Nintendo files lawsuit against creators of Yuzu emulator

Posted on by

yuzu nintendo switch emulator on android[…]

The 41-page lawsuit was filed against Tropic Haze, the company that makes Yuzu. (Nintendo also specifically references a person aliased as Bunnei, who leads development on Yuzu.) Yuzu is a free emulator that was released in 2018 months after the Nintendo Switch originally launched. The same folks who made Citra, a Nintendo 3DS emulator, made this one. Basically, it’s a piece of software that lets people play Nintendo Switch games on Windows PC, Linux, and Android devices. (It also runs on Steam Deck, which Valve showed — then wiped — in a Steam Deck video clip.) Emulators aren’t necessarily illegal, but pirating games to play on them is. But Nintendo said in its lawsuit that there’s no way to legal way to use Yuzu.

Nintendo argued that Yuzu executes codes that “defeat” Nintendo’s security measures, including decryption using “an illegally-obtained copy of prod.keys.”

“In other words, without Yuzu’s decryption of Nintendo’s encryption, unauthorized copies of games could not be played on PCs or Android devices,” Nintendo wrote in the lawsuit. As to the alleged damages created by Yuzu, Nintendo pointed to the release of The Legend of Zelda: Tears of the Kingdom. Tears of the Kingdom leaked almost two weeks earlier than the game’s May 12 release date. The pirated version of the game spread quickly; Nintendo said it was downloaded more than 1 million times before Tears of the Kingdom’s release date. People used Yuzu to play the game; Nintendo said more than 20% of download links pointed people to Yuzu.

Though Yuzu doesn’t give out pirated copies of games, Nintendo repeatedly said that most ROM sites point people toward Yuzu to play whatever games they’ve downloaded.

[…]

Nintendo is asking the court to shut down the emulator, and for damages. Polygon has reached out to Nintendo and Tropic Haze for comment.

The Tears of the Kingdom publisher is notoriously strict with its intellectual property. Nintendo’s won several lawsuits targeting pirated game sites like RomUniverse, where it was awarded more than $2 million in damages. Nintendo also notoriously went after an alleged Nintendo Switch hacker named Gary Bowser, who was arrested and charged for selling Switch hacks. Though he’s been released from prison, Bowser still owes Nintendo $10 million; he paid Nintendo $175 while in prison from money he earned working in the prison library and kitchen.

Source: Nintendo files lawsuit against creators of Yuzu emulator – Polygon

So if all the links point to the pirated copy of the game, why don’t Nintendo sue Google and Baidu and Yandex and all the other search engines that provide the links? Because they are huge and have massive lawyer engines. And Yuzu doesn’t. And also because providing links is not illegal, as has been seen again and again. Also, creating emulators is not illegal either, but the lawsuits will probably suffocate the company. The law is seriously broken.

Meta will start collecting much more “anonymized” data about Quest headset usage

Posted on by

Meta will soon begin “collecting anonymized data” from users of its Quest headsets, a move that could see the company aggregating information about hand, body, and eye tracking; camera information; “information about your physical environment”; and information about “the virtual reality events you attend.”

In an email sent to Quest users Monday, Meta notes that it currently collects “the data required for your Meta Quest to work properly.” Starting with the next software update, though, the company will begin collecting and aggregating “anonymized data about… device usage” from Quest users. That anonymized data will be used “for things like building better experiences and improving Meta Quest products for everyone,” the company writes.

A linked help page on data sharing clarifies that Meta can collect anonymized versions of any of the usage data included in the “Supplemental Meta Platforms Technologies Privacy Policy,” which was last updated in October. That document lists a host of personal information that Meta can collect from your headset, including:

  • “Your audio data, when your microphone preferences are enabled, to animate your avatar’s lip and face movement”
  • “Certain data” about hand, body, and eye tracking, “such as tracking quality and the amount of time it takes to detect your hands and body”
  • Fitness-related information such as the “number of calories you burned, how long you’ve been physically active, [and] your fitness goals and achievements”
  • “Information about your physical environment and its dimensions” such as “the size of walls, surfaces, and objects in your room and the distances between them and your headset”
  • “Voice interactions” used when making audio commands or dictations, including audio recordings and transcripts that might include “any background sound that happens when you use those services” (these recordings and transcriptions are deleted “immediately” in most cases, Meta writes)
  • Information about “your activity in virtual reality,” including “the virtual reality events you attend”

The anonymized collection data is used in part to “analyz[e] device performance and reliability” to “improve the hardware and software that powers your experiences with Meta VR Products.”

