Daily Archives: September 21, 2022

Study Shows That Copyright Filters Harm Creators Rather Than Help Them

Posted on by

The EU Copyright Directive contains one of the worst ideas in modern copyright: what amounts to a requirement to filter uploads on major sites.  Despite repeated explanations of why this would cause huge harm to both creators and members of the public, EU politicians were taken in by the soothing words of the legislation’s proponents, who even went so far as to deny that upload filters would be required at all.

The malign effects of the EU Copyright Directive have not yet been felt, as national legislatures struggle to implement a law with deep internal contradictions.  However, upload filters are already used on an ad hoc basis, for example YouTube’s Content ID.  There is thus already mounting evidence of the problems with the approach.   A new report, from the Colombian Fundación Karisma, adds to the concerns by providing additional examples of how creators have already suffered from upload filters:

This research found multiple cases of unjustified notifications of supposed violation of copyright directed at content that is either part of the public domain, original content, or instances of judicial overreach of copyright law. The digital producers that are the target of these unjust notifications affirm that the appeal process and counter-notification procedures don’t help them protect their rights. The appeals interface of the different platforms that were taken into account did not help resolve the cases, which leaves digital creators defenseless with no alternative other than what they can obtain from their contacts. This system damages the capacity of these producers to grow, maintain and monetize an audience at the same time that it affects the liberty of expression of independent producers as it creates a strong disincentive for them. On the contrary, this system incentivizes the bigger production companies to claim copyright on content to which they hold no rights.

As that summary notes, it’s not just that material was blocked without justification. Compounding the problem are appeal processes that are biased against creators, and a system that is rigged in favor of Big Content to the point where companies can falsely claim copyright on the work of others. The Fundación Karisma report is particularly valuable because it describes what has been happening in Colombia, rounding out other work that typically looks at the situation in the US and EU.

Source: Study Shows That Copyright Filters Harm Creators Rather Than Help Them | Techdirt

Hilton will design suites and sleeping quarters for Voyager’s private Starlab space station

Posted on by

Voyager and Lockheed Martin have found a partner to design astronaut facilities for their space station. Hilton will develop suites and sleeping quarters for Starlab, CNBC reports. Under the partnership, Hilton and Voyager will also look at marketing opportunities related to Starlab and trips to what may be one of the first space hotels.

NASA has granted contracts to four private companies who are building private space stations ahead of the agency’s planned decommissioning of the International Space Station at the end of the decade. Axiom Space, Blue Origin and Northrop Grumman are also working on space stations. Voyager’s operating company Nanoracks received the largest contract, which was valued at $160 million.

Voyager and Lockheed Martin hope to have the first Starlab up and running by 2027.

Source: Hilton will design suites and sleeping quarters for Voyager’s private Starlab space station | Engadget

YouTube dislike button doesn’t work – which is why you can’t train it

Posted on by

People feel like they don’t have control over their YouTube recommendations…

Our 2021 investigation into YouTube’s recommender system uncovered a range of problems on the platform: an opaque algorithm, inconsistent oversight, and geographic inequalities. We also learned that people feel they don’t have control over their YouTube experience — particularly the videos that are recommended to them.

YouTube says that people can manage their video recommendations through the feedback tools the platform offers. But do YouTube’s user controls actually work?

and our study shows that they really don’t.

[…]

In the qualitative portion of our study, we learned that people do not feel in control of their experience on YouTube, nor do they have clear information about how to curate their recommendations. Many people take a trial-and-error approach to controlling their recommendations using YouTube’s hodgepodge of options, like “Dislike,” “Not Interested,” and other buttons. It doesn’t seem to work.

[…]

we ran a randomized controlled experiment across our community of RegretsReporter participants that could directly test the effectiveness of YouTube’s user controls. We found that YouTube’s user controls somewhat influence what is recommended, but this effect is meager and most unwanted videos still slip through.

[…]

Even the most effective feedback methods prevent less than half of bad recommendations.

[…]

Our main recommendation is that YouTube should enable people to shape what they see.

YouTube’s user controls should be easy to understand and access. People should be provided with clear information about the steps they can take to influence their recommendations, and should be empowered to use those tools.

YouTube should design its feedback tools in a way that puts people in the driver’s seat. Feedback tools should enable people to proactively shape their experience, with user feedback given more weight in determining what videos are recommended.

