security and privacy expectations”.

Such behaviour by Facebook inevitably erodes users’ trust in the service.

And then the world found out about the security breach.

On Friday 28th September, Facebook went public with details of a “security issue” that it had discovered earlier in the week.

Approximately 50 million accounts were left exposed to attackers who were able to exploit a vulnerability in the site’s “View As” feature (actually a combination of three bugs). This security hole allowed hackers to steal users’ access tokens:

Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”

The bad news is that these Facebook access tokens could not only be used to access Facebook accounts, but also other third-party apps that use Facebook for login.

According to Facebook, the vulnerability in its code was introduced in July 2017, and on September 16th 2018 it saw a massive spike in traffic on its servers as hackers exploited the flaw and harvested access tokens for other users’ accounts. It took until September 25th for Facebook to determine that there had been a security breach.

Facebook says it has temporarily disabled its “View As” feature until it has completed a “thorough security review”.

You can learn more about both of these issues in this edition of the “Smashing Security” podcast:

Smashing Security #098: ‘A Facebook omnishambles’Listen on Apple Podcasts | Google Podcasts | RSS for you nerds.

What a week. It’s enough to make you reconsider your relationship with Facebook, isn’t it?

I quit Facebook earlier this year. If you’re finding it hard to imagine doing the same, why not listen to this “Smashing Security” podcast we put together describing the process of quitting Facebook:

Smashing Security #75: ‘Quitting Facebook’Listen on Apple Podcasts | Google Podcasts | RSS for you nerds.

If it helps, just consider your Facebook departure as “temporary” while you complete a “thorough security review.” You may find you don’t miss it at all.

(ECO) Portugal vai pagar 11 milhões por ano ao Web Summit até 2028

(ECOO contrato inclui uma cláusula de rescisão de 340 milhões de euros por cada ano em que o evento não se realize na capital.

Portugal vai pagar 11 milhões de euros por ano ao Web Summit para manter o evento em Portugal nos próximos dez anos. O valor do investimento, repartido entre o Fundo de Desenvolvimento Turístico lisboeta e o Ministério da Economia, foi anunciado pelo presidente da Câmara de Lisboa, Fernando Medina, esta manhã no Altice Arena.

Além dos 11 milhões de investimento anual, a autarquia lisboeta planeia também investir no complexo da FIL, primeiro de “forma temporária e depois definitiva”, adiantou Medina, num valor que ainda não foi divulgado. A ideia é que o espaço de exposição da FIL fique com o dobro da capacidade expositora. Terá sido esta alteração que ajudou a organização a decidir por Portugal, em detrimento de cidades como Madrid, Valência e Londres. O objetivo da Câmara de Lisboa é aumentar a infraestrutura que depois será rentabilizada com outros eventos. Medina quer “fazer de Lisboa uma capital da inovação, do empreendedorismo e do talento”.

“Este investimento vai permitir fazer crescer o Web Summit para 100 mil participantes, ou mais”, disse Fernando Medina.

O Web Summit, maior evento de tecnologia e empreendedorismo criado em Dublin e que se mudou para Lisboa em 2015, fica na cidade até 2028 mas, se por qualquer razão decidir sair do país antes dessa data, terá uma contrapartida. O contrato assinado pelo Governo, autarquia e organização inclui ainda uma cláusula de rescisão de 340 milhões de euros por cada anoque não se realize na capital.

“Quando você cresce, nós crescemos consigo”, sublinhou António Costa, na cerimónia de anúncio oficial de que o Web Summit vai ficar em Portugal. O primeiro-ministro revelou que, o ano passado, o Estado conseguiu arrecadar 30 milhões de euros de receita fiscal direta. Mas mais do que uma questão de receitas para o Estado, o Chefe de Governo frisou que se trata de tentar que Portugal seja visto como “um país da inovação e da tecnologia”. “Dá a imagem de que o país é capaz de atrair para Portugal empresa altamente tecnológicas que criam emprego altamente qualificado”, acrescentou.

“Estamos muito felizes por ficar em Lisboa nos próximos 10 anos”, disse Paddy Cosgrave na abertura da conferência de imprensa, ao lado de António Costa e Fernando Medina.

Estamos muito felizes por ficar em Lisboa nos próximos 10 anos.

Paddy Cosgrave

CEO e cofundador do Web Summit

“Este homem [referindo-se a Fernando Medina] ligou-me depois da meia-noite quando as coisas não estavam a avançar. (…) E fez dos melhores discursos depois da meia noite que já ouvi, seguramente depois de jantar num bom restaurante e com um bom vinho. (…) Fui para o meu hotel, depois fui jantar sozinho, cruzei-me com um grupo de engenheiros do Exército, e depois com um grupo de trabalhadores jovens da Farfetch, que me perguntaram para onde ia o evento. Todos estes momentos em que fui abordado me inspiraram”, contou o CEO do Web Summit sobre o processo de negociação com Lisboa para a continuidade do Web Summit.

Admitindo que o acordo de dez anos possa “ser a decisão mais louca” que já tomou já vida, Paddy está confiante de que “será, a médio prazo uma boa decisão”, disse, elogiando as equipas de Theresa May e de outros países que mantiveram conversações com a organização do evento nos últimos meses.

“Acho que em Lisboa vamos construir um bom futuro”, acrescentou. “Foi um enorme esforço, estamos tão contentes e queremos planear o futuro é tornar o Web Summit uma coisa muito melhor do que é hoje”.

(BGR) EU commissioner probing Facebook calls it ‘a channel of dirt’ after deleting her account

(BGR) Vera Jourova, the European Commissioner for Justice, Consumers and Gender Equality, has been outspoken in her defense of why she thinks the EU needs to hold Facebook’s feet to the regulatory fire. The EU, for its part, has warned the social networking giant that it needs to be more clear with consumers in terms of how their data is used, but today Vera went even farther.

She blasted the company’s “misleading terms of service” and said if it doesn’t make things right by the end of the year, she’ll call on consumer protection authorities in EU countries to start levying sanctions. That’s according to a Wall Street Journal report in which Vera is also quoted as lamenting during a press conference, “I am becoming rather impatient. We have been in dialogue with Facebook almost two years … I want to see results.”

In an interesting footnote to this, it turns out she’s so frustrated with Facebook that she’s also shut down her own Facebook account, saying during the press conference that she’d received an “influx of hatred.” “I don’t want to avoid communication with people, even with critical people,” she reportedly said by way of defending her move — saying, in other words, she’s not trying to isolate herself from critics.