What does Meta know about what you're doing in VR?
Enlarge / What does Meta know about what you’re doing in VR?
Meta

Meta’s help page also lists a small subset of “additional data” that headset users can opt out of sharing with Meta. But there’s no indication that Quest users can opt out of the new anonymized data collection policies entirely.

These policies only seem to apply to users who make use of a Meta account to access their Quest headsets, and those users are also subject to Meta’s wider data-collection policies. Those who use a legacy Oculus account are subject to a separate privacy policy that describes a similar but more limited set of data-collection practices.

Not a new concern

Meta is clear that the data it collects “is anonymized so it does not identify you.” But here at Ars, we’ve long covered situations where data that was supposed to be “anonymous” was linked back to personally identifiable information about the people who generated it. The FTC is currently pursuing a case against Kochava, a data broker that links de-anonymized geolocation data to a “staggering amount of sensitive and identifying information,” according to the regulator.

Concerns about VR headset data collection dates back to when Meta’s virtual reality division was still named Oculus. Shortly after the launch of the Oculus Rift in 2016, Senator Al Franken (D-Minn.) sent an open letter to the company seeking information on “the extent to which Oculus may be collecting Americans’ personal information, including sensitive location data, and sharing that information with third parties.”

In 2020, the company then called Facebook faced controversy for requiring Oculus users to migrate to a Facebook account to continue using their headsets. That led to a temporary pause of Oculus headset sales in Germany before Meta finally offered the option to decouple its VR accounts from its social media accounts in 2022.

Source: Meta will start collecting “anonymized” data about Quest headset usage | Ars Technica

$500 drone calculates its position with camera, Google Maps

Posted on by

[…]

A team of drone enthusiasts have built a sub-$500 drone that uses a camera and Google Maps to provide itself with GPS co-ordinates, removing the need for a GPS satellite signal. And all of this was done in 24 hours during the El Segundo Defense Tech Hackathon.

[…]

The drone uses a camera mounted underneath it to position itself with imagery from Google Maps highlighting similarities in the images to get a rough estimate of the co-ordinates

[…]

Google Maps allows users to download segments of maps ahead of time, usually for use when you are travelling or camping out in remote areas.

[…]

Without needing to rely on an external constellation of satellites, the GPS-free drone can continue operating on missions in GPS-denied environments, such as remote areas or those that have been jammed. Unlike Skydio’s approach, which uses cameras to position itself, using imagery that doesn’t rely on light to work means this drone can fly anywhere in the world it has imagery for at any time of the day or night.

[…]

Source: $500 drone calculates its position with camera, Google Maps

Vietnam to collect biometrics – even DNA – for new ID cards. Centralised databases never leak.

Posted on by

The Vietnamese government will begin collecting biometric information from its citizens for identification purposes beginning in July this year.

Prime minister Pham Minh Chinh instructed the nation’s Ministry of Public Security to collect the data in the form of iris scans, voice samples and actual DNA, in accordance with amendments to Vietnam’s Law on Citizen Identification.

The ID cards are issued to anyone over the age of 14 in Vietnam, and are optional for citizens between the ages of 6 and 14, according to a government news report.

Ammendments to the Law on Citizen Identification that allow collection of biometrics passed on November 27 of last year.

The law allows recording of blood type among the DNA-related information that will be contained in a national database to be shared across agencies “to perform their functions and tasks.”

The ministry will work with other parts of the government to integrate the identification system into the national database.

As for how the information will be collected, the amendments state:

Biometric information on DNA and voice is collected when voluntarily provided by the people or the agency conducting criminal proceedings or the agency managing the person to whom administrative measures are applied in the process of settling the case according to their functions and duties whether to solicit assessment or collect biometric information on DNA, people’s voices are shared with identity management agencies for updating and adjusting to the identity database.

Vietnam’s future identity cards will incorporate the functions of health insurance cards, social insurance books, driver’s licenses, birth certificates, and marriage certificates, as defined by the amendment.

There are approximately 70 million adults in Vietnam as of 2022, making the collection and safeguarding of such data no small feat.

The Reg is sure the personal information on all those citizens will be just fine – personal data held by governments for ID cards certainly never leaks.

[…]

Source: Vietnam to collect biometrics – even DNA – for new ID cards • The Register

Absolutely retarded.

‘No one understands outsourcing the management of .nl domains to Amazon’

Posted on by

At the beginning of February, SIDN was in the news after announcing that it wanted to outsource part of its services to Amazon Web Services, the American web giant. According to SIDN, the reason for the outsourcing was that implementation on its own servers had become too expensive and too labor-intensive.

Van Eeten: ‘SIDN has not provided any explanation as to how on earth it ended up at Amazon. I can imagine that they don’t feel like dealing with