YouTube should enhance its data access tools. YouTube should provide researchers with access to better tools that allow them to assess the signals that impact YouTube’s algorithm.

Policymakers should protect public interest researchers. Policymakers should pass and/or clarify laws that provide legal protections for public interest research.

[…]

Source: Mozilla Foundation – YouTube User Control Study

Google now lets you request the removal of search results that contain personal data

Posted on by

Google is releasing a tool that makes it easier to remove search results containing your address, phone number and other personally identifiable information, 9to5Google has reported. It first revealed the “results about you” feature at I/O 2022 in May, describing it as a way to “help you easily control whether your personally-identifiable information can be found in Search results.”

If you see a result with your phone number, home address or email, you can click on the three-dot menu at the top right. That opens the usual “About this result” panel, but it now contains a new “Remove result” option at the bottom of the screen. A dialog states that if the result contains one of those three things, “we can review your request more quickly.”

[…]

“It’s important to note that when we receive removal requests, we will evaluate all content on the web page to ensure that we’re not limiting the availability of other information that is broadly useful, for instance in news articles. And of course, removing contact information from Google Search doesn’t remove it from the web, which is why you may wish to contact the hosting site directly, if you’re comfortable doing so.”

[…]

Source: Google now lets you request the removal of search results that contain personal data | Engadget

GME retail investors Are Angry Over Netflix’s GameStop Documentary Trailer

Posted on by

[…]

Stonk bros are mad at the doc for a few different reasons, but the two big things that keep coming up are the supposed lack of input from investors on r/SuperStonk and r/WallStreetBets and because of the final line of the trailer, spoken by journalist Taylor Lorenz. The trailer ends with her seemingly poking fun at the Redditors who set out to fight the GameStop short sellers, saying, “Yolo, let’s destroy the economy.” That line seems to have really angered a particular group of Reddit investors.

“I’m ready to cancel Netflix anyways…yolo lady gave me a reason. Slater Netflix,” said one user on r/SuperStonk. “Cancel Netflix and use that money to buy GME [stock]?” replied another. Of course, very few have shared images or other evidence proving that they have canceled their subscriptions, or that they even had one to begin with. And other users on r/SuperStonk expressed disbelief at the idea of people canceling a sub over a documentary that hadn’t even been released yet.

Still, over on Twitter, you can find tons of angry replies to Netflix’s trailer, with people claiming it’s just a hit job meant to make retail investors look terrible. Even Taylor Lorenz has come out and clarified that she is adamantly opposed to the broken and unfair economic system of Wall Street, calling it “undeniably unhealthy.” But that doesn’t matter to angry investors. I guess all you need is one soundbite from an unreleased movie’s trailer to know it’s a hit piece.

[…]

Source: Stonkbros Are Angry Over Netflix’s GameStop Documentary Trailer

Just – wow, calling retail investors who caught and exposed a massive illegal short on Gamestop and then managed to actually do something about it Stonkbros is also a hit piece.

Chrome & Edge Enhanced Spellcheck Send your PII, Including Your Passwords to Microsoft and Google, Alibaba and 3rd parties

Posted on by

Chrome’s enhanced spellcheck & Edge’s MS Editor are sending data you enter into form fields like username, email, DOB, SSN, basically anything in the fields, to sites you’re logging into from either of those browsers when the features are enabled. Furthermore, if you click on “show password,” the enhanced spellcheck even sends your password, essentially Spell-Jacking your data.

[…]

shows employee credentials(password) being sent to Google while logging into the company’s Alibaba Cloud Account.

Screen Shot 2022 09 16 at 8.49.45 Am

otto-js co-founder &  CTO Josh Summitt discovered the spellcheck leak while testing the company’s script behaviors detection.

“If ‘show password’ is enabled, the feature even sends your password to their 3rd-party servers.  While researching for data leaks in different browsers, we found a combination of features that, once enabled, will unnecessarily expose sensitive data to 3rd Parties like Google and Microsoft.  What’s concerning is how easy these features are to enable and that most users will enable these features without really realizing what is happening in the background.” Josh Summitt

[…]

oth security teams from AWS and LastPass have responded to the outreach and both have already mitigated the issue.