It’s just that her experience as a Facebook user has been that the service is, in her own words, “a channel of dirt.”

She explained her position a little more via Twitter:

Věra Jourová

@VeraJourova

I want to be extremely clear to its users about how their service operates and makes money. Not many people know that has made available their data to third parties or that for instance it holds full copyright about any picture or content you put on it.

Věra Jourová

@VeraJourova

I appreciate willingness to work with us and authorities to solve all the issues by December this year.

A Facebook spokesperson told the WSJ, in response to her criticisms, that the company “will continue our close cooperation to understand any further concerns and make appropriate updates.”

“At issue for Ms. Jourova was the clarity of Facebook’s terms of service,” according to the paper. “The company updated them in the spring, but Ms. Jourova said they remain insufficiently explicit about how the company monetizes users’ data. A spokeswoman for the EU’s executive arm said that directing users via hyperlinks to Facebook’s ‘data policy,’ which gives some more detail on ad targeting, isn’t enough for consumers.”

The paper goes on to point out that this issue is “legally separate” from complaints against Facebook from activists under the EU’s privacy law.

(CNBC) Jamie Dimon says cyber warfare is the biggest risk to the financial system

(CNBC)

  • The “biggest vulnerability” for the financial system is the threat of cyberattacks, J.P. Morgan’s Jamie Dimon said on Thursday.

Biggest vulnerability today is cyber, JPMorgan CEO says

Biggest vulnerability today is cyber, JPMorgan CEO says  

Banks may be in sound condition post-Lehman Brothers, but the financial system could crack again if hit with a devastating cyber attack, J.P. Morgan Chief Executive Jamie Dimon warned on Thursday.

“I think the biggest vulnerability is cyber, just for about everybody” he told CNBC’s Indian affiliate CNBC TV-18 on Thursday. “I think we have to focus on it, the United States government has to focus on it.”

“We have to make sure because cyber — terrorist and cyber countries — they could cause real damage. We’re already spending a lot of money and J.P. Morgan is secure but we should really worry about that,” Dimon told CNBC-TV18’s Shereen Bhan in New Delhi.

Dimon put inflation running too hot as his second biggest concern, warning the reactionary raising of interest rates from the U.S. Federal Reserve could be the cause of a “traditional” recession.

Industry experts have placed increasing importance on the threat of cyber warfare as attacks become more sophisticated.

Jamie Dimon, chief executive officer of JPMorgan Chase & Co

Eric Piermont | AFP | Getty Images
Jamie Dimon, chief executive officer of JPMorgan Chase & Co

In the past, western officials have warned of increasing suspicious cyber activity originating from countries of concern including Russia, Iran and North Korea.

Earlier this year, America’s Department of Homeland Security and Federal Bureau of Investigation, alongside the U.K.’s National Cyber Security Center, released a joint technical alert warning of the threat of malicious digital activity being carried out by the Kremlin.

Meanwhile, authorities are worried about the heightened threat of cyberattacks from Iran on the U.S. and Europe, especially as the country becomes increasingly ostracized by the U.S., which has reintroduced sanctions on Tehran.

(CNBC) SpaceX will fly Japanese billionaire Yusaku Maezawa as the first ever private tourist to the moon

(CNBC)

  • Japanese billionaire Yusaku Maezawa put down a significant deposit with SpaceX to become the first ever private tourist to fly around the moon on the company’s Big Falcon Rocket (BFR)
  • Maezawa wants to take six to eight artists from around the world on the nearly week-long trip.
  • The mission is expected to launch in 2023.
Japanese billionaire entrepreneur Yusaku Maezawa speaks at SpaceX's headquarters in Hawthorne, California. 

Michael Sheetz | CNBC
Japanese billionaire entrepreneur Yusaku Maezawa speaks at SpaceX’s headquarters in Hawthorne, California.

Japanese billionaire Yusaku Maezawa signed with SpaceX to fly around the moon on the company’s next generation rocket, CEO Elon Musk announced on Monday.

Maezawa will attempt to be the first to return to the moon in nearly half a century, launching aboard a Big Falcon Rocket (BFR), which SpaceX is developing. BFR is the flagship for Musk’s vision of creating a permanent, self-sustaining human presence on Mars, and testing on the behemoth rocket is expected to begin next year.

The trip is expected to launch in 2023.

“Ever since I was a kid, I have loved the moon. It’s always there and continues to inspire humanity,” said Maezawa, one of the richest people in Japan, who made his fortune as the founder of online retailers Start Today and Zozotown.

SpaceX announced in February 2017 that two passengers would be flying around the moon in the company’s Crew Dragon capsule, launched by its Falcon Heavy rocket. But earlier this year, Musk said SpaceX was considering using BFR instead and on Monday confirmed that Maezawa is “the same person” who was announced before, just with a larger group now onboard.

BFR is a massive, 35-story tall rocket designed to launch and land like SpaceX’s Falcon 9, but also carrying dozens of people on board instead of just satellites. Musk confirmed BFR’s “design has been changed,” after receiving questions about new renders of the rocket posted online.

A rendering shows a SpaceX BFR launch vehicle on a trip around the Moon.

SpaceX
A rendering shows a SpaceX BFR launch vehicle on a trip around the Moon.

He declined to reveal the amount Maezawa paid for the mission, saying he was “not disclosing the amount but he’s paying a very significant amount of money.”

“To be clear. This is dangerous … it’s not a sure thing … there are some chances things could go wrong,” Musk reiterated.

Only two dozen people have ever been to the moon, with the final Apollo mission in 1972 marking the last time a human visited the moon.

“This is a project that I designed and made: #dearMoon,” Maezawa announced.

“I choose to go to the moon with artists,” he added. “In 2023, as the host, I would like to invite 6 to 8 artists from around the world to join me on this mission to the Moon.” He hasn’t decided which artists to bring yet.

Over the last month, he teased this announcement in several tweets, starting when he said there was a “big announcement” coming “about mid September.” Then, the day after SpaceX said it would soon announce a passenger signed to fly to the moon, Maezawa tweeted “there are no limits.”

Yusaku Maezawa 前澤友作

@yousuck2020

There are no limits.

Maezawa tweeted twice again, on each of the two days before Musk’s announcement, with a picture of a wristwatch with the caption “it’s time” and a black photo with only the word “imagine” with the caption “never stop.”

The Japanese entrepreneur was also in Florida at NASA’s Kennedy Space Center to watch the maiden launch of SpaceX’s Falcon Heavy rocket, tweeting a video and congratulations to Musk on “the historic moment.”

Yusaku Maezawa 前澤友作

@yousuck2020

Congratulations on the successful launch of FalconHeavy!!! I had been the scene at the historic moment. Incredible!!!@SpaceX @elonmusk

— CNBC’s Paul McNamara contributed to this report.

(DW) Should ‘killer robots’ be banned?

(DW) In wars of the future, life-or-death decisions may be made by machines — independent of human control. The development of autonomous weapons is moving fast. The UN in Geneva is trying to get countries to agree on a ban.

Noisy mini-drones buzz through a lecture hall, home in on specific students and shoot them in the head. This a scene from a fictional film posted on the video portal YouTube by opponents of autonomous weapons. Each smaller than a saucer, the drones use algorithms to identify their victims. Once they’ve locked on, the target cannot escape. The mini-drones gather their data from social media and are networked in swarms. In the fictitious story, they only kill people who’ve shared a certain critical video.

Just science fiction?

This alarming short, with the title “Slaughterbots,” has had more than 2.5 million views since it was posted in November 2017. So is this just science fiction, alarmist paranoia? Not at all, says Thomas Küchenmeister, a campaigner for a ban on autonomous weapons. “It’s only a small step away,” he says.

Küchenmeister is the managing director of Facing Finance, a German organization that’s part of the international campaign “Stop Killer Robots”. He often visits weapons fairs to look at products and talk to manufacturers. Weapons with a certain degree of autonomy are already part of the standard range, such as rockets that independently seek out possible targets and ultimately make their own decisions about which ones to destroy. They’re still operated by humans in principle, but a soldier no longer gives the actual order to fire. Often, no soldier can stop it, either.

Conflict with international law

Küchenmeister sees this as “highly problematic,” because “such a weapon cannot make a fine distinction between military and civilian vehicles” — yet this is required under international humanitarian law. Distinguishing between combatants and civilians is one of the most important rules of the “jus in bello,” the law governing the conduct of warfare. It obliges the warring parties to afford civilians and civilian buildings the greatest possible protection.

With this in mind, the International Committee of the Red Cross (ICRC) defines autonomous weapons as weapons with autonomy in their critical functions of selecting and attacking targets. Autonomy here means without human intervention — and this is precisely the problem. What if the autonomous target selection on a rocket like this not only destroys enemy missiles but kills civilians as well? “We can’t equip these weapons with a chip for international humanitarian law,” Thomas Küchenmeister warns.

Taranis aircraft, like a delta-wingend plane (picture-alliance/AP Photo/BAE Systems)The unmanned aircraft ‘Taranis’ from British arms company BAE Systems has autonomous functions

AI in the weapons industry

The degree of autonomy in weapons systems is steadily increasing, thanks to rapid progress in the fields of artificial intelligence (AI) and robotics. Machines are now capable of learning; they process experience by means of artificial neural networks similar to the human brain. The arms industry is making use of this. Weapons are becoming faster and more efficient, while the danger for the soldiers using them decreases. This is precisely what armies want. However, the boundaries are fluid. A robot that autonomously seeks, recognizes and defuses mines may generally be accepted, while a robot that autonomously seeks, recognizes and shoots people clearly contravenes international humanitarian law.

Negotiations under time pressure

But how do you apply international law to these new weapons? The international community has been arguing about this at UN headquarters in Geneva since 2014. The discussions are taking place within the framework of the UN Convention on Certain Conventional Weapons, or CCW. Initial informal discussions became official negotiations in 2017, with more than 70 countries participating, as well as scientists and NGOs.

From 27 to 31 August 2018, the topic under discussion is lethal autonomous weapons systems:  LAWS for short. These could be robots that fight each other on the battlefield, for example. The killer drones from the video are also covered by this description. They don’t exist yet — but they will do in the near future.

There’s little time left, yet the negotiations are not making progress. Broadly speaking, the international community is divided into three camps: Opponents and supporters of a binding prohibition on autonomous weapons, and countries such as Germany and France that want to start off by finding a middle way.

Drone from 'Radio-Electronic Technologies Concern' (KRET) (Imago/ITAR-TASS)Drones combined with AI could become dangerous weapons — for terrorists as well

AI rules the world

Countries that are investing a lot of money in the military use of artificial intelligence, such as the United States, Israel, Russia and Britain, are arguing against a ban. The essence of Russian President Vladimir Putin’s message to a group of schoolchildren in September 2017 was that whoever leads the field in artificial intelligence rules the world. Putin worries that the US or China may gain supremacy. For some time now, progress in the field of artificial intelligence has been driving an arms race for the “cleverest” autonomous weapons.

The US government is currently massively increasing its defense budget. During the last round of negotiations in Geneva in April it even presented autonomous weapons in a positive light, saying that they helped prevent the killing of civilians and “collateral damage” in wars. It argued that whereas a soldier is easily overwhelmed by the large amount of information on the battlefield, a computer maintains an overview and makes fewer mistakes. The US delegation explicitly warned against stigmatizing these weapons.

In favor of a ban

So far, 26 countries have called for a mandatory ban on autonomous weapons, and are being enthusiastically applauded by civil society for this. More than 230 organizations and 3,000 individuals have signed a petition against autonomous weapons initiated by the American Future of Life Institute. They include leading researchers and businessmen from the artificial intelligence sector, such as the Tesla boss Elon Musk and Google Deep Mind. The signatories have pledged not to support the development of lethal autonomous weapons systems, and are calling for “strict international norms and laws” to ban them. They say the decision to kill a human being should never be delegated to a machine.

Mock robot with sign 'Campaign to stop killer robots' (Getty Images/AFP/C. Court)The international campaign ‘Stop Killer Robots’ has called for a ban on autonomous weapons since 2013

Germany: Yes, but not right now

In its coalition agreement, the German government has pledged to support a “worldwide proscription” of autonomous weapons. However, it believes that aiming directly for a ban at the talks in Geneva would be a tactical mistake, because opinions differ too widely.