  • Office 365
  • Alibaba – Cloud Service
  • Google Cloud – Secret Manager
  • AWS – Secrets Manager (UPDATE: has already fully mitigated the issue)
  • LastPass (UPDATE: has already fully mitigated the issue) 

[…]

Source: Chrome & Edge Enhanced Spellcheck Features Expose PII, Even Your Passwords | otto

When AI asks dumb questions, it gets smart fast

Posted on by

If someone showed you a photo of a crocodile and asked whether it was a bird, you might laugh—and then, if you were patient and kind, help them identify the animal. Such real-world, and sometimes dumb, interactions may be key to helping artificial intelligence learn, according to a new study in which the strategy dramatically improved an AI’s accuracy at interpreting novel images. The approach could help AI researchers more quickly design programs that do everything from diagnose disease to direct robots or other devices around homes on their own.

[…]

To help AIs expand their understanding of the world, researchers are now trying to develop a way for computer programs to both locate gaps in their knowledge and figure out how to ask strangers to fill them—a bit like a child asks a parent why the sky is blue. The ultimate aim in the new study was an AI that could correctly answer a variety of questions about images it has not seen before.

[…]

in the new study, researchers at Stanford University led by Ranjay Krishna, now at the University of Washington, Seattle, trained a machine-leaning system not only to spot gaps in its knowledge but to compose (often dumb) questions about images that strangers would patiently answer. (Q: “What is the shape of the sink?” A: “It’s a square.”)

It’s important to think about how AI presents itself, says Kurt Gray, a social psychologist at the University of North Carolina, Chapel Hill, who has studied human-AI interaction but was not involved in the work. “In this case, you want it to be kind of like a kid, right?” he says. Otherwise, people might think you’re a troll for asking seemingly ridiculous questions.

The team “rewarded” its AI for writing intelligible questions: When people actually responded to a query, the system received feedback telling it to adjust its inner workings so as to behave similarly in the future. Over time, the AI implicitly picked up lessons in language and social norms, honing its ability to ask questions that were sensical and easily answerable.

piece of coconut cake
Q: What type of dessert is that in the picture? A: hi dear it’s coconut cake, it tastes amazing 🙂 R. Krishna et al., PNAS, DOI: 2115730119 (2022)

The new AI has several components, some of them neural networks, complex mathematical functions inspired by the brain’s architecture. “There are many moving pieces … that all need to play together,” Krishna says. One component selected an image on Instagram—say a sunset—and a second asked a question about that image—for example, “Is this photo taken at night?” Additional components extracted facts from reader responses and learned about images from them.

Across 8 months and more than 200,000 questions on Instagram, the system’s accuracy at answering questions similar to those it had posed increased 118%, the team reports today in the Proceedings of the National Academy of Sciences. A comparison system that posted questions on Instagram but was not explicitly trained to maximize response rates improved its accuracy only 72%, in part because people more frequently ignored it.

The main innovation, Jaques says, was rewarding the system for getting humans to respond, “which is not that crazy from a technical perspective, but very important from a research-direction perspective.” She’s also impressed by the large-scale, real-world deployment on Instagram. (Humans checked all AI-generated questions for offensive material before posting them.)

[…]

 

Source: When AI asks dumb questions, it gets smart fast | Science | AAAS

Germany’s blanket data retention law is illegal, EU top court says

Posted on by

Germany’s general data retention law violates EU law, Europe’s top court ruled on Tuesday, dealing a blow to member states banking on blanket data collection to fight crime and safeguard national security.

The law may only be applied in circumstances where there is a serious threat to national security defined under very strict terms, the Court of Justice of the European Union (CJEU) said.

The ruling comes after major attacks by Islamist militants in France, Belgium and Britain in recent years.

Governments argue that access to data, especially that collected by telecoms operators, can help prevent such incidents, while operators and civil rights activists oppose such access.

The latest case was triggered after Deutsche Telekom (DTEGn.DE) unit Telekom Deutschland and internet service provider SpaceNet AG challenged Germany’s data retention law arguing it breached EU rules.

The German court subsequently sought the advice of the CJEU which said such data retention can only be allowed under very strict conditions.

“The Court of Justice confirms that EU law precludes the general and indiscriminate retention of traffic and location data, except in the case of a serious threat to national security,” the judges said.

“However, in order to combat serious crime, the member states may, in strict compliance with the principle of proportionality, provide for, inter alia, the targeted or expedited retention of such data and the general and indiscriminate retention of IP addresses,” they said.

Source: Germany’s blanket data retention law is illegal, EU top court says | Reuters

Excellent work by the court – targeted investigation has been proven to be much more effective than blanket surveillance. Other than that blanket surveillance turns your country into an Orwellian nightmare.