Germany, along with France, is therefore opting for a middle way. The German government suggests a political declaration should be the first step, followed by a military code of conduct, with an agreement on a ban only as the final step. German diplomats believe this multistage approach has a chance of bridging the divides. The hope is that opponents of a ban will sign up to a nonbinding political declaration. Once certain standards have been established, they believe, it will be easier to take the next step towards a mandatory ban under international law.

The activists from the “Stop Killer Robots” campaign don’t share this view. They’re demanding that Germany, as a big and important European country, take on a leadership role and support an immediate ban. Thomas Küchenmeister believes other countries would then join in. “If the German government wants these weapons proscribed, it should show this — and that means taking responsibility.”

Russian combat robot (imago/ITAR-TASS/Y. Smityuk)Austria and Belgium have already come out in favor of a ban

Time is running out

On one thing, though, both diplomats and activists agree: Time is running out. This is also the view of the renowned American computer scientist Stuart Russell, who has been researching artificial intelligence for 35 years. He was the one who had the idea for the film “Slaughterbots.” A scenario like this can still be stopped, Russell warns, “but the window is closing fast.” Armies are already experimenting with swarms of drones, while others, including the German Bundeswehr, are developing weapons to defend against them. If the discussions in Geneva fail to make progress, Küchenmeister prophesies that pressure from civil society will grow. An agreement on banning autonomous weapons could then be made outside of the UN, as happened in the fight against landmines. The international campaign to outlaw landmines was awarded the Nobel Peace Prize in 1997.

(IrishTimes) What next for cryptocurrencies as bubble bursts?

(IrishTimes)

Bitcoin: Its short history has been marked by rapid rallies and sharp drops.

Bitcoin: Its short history has been marked by rapid rallies and sharp drops.

The cryptocurrency bubble has burst.

In January, the total market capitalisation of cryptocurrencies had climbed beyond $800 billion (€700 billion), up from just $18 billion a year earlier according to data provider CoinMarketCap. Now the market has lost three-quarters of its value to stand at $200 billion.

The shrinking market value of the novel digital assets comes alongside rising volatility in mainstream financial markets such as equities, offering traders other opportunities to profit on fluctuating asset prices.

“The hype has gone, the punters and trader types have gone,” said Simon Taylor, a former Barclays VP and co-founder at financial technology consultancy 11:FS.

Bitcoin, the original and most valuable cryptocurrency, has plummeted from $19,000 in December to bump along at a $6,000-$8,000 range since June. Advocates see bitcoin, which unlike fiat currencies is not controlled by a central authority, as a store of value. But its short history has been marked by rapid rallies and sharp drops.

Scott Weiss, an Arizona lawyer, bought his first bitcoin at its highest price in December. “I’m not a professional investor, I’m a lawyer,” he said, reflecting on his losses. “These are the types of mistakes we make. We get caught up in the hype.” He is resolutely holding.

Optimism

Mr Weiss is not alone. Most cryptocurrency advocates still exude optimism. Trading platform eToro, known for bold cryptocurrency adverts on the London Underground, is not scaling back its marketing despite the slump, said Iqbal Gandham, Etoro’s managing director.

Jordan Fried, vice-president of global business development at blockchain start-up Hedera Hashgraph, which raised $100 million from institutional investors, said the speculative rush had provided some legitimate early stage companies with capital to build services to sustain the nascent cryptocurrency industry.

“A lot of it paid for frat boy entrepreneurs to take private jets to Mykonos,” he said. “But it’s helping us to build an infrastructure”.

But many of the features of the boom days are struggling. Attempts to open exchange traded funds for bitcoin, which cryptocurrency proponents hope would be a key step towards wider adoption, have so far been met with a cold shoulder by US regulators. The Winklevoss twins, early Facebook investors who run cryptocurrency exchange Gemini, were among those rebuffed.

In the City of London, the online retail trading industry, whose profits had fallen in becalmed stock markets last year, seized on volatility of better-known digital assets like bitcoin and ether, its closest rival. Offering crypto-based derivatives and charging punters hefty fees to trade them, many profited handsomely. Plus500 reported a 418 per cent year-on-year rise in earnings in the first quarter of 2018, citing “high levels of interest” in its cryptocurrency products.

Both Plus500 and FTSE 250 trading company IG acknowledge cryptocurrency trading interest has now waned. “Bust is the word,” said Peter Hetherington, IG’s chief executive.

With prices tumbling, bitcoin investors have retreated to holding, suggests research by Unchained Capital, a start-up which lends cash against cryptocurrency.

Slide

Bitcoin’s slide coincided with the introduction of bitcoin futures contracts by the CME Group and Cboe Global Markets, which provided crypto investors with a hedging opportunity for the first time while also allowing traders to bet the price of bitcoin would fall.

The demise of once ferociously traded new digital coins from 2017, with names like DentaCoin and SpankChain, also sucked money from the overheated market.

Entrepreneurs had created hundreds of tokens in so-called ‘ initial coin offerings’ (ICOs), barely regulated fundraising vehicles that unlocked pools of money mostly held by retail investors – an attractive proposition for both early stage entrepreneurs and get rich quick schemers. “Who doesn’t want to print free money?” remarked Michel Rauchs, blockchain and cryptocurrency lead at Cambridge university’s Centre for Alternative Finance.

Telegram, the messaging app, raised a record $1.6 billion in cash from investors to fund development of its own cryptocurrency.

While tokens offer no investor protection, many punters enjoyed rapid appreciation of their crypto holdings as others piled in. Groups of traders co-ordinated to pump the price of thinly traded coins and profited by selling them at artificially high prices. By early January, the height of cryptocurrency fever, at least 39 digital currencies had market capitalisations of $1 billion or more.

“Now we’ve realised that a lot of these tokens don’t power any useful application, and if they do there’s only a handful of users,” said Mr Rauchs. As speculative mania has dimmed, just 15 coins currently have a $1 billion-plus market cap, according to CoinMarketCap. DeadCoins.com lists abandoned tokens

“The days of investing in an ICO and getting 75x on it in six months are gone,” said Ari Lewis, who opened cryptocurrency hedge fund Grasshopper Capital in August 2017.

One investor with personal cryptocurrency holdings worth tens of millions of dollars said that while he was continuing to buy and hold bitcoin, he had jettisoned coins which were popular trades last year, including XRP, the third largest.

Securities regulators, fearing unacceptable consumer losses, have clamped down on ICOs.

(BBG) Apple to Embrace iPhone X Design With New Colors, Bigger Screens

(BBG) Apple Inc. is not only doubling down on the iPhone X, it’s tripling down.

The world’s most valuable company plans to launch three new phones soon that keep the edge-to-edge screen design of last year’s flagship, according to people familiar with the matter. The devices will boast a wider range of prices, features and sizes to increase their appeal, said the people, who asked not to be identified discussing unannounced products.

However, none of the three iPhones will be wholly new designs like the iPhone X was last year or the iPhone 6 in 2014, with some inside Apple labeling the launch as an “S year,” a designation the company has given to new handsets that retain the previous design but add new internal features. The company is planning more significant changes for next year, they added.

The iPhone X wasn’t as big a hit as some Wall Street analysts hoped for before it was released last November. However, it still sold strongly and helped Apple gain share in a smartphone market that has almost stopped growing.

The upcoming phones, planned to be unveiled in September, show the company is adjusting its strategy. Rather than luring millions of new iPhone users, Apple’s goal these days is to steadily raise average prices, while expanding the total number of active devices to support sales of accessories and digital services like streaming music and video.

“The iPhone is entering a period of 0-to-5 percent annual growth, and the things they’re doing this fall will keep them on that path,” said Gene Munster, a veteran Apple analyst and managing partner of Loup Ventures. The “real sizzle” for investors remains the iPhone because it’s the hub for almost all Apple’s other offerings like the Apple Watch, AirPods, and Apple Music, Munster added. Apple spokeswoman Trudy Muller declined to comment.

Apple shares gained 0.8 percent to a record $217.94 in New York, pushing its market value to $1.05 trillion.

In early 2016, the company reported a new milestone: 1 billion active devices. By early this year, that number had grown to 1.3 billion. The three new iPhones due next month have a good chance to add to this important foundation of the company’s future.

There’ll be a new high-end iPhone, internally dubbed D33, with a display that measures about 6.5-inch diagonally, according to the people familiar with the matter. That would make it the largest iPhone by far and one of the biggest mainstream phones on the market. It will continue to have a glass back with stainless steel edges and dual cameras on the back. The big difference on the software side will be the ability to view content side-by-side in apps like Mail and Calendar. It will be Apple’s second phone with a crisper organic light-emitting diode, or OLED, screen.

“Having a bigger screen is always a plus for demand,” Munster said, while noting the device should help Apple boost iPhone selling prices, which has supported revenue growth in recent quarters. The average price of iPhones sold in Apple’s most-recent quarter was $724, up 19 percent from a year earlier.

Apple also plans an upgrade to the current iPhone X with a 5.8-inch OLED screen, which is internally dubbed D32, the people said. The main changes to the new OLED iPhones will be to processing speed and the camera, according to the people familiar with the devices.

Perhaps the most significant phone will be a new, cheaper device destined to replace the iPhone 8. Codenamed N84, it will look like the iPhone X, but include a larger near 6.1-inch screen, come in multiple colors, and sport aluminum edges instead of the iPhone X’s stainless steel casing. It will also have a cheaper LCD screen instead of an OLED panel to keep costs down.

The cheaper version’s aluminum edges won’t necessarily be the same color as the colored glass back, simplifying production, one person familiar with the matter said.

Hon Hai Precision Industry Co. will assemble the two high-end OLED iPhones, while the LCD phone will be split primarily between Hon Hai and Pegatron Corp., the people said. Hon Hai began assembling the OLED devices in late July and only started on the LCD phones this month, partly due to minor challenges with the LCD panels, one person said. Taiwan Semiconductor Manufacturing Co. will remain sole supplier of the main processor for the new iPhones, while primary iPhone camera lens supplier Largan Precision Co. is expected to see sales rise with the launch of new Apple phones.

Largan climbed as much as 2.9 percent, while TSMC rose as much as 2 percent. Hon Hai and Pegatron shares also increased.

All three will have the gesture-based control system Apple introduced last year to replace the iPhone home button. They will also feature Face ID, Apple’s system for unlocking the phones by glancing at them. Bloomberg reported several details of the new phones earlier this year.

The lower-end device will be Apple’s second attempt at differentiating its phones partly by color. In 2013, Apple launched the iPhone 5c, which was essentially an iPhone 5 in plastic casing. The strategy flopped with iPhone users preferring Apple’s metal phones. This year’s lower-cost iPhone will use aluminum edges, retaining a premium feel.

“Colors always give Apple a little near-term bump, but it doesn’t change the iPhone’s trajectory,” Munster said.

Apple is planning dual-SIM card slots for the two larger phones in at least some regions, people with knowledge of the plans said. That feature would let travelers easily switch between a local carrier plan and a new country or coverage area.

The new iPhones come at an important time for the company. Apple is facing growing rivalry outside of the U.S., especially in developing markets where many people prefer less expensive phones with larger screens. The new low-end iPhone with the larger screen will give Apple a way to compete there.

The launch comes on the heels of Samsung Electronics Co. introducing its larger Note 9 smartphone. Alphabet Inc.’s Google also plans to debut new Pixel phones on Oct. 9 at a media event in New York City, other people familiar with the plans said. A Google spokeswoman declined to comment.

The new iPhone lineup has presented Apple with a naming conundrum, according to a person familiar with the deliberations. The company will be selling three phones that look similar and all have Face ID. But the cheapest model will be larger than the mid-range version, potentially confusing consumers.

While planning the new devices, Apple has altered the names multiple times. It has at least considered branding the new premium phones the “iPhone Xs,” indicating that they’re an upgrade to last year’s iPhone X, the person said. The company has also weighed eschewing the “Plus” label for the larger model, which it has used since the iPhone 6 Plus launched with a larger screen in 2014. The final names could be different, the person noted.

Beyond the iPhones, Apple has been working on updated AirPods, an AirPower wireless charger, a new Apple Watch, and revamped iPad Protablets for this year.

The Watches will look similar to current models, but will include larger screens that go nearly edge-to-edge. Their overall size will remain similar, making them compatible with existing straps, people familiar with the product said.

The new iPad Pros will come in sizes around 11-inches and 12.9-inches and include slimmer bezels. They’ll remove the home button and fingerprint sensing in lieu of an iPhone X-like gesture interface and Face ID for unlocking the tablet, people familiar with the plans said. The iPad mini, which was last upgraded in 2015, and the 9.7-inch iPad, last refreshed in March, won’t be upgraded, a person familiar with the company’s plans said.