Morgan Stanley Settles for $32m after Hard Drives With Data on 15m customers Turn Up On Auction Site

Posted on by

An anonymous reader quotes a report from the New York Times: Morgan Stanley Smith Barney has agreed to pay a $35 million fine to settle claims that it failed to protect the personal information of about 15 million customers, the Securities and Exchange Commission said on Tuesday. In a statement announcing the settlement, the S.E.C. described what it called Morgan Stanley’s “extensive failures,” over a five-year period beginning in 2015, to safeguard customer information, in part by not properly disposing of hard drives and servers that ended up for sale on an internet auction site.

On several occasions, the commission said, Morgan Stanley hired a moving and storage company with no experience or expertise in data destruction services to decommission thousands of hard drives and servers containing the personal information of millions of its customers. The moving company then sold thousands of the devices to a third party, and the devices were then resold on an unnamed internet auction site, the commission said. An information technology consultant in Oklahoma who bought some of the hard drives on the internet chastised Morgan Stanley after he found that he could still access the firm’s data on those devices.

Morgan Stanley is “a major financial institution and should be following some very stringent guidelines on how to deal with retiring hardware,” the consultant wrote in an email to Morgan Stanley in October 2017, according to the S.E.C. The firm should, at a minimum, get “some kind of verification of data destruction from the vendors you sell equipment to,” the consultant wrote, according to the S.E.C. Morgan Stanley eventually bought the hard drives back from the consultant. Morgan Stanley also recovered some of the other devices that it had improperly discarded, but has not recovered the “vast majority” of them, the commission said. The settlement also notes that Morgan Stanley “had not properly disposed of consumer report information when it decommissioned servers from local offices and branches as part of a ‘hardware refresh program’ in 2019,” reports the Times. “Morgan Stanley later learned that the devices had been equipped with encryption capability, but that it had failed to activate the encryption software for years, the commission said.”

Source: Morgan Stanley Hard Drives With Client Data Turn Up On Auction Site – Slashdot

Revolut banking confirms cyberattack exposed personal data of tens of thousands of users

Posted on by

Fintech startup Revolut has confirmed it was hit by a highly targeted cyberattack that allowed hackers to access the personal details of tens of thousands of customers.

Revolut spokesperson Michael Bodansky told TechCrunch that an “unauthorized third party obtained access to the details of a small percentage (0.16%) of our customers for a short period of time.” Revolut discovered the malicious access late on September 11 and isolated the attack by the following morning.

“We immediately identified and isolated the attack to effectively limit its impact and have contacted those customers affected,” Bodansky said. “Customers who have not received an email have not been impacted.”

Revolut, which has a banking license in Lithuania, wouldn’t say exactly how many customers were affected. Its website says the company has approximately 20 million customers; 0.16% would translate to about 32,000 customers. However, according to Revolut’s breach disclosure to the authorities in Lithuania, first spotted by Bleeping Computer, the company says 50,150 customers were impacted by the breach, including 20,687 customers in the European Economic Area and 379 Lithuanian citizens.

Revolut also declined to say what types of data were accessed but told TechCrunch that no funds were accessed or stolen in the incident. In a message sent to affected customers posted to Reddit, the company said that “no card details, PINs or passwords were accessed.” However, the breach disclosure states that hackers likely accessed partial card payment data, along with customers’ names, addresses, email addresses and phone numbers.

The disclosure states that the threat actor used social engineering methods to gain access to the Revolut database, which typically involves persuading an employee to hand over sensitive information such as their password. This has become a popular tactic in recent attacks against a number of well-known companies, including TwilioMailchimp and Okta.

[…]

Source: Revolut confirms cyberattack exposed personal data of tens of thousands of users | TechCrunch

GTA Publisher Take-Two’s Bad Week Gets Worse With Disaster Hack

Posted on by

Take-Two is definitely not having a good time of it. Following the weekend’s colossal leak of GTA VI, its septimana horribilis continues with the fresh news that its 2K Games support services have been hacked, and customers are now being sent out phishing scams.

Posting to the official 2K Support Twitter account, 2K explained that its help desk platform had been hacked, and the invader made off with a whole bunch of customer emails. It says it “became aware that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers.”