(BBG) Google Tracks Location Data Even When Users Turn Service Off, AP Report Finds

(BBG) Google’s smartphone services store users’ locations even when privacy settings are adjusted to shut these features off, according to a report by the Associated Press.

While the company asks permission for users to share location information on its applications, it doesn’t halt tracking services when users pause Location History, according to the AP. Google Maps, for instance, grabs information when a user so much as opens the app, and automatic daily weather updates on Android phones give an approximation of user location. Computer-science researchers at Princeton University confirmed the Associated Press’s findings.

Google’s official message is to promote user autonomy when it comes to deciding what information to share: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored,” according to the company’s privacy page. But the AP said that isn’t true. Even pausing the Location History, some Google apps automatically store time-stamped location data without permission, the AP found.

“Location History is a Google product that is entirely opt in, and users have the controls to edit, delete, or turn it off at any time,” the company said in a statement to Bloomberg. “As the story notes, we make sure Location History users know that when they disable the product, we continue to use location to improve the Google experience when they do things like perform a Google search or use Google for driving directions.”

The search-engine giant, owned by Alphabet Inc., derives significant revenue through advertising, which is bolstered by user-generated data providing information useful to advertisers such as metrics on foot traffic. Google recently reported its advertising business increased 24 percent in the second quarter, pushing Alphabet’s total revenue minus partner payouts to $26.24 billion. Google Chief Executive Officer Sundar Pichai said recently that the company is exploring new ways to place promoted content and advertisements into its Map services.

Shares of Alphabet were little-changed at $1,253.88 at 2:14 p.m. in New York.

(ZH) Soldiers And Secret Agents’ Names And Home Addresses Exposed By Fitness Tracker

(ZH) It appears that government and intelligence agencies throughout the world did little or nothing to change their policies for personal fitness app and tracker usage as for the second time this year a massive data breach has exposed sensitive locations and the daily routines of government personnel, all accessible to the public. 

And like with Strava’s interactive online fitness tracking map that made headlines last January, which we detailed revealed clandestine sites in places like Syria, Iraq, and Africa, including for example a CIA “black site” in Djibouti, the new breach allows easy access to view the daily habits of millions of users going back years.

Yet now in some instances even the names and addresses of intelligence and military personnel are able to be known. 


Image via ZDNet/Boston Mail

This time it’s the fitness app Polar Flow, created by a Finnish-based company with offices in New York, at the center of controversy after an investigation by Dutch news site De Correspondent confirmed that the app “lets anyone find names and addresses for thousands of soldiers and secret agents.”

This can even include profile pictures and often actual names of users shared via the publicly available “Explore” feature; but as researchers also found this data can potentially be accessed through a design flaw in the privacy setting.

De Correspondent actually demonstrates just what can be known by examining one particular Polar fitness tracker near Erbil’s international airport in Iraq. The results, found through quick open source searches, are startling:

The man – let’s call him Tom – is a Dutch soldier, part of the Netherlands’ Capacity Building Mission in Iraq. The CBM is encamped near the Erbil airport. Since 2015, this base has been one of the key locations from which the war against the terrorist group Islamic State is being waged. 

We are absolutely not supposed to know who Tom is and where he’s stationed. And we most definitely shouldn’t know where Tom lives.

Yet the activity tracking map in Polar’s fitness app lets us see that many of Tom’s runs start and end near a cluster of homes in a small town in the northern Netherlands. A little Googling gives us his exact address. We also find the names of his wife and children, and photos.

Though as the Dutch journalists note, exposing identities of intelligence agents is illegal in the US and many European countries, “we still found the names and addresses of personnel at intelligence agencies including the NSA and Secret Service in the US, the GCHQ and MI6 in the UK, the GRU and the SVR RF in Russia, the DGSE in France, and the MIVD in the Netherlands.”

Dutch news site De Correspondent, working with the open source analysis site Bellingcat, produced infographic maps based on the Polar app, demonstrating how easy it is to locate home addresses of users via the Polar “Explore” feature:

“We found the names and addresses of personnel at military bases including Guantánamo Bay in Cuba, Erbil in Iraq, Gao in Mali, and bases in Afghanistan, Saudi Arabia, Qatar, Chad, and South Korea.” De Correspondent says this also included “the names and addresses of personnel at nuclear storage facilities, maximum security prisons, military airports where nuclear weapons are stored, and drone bases.”

Other journalists have since found names and addresses for what are believed to be intelligence and military personnel at sensitive government locations throughout the US as well, and noted that “Although the existence of many government installations are widely known, the identities of their employees were not.”

In the case of the Polaris app, as the tech site ZD Net explains, this can be done even if the user’s settings are set to “private”:

With two pairs of coordinates dropped over any sensitive government location or facility, it was possible to find the names of personnel who track their fitness activities dating as far back as 2014.

The reporters identified more than 6,400 users believed to be exercising at sensitive locations, including the NSA, the White House, MI6 in London, and the Guantanamo Bay detention center in Cuba, as well as personnel working on foreign military bases.

…they also found they could trick the API into retrieving fitness tracking data on private profiles.

Who knows how many times either foreign intelligence services or terrorist groups have already used this and possibly other apps to pinpoint the exact locations US government agents operating abroad? After all the journalists testing the online system explain how easy it was to cull the data: “Because there were no limits on how many requests the reporters could make, coupled with easily enumerable user ID numbers, it was possible for anyone — including malicious actors or foreign intelligence services — to scrape the fitness activity data on millions of users.”

But a few of the examples, names withheld by the journalists, are as follows:

  • ZDNet was able to trace one person who exercised nearby to NSA headquarters in Ft. Meade. The user later started his exercise tracking as he left his house in nearby Virginia. Through public records, we confirmed his name, and his role as a senior military official.
  • Another person, also believed to be an NSA staffer based at Ft. Meade, was found exercising close to the Guantanamo Bay detention facility.
  • The Dutch reporters also found the fitness tracking data of several foreign military and intelligence officers near sensitive installations in the US.
  • De Correspondent explained in an additional report how easy it was to follow around one Polar user, believed to be an officer at the Dutch state intelligence service, across the world, and even locate his home address.

Polar has since taken its tracking map offline and put out a statement: “While the decision to opt-in and share training sessions and GPS location data is the choice and responsibility of the customer, we are aware that potentially sensitive locations are appearing in public data, and have made the decision to temporarily suspend the Explore API”  the company posted on its website.

The Office of the Director of National Intelligence (ODNI), which oversees America’s 17 intelligence agencies, issued the following predictable and somewhat vague statement to ZD Net while saying it was “aware of the potential impacts” of personal fitness devices: “The use of personal fitness and similar devices by individuals engaged in US Government support is determined and directed by each agency and department.”

Based on this official response from the ODNI which is essentially an admission that we’ll just keep doing what we’re doingwe fully expect more massive classified data and identity breaches to follow.

No doubt action will finally and belatedly be taken if and when the first “Fitbit tracker-based kidnapping” of a government employee takes place.

* * *

Below are some of the open source satellite tracking images that the multi-part De Correspondent investigationproduced based on Polar fitness tracking app data:

NSA headquarters at Fort Meade, MD. De Correspondent/ZD Net

British Secret Intelligence Service (MI6)

Tracking a single user who entered Britain’s GCHQ headquarters. Via De Correspondent

General Directorate for External Security (DGSE, France’s foreign intelligence agency) headquarters, Paris. 

Guantanamo Bay detention camp. 

Routes run by Polar users at a military base in Gao, Mali.

Bagram Airfield, Afghanistan

Bellingcat: “Exercises tracked at a military base in the Middle East. Red squares with white dots are clusters of many more sessions which started at that location.” (airbase in Afghanistan)

(Reuters) Altice, Huawei tie-up aims to make Portugal a European leader in 5G

(Reuters) The Portuguese unit of telecoms firm Altice, the country’s largest operator, is working with Chinese electronics giant Huawei to make Portugal a leader within Europe in the development and roll-out of next-generation 5G networks.

“I believe that the Portuguese market will be one of the first globally to be able to use this (5G) technology,” said Alexandre Fonseca, CEO of Altice Portugal, after the first demonstration of the technology on Wednesday using a prototype Huawei router with a top speed of 1.5 gygabytes per second.

Fonseca expects the first commercial devices to crop up in Portugal in 2019 or 2020, although regular users are unlikely to have access to the technology before 2021 or 2022, “because various questions need answers, such as investment versus profitability of the business”.

An advertising board is seen during the first demonstration of the technology 5G in Lisbon, Portugal June 4, 2018. REUTERS/Rafael Marchante

At a global level, the first commercial 5G projects are expected to launch in the United States this year, followed by Japan and South Korea in 2019 and China in 2020.

Providers across Europe are also working to roll out services. Vodafone, whose Portuguese unit competes with Altice Portugal, said last month it will begin testing 5G mobile networks in seven of Britain’s 10 largest cities later in 2018, before starting limited deployments in some markets next year.

In Italy, communications regulator AGCOM said the government would auction frequencies for 5G mobile services in September.

Portugal is no stranger to world-class technological innovation. The world’s first prepaid mobile phones were launched here, as were single, country-wide electronic motorway tolls. It has a dense fiber network, which makes it a fertile ground for the development of the new telecoms standard.

Wednesday’s demonstration followed two years of research and testing, which Fonseca says puts the partners ahead of their competition in Portugal.

When implemented on a larger scale, with a denser network of smaller antennae than the current 4G standard, the 5G technology will allow data transfer speeds 50 to 100 times faster than now.

Dutch-based Altice bought the assets of former telecoms monopoly Portugal Telecom in 2015. Altice’s fiber networks, which will help deliver the 5G service, cover 4.3 million homes in Portugal out of the total of 5.3 million, and Altice expects to cover the remainder by early 2020.

“This is extraordinary and does not happen in other European countries, such as Germany,” said Chris Lu, head of Huawei in Portugal. He projects that his company will develop a 5G smartphone prototype by next year or in 2020.

Industry analysts expect 5G upgrades to kick in next decade for faster phones, fixed wireless video and new industrial business uses. So far, there has been no clear game-changing device or service to emerge to drive 5G network demand.

(Pymnts) Switzerland May Ease Crypto Banking Obstacles

(Pymnts

Swiss Crypto

Citing anti-money laundering rules and other regulations, traditional banks in Switzerland have often refused to operate accounts for crypto companies. But Heinz Tännler, finance director of Zug canton, said he believes regulators and politicians may remove some obstacles for crypto firms and allow them to work with banks in the same way as companies in other industries, the Financial Times reported.

“We hope to clarify relationships by the end of the year at the latest,” Tännler told the FT. “Time is pressing — other jurisdictions such as Malta and Singapore are very active and making a lot of effort to attract these companies. The lack of access to bank services is a significant competitive disadvantage.”

Yet the country’s central bank, federal government and financial supervisor “are willing to help,” according to Tännler. And while some institutions had to be pushed to resolve to the problem, “that now seems to be going well,” Tännler told the paper.

The news comes after Schweizerische Nationalbank Board Director Thomas Moser said that he doesn’t think it’s the right time to talk about issuing a national cryptocurrency for the country. During the “Future of Token Economy” panel at the Crypto Valley Conference in Zug, Switzerland, earlier this year, Moser said blockchain is similar to the “useless innovation” of compact discs, according to Cryptovest.

Switzerland isn’t the only country putting plans for a national crypto on hold. Earlier this month, it was reported that Estonia has shelved plans to develop its own national cryptocurrency after the idea prompted criticism by banking authorities and Mario Draghi, the Italian economist and president of the European Central Bank.

Estonia, which is among the most tech-friendly countries in Eastern Europe, had been a leader in potentially issuing a national cryptocurrency, but the plan was criticized by Draghi earlier in the year when he said the euro can be the only currency in the country.

(ZH) Facebook Wants To Spy On You Via Hidden Inaudible TV Ad Messages

(ZH)

Authored by Mac Slavo via SHTFplan.com,

Social media giant Facebook continues to ramp up the creepy factor. According to a recently filed patent, Facebook wants to spy on you by hiding inaudible messages in TV ads.

Facebook has filed a patent for a system that hides audio clips in TV commercials. These sounds would be so high-pitched that they are inaudible to human beings. They would then trigger your phone to record all the background noises in your home. The patent application is called “broadcast content view analysis based on ambient audio recording.”

According to The Daily Mail, these secret messages would force your phone to record the audio of the private conversations you have without you even knowing. According to a patent application by the social media platform, clips taken of your background conversations and your movements across a room would help advertisers determine whether or not you are watching their promotions.

According to the patent, originally discovered by Metrothe system would use “a non-human hearable digital sound” to activate your phone’s microphone. This noise, which could be a sound so high-pitched that humans cannot hear it, would contain a “machine recognizable” set of Morse code-style beeps. Once your phone “hears” or recognizes the trigger, it would begin to record the “ambient noise” in the home, such as the sound of your air conditioning unit, plumbing noises from your pipes, and even your movements from one room to another. Your phone would even listen in on “distant human speech” and “creaks from thermal contraction”, according to the patent.

Facebook is currently working on the controversial software too, said a patent application published on June 14 this year. If you’re like the rest of us, you might think this sounds like an Orwellian nightmare technology which will let Big Zucker intrude upon the lives of millions of unsuspecting people in unprecedentedly terrifying ways.

The tech is going to be used to monitor what people watch on their “broadcasting device” so that the adverts they are shown on Facebook are likely to appeal to them. This would also allow companies to get an accurate sense of the size of the audience which has viewed their promotion. That’s what Facebook says in its patent, however, there is absolutely no mention of spying on our private lives, invading our privacy, recording our intimate conversations, and forcing advertising into the heart of our homes whatsoever.

(ZH) Commerzbank Replacing Human Research Analysts With Artificial Intelligence

(ZH) Commerzbank is hoping that computers will soon be able to do at least as good a job writing its equity research reports as the armies of junior analysts that the big banks are no doubt looking to trim thanks to expensive MifidII regulations and restrictions that have cut funding costs for research departments.

Even as its captured the attention of bank executives, automated and computerized equity analysis has, for the most part, been a disaster over the last couple of years. While some larger firms may use algorithms and some automation to crank out macro economic reports, and while computers may be getting better at scraping and reporting data (without actually analyzing it), performing equity analysis requires a deeper look behind the numbers and its simply not a task optimized for automation.

However, we are apparently at that stage in the cycle where cutting costs becomes far more important then being productive or effective, particularly since MiFid II is forcing a race to bottom as investment banks seek out deep cuts in their research departments, driven by a drop in revenue that has accompanied being forced to charge a separate, optional, rate for research instead of bundling those costs with trading fees.

One of these competitors, Germany’s second largest bank has decided that the time has come to automate some of its equity analysis, and according to the Financial Times “Commerzbank is experimenting with artificial intelligence technology that automatically generates sports reports to see if it can write basic analyst notes, as Mifid II forces banks across the world to trim research costs.”

The German bank is working on the project with Retresco, a content automation company in which it invested two years ago through its fintech incubator unit. The project is still at an early stage and could take years to produce reports that banks would be happy to send to their clients, but the notion of AI replacing human research analysts is already attracting attention from senior bankers.

“There’s definitely work that can be done, parts of the [research] process that can be enhanced by algos and AI tools,” the head of one investment bank told the Financial Times, describing earnings reports as something that “should be robo-written.”

Research into AI and automation solutions that can lessen the burden of data-intensive research will likely soon be a theme across the big banks, as they scramble to reduce one of their biggest cost-centers in a time of declining revenues.

The Europe head of another investment bank said research was an area that was rife for automation over time, while analysts at several other banks said their managers were experimenting with AI and automation applications. 

Banks are under fierce pressure to cut the costs of producing research on stocks and bonds following the implementation in January of European investor protections known as Mifid II. The measures force investors to pay for research explicitly instead of bundling its costs into trading commissions. Some firms say their implied research revenue has fallen by as much as 30 per cent as a result.

Possibly ignoring the fact that almost everybody (in the U.S.) reports in Non-GAAP numbers now and that any and all addbacks to earnings generally need to be looked at and analyzed on their own, a Commerzbank executive is confident that the venture would ultimately be successful.

Michael Spitz, head of Commerzbank’s R&D unit, Mainincubator, said the area showed promise because “equity research reports reviewing quarterly earnings are structured in similar ways” and the source documents are often prepared under common reporting standards. “That makes it easier for a machine learning program to extract and contextualise relevant data, which can be then framed in a report using natural language processing tools.” Retresco’s original business uses similar technology to write soccer reports in Germany, in other words if it works for sports it should work for the market.

Mr Spitz said the technology was already advanced enough to provide around 75 per cent of what a human equity analyst would when writing an immediate report on quarterly earnings. “If it is related to much more abstract cases, we feel that we are not there yet — that we can or maybe will ever replace the quality of a researcher,” he added. Bankers say regulatory demands for oversight on research publication could also protect humans in research jobs.

Recall, it was less than a year ago that we wrote about the first AI-controlled ETF. At the time, its creators said it “has the ability to mimic an army of equity research analysts working around the clock, 365 days a year, while removing human error and bias from the process.

Last year, EquBot LLC, in partnership with ETF Managers Group (ETFMG) launched the world’s first ETF powered by artificial intelligence, the AI Powered Equity ETF (NYSE Arca: AIEQ). According to Business Wire, the new ETF uses “cognitive and big data processing abilities of IBM Watson™ to analyze U.S.-listed investment opportunities.”

Business Wire explained how EquBot makes investment decisions “EquBot’s approach ranks investment opportunities based on their probability of benefiting from current economic conditions, trends, and world- and company-specific events, and identifies those equities with the greatest potential for appreciation. EquBot and ETFMG expect the fund’s portfolio to typically consist of 30 to 70 of U.S. equities only and volatility comparable to the broader U.S. equity market…the fund’s underlying technology is constantly analyzing information for approximately 6,000 U.S.-listed equities, including company management and market sentiment, and processes more than one million regulatory filings, quarterly results releases, news articles, and social media posts every day.”

The moving of all financial services – including equity analysis – into AI, feels like it could become a major error not only as real human analysts will possibly be needed to reverse work that computers will likely do poorly, at least at first. 

A bigger problem is that this “revolution” will come just as the paradigm that has defined markets for the past decade: central bank largesse pushing risk assets higher, fades, and neither AI nor unmanned algos will be able to trade in the “newer normal.” Ironically this is precisely the time when humans will be most needed.

But that bridge has yet to be crossed, and until then the main prerogative is to keep costs low.

With that said, it seems unlikely that any bank has the artificial intelligence or automation on the level necessary to effectively dissect the story and the narrative that are behind the numbers yet. Consider every time trading algorithms have misinterpreted a headline, only to be kneejerked back and forth until human traders intervene to “discover” the price.

For banks looking for a quick revenue saver, this option will almost certainly prove to be more trouble than it’s worth.