[…]

2K has taken its “support portal” offline while they try to figure out what the heck happened, which isn’t a great look, especially in the week of NBA 2K23‘s release. The statement says, “We will issue a notice when you can resume interacting with official 2K help desk emails,” which is…not a foolproof method. Firstly, it gives the impression that there might be a time when a previously unread phishing email would be safe to click on, and secondly, it hardly reaches people who’ve received the email, who aren’t fortunate enough to have noticed the tweet (or read the press coverage).

Meanwhile, those with open tickets are getting told, at the time of writing, that 2K doesn’t “have estimates on when you’ll receive a reply,” with the somewhat ironic suggestion that they, “stay tuned via email.”

Read More: NBA 2K23: The Kotaku Review

For those that think they may have already fallen for the phishing scam, 2K recommends that people reset all passwords, enable multi-factor authentication (but avoid text message-based verification!), clog up their PCs with anti-virus software, and “check your account settings to see if any forwarding rules have been added or changed on your personal email accounts.”

There’s further cause for concern when you notice that one customer recognized that a likely hack had occurred some ten hours before the statement was released, but was fobbed off by the official account. The original customer replied almost nine hours before the hack was confirmed, saying, “at this point its very clear that you guys got hacked on support things related.. make a statement already before the damage is too big.”

Many replies to the statement are from bereft customers, claiming to have lost their accounts, or seen money removed from their games. Many more are from people who clicked on the links in the emails, but now don’t know if they’ve caused any harm to their devices or account, and are not getting clear answers.

[…]

Source: GTA Publisher Take-Two’s Bad Week Gets Worse With Disaster Hack

Cure of acute deafness after bang, shots or explosion appears possible

Posted on by

Cure of acute deafness after bang, shots or explosion appears possibleNews item | 21-09-2022 | 12:12There are plenty of preventive measures to prevent hearing damage, such as acute deafness, for example during the use of weapons. And yet things go wrong with some regularity. However, there is a method to limit the damage after noise trauma. This is done with hyperbaric oxygen therapy. The use of this treatment method for so-called noise trauma occurs worldwide, especially among soldiers. The 150th has now been treated in the Netherlands, most of which have had good results.Enlarge Image 3 soldiers with weapon and the attack, in rural area, at night.Acute deafness can occur during shooting, but also from fireworks, for example.“As long as you act quickly”, emphasizes captain-at-sea doctor Robert Weenink. “And I mean within 72 hours.”This anesthesiologist applies the therapy in the Amsterdam University Medical Center. Of course, not only soldiers benefit from this, but everyone who suffers from acute deafness from loud noise. This can also be the result of, for example, fireworks.Enlarge Image Burnt firecrackers in the street.Firecrackers can be disastrous for the hearing.Less damageThe fact that there is now a therapy is quite special. Not so long ago, deafness after noise trauma was actually a matter of bad luck. According to Weenink, there were medicines that helped something, but nothing else could be done about it. Until reports from abroad came to the attention of doctors at the Ministry of Defense. “Hyperbaric oxygen therapy could lead to less damage to hearing,” says Weenink. “Treatment with this was introduced for military personnel at the time.”Enlarge Image A recompression chamber, known from the diving world.A recompression chamber, known from the diving world.ciliaThe therapy is painless. The patient breathes 100% oxygen for 1.5 hours. This takes place in a recompression chamber known from the diving world, at a pressure that corresponds to a dive of 14 meters. During the 10 treatments required, the body receives a very large amount of oxygen, which also arrives in the inner ear and repairs damaged cilia.Enlarge Image A recompression chamber.The inside of a recompression chamber.By bang, shots or explosionOnly military personnel and police officers with significant hearing loss after noise trauma caused by a bang, shots or explosion are eligible for hyperbaric oxygen therapy. Weenink: “That is because less hearing loss usually recovers well without this treatment.” Unfortunately, people who now have permanent damage after prolonged exposure to noise are also not eligible. It’s really about the acute phase.Dutch ‘invention’Applying hyperbaric oxygen therapy is a Dutch ‘invention’. The Amsterdam surgeon Professor Ite Boerema was the founder of this treatment and has put it on the international map. The therapy is used to treat a variety of diseases, not specific to acute noise trauma. In the Netherlands, Defense is a forerunner in this field.

Source (Dutch): Genezing van acute doofheid na knal, schoten of ontploffing blijkt mogelijk

Source (Translate): Cure of acute deafness after bang, shots or explosion appears possible | News item | Defense.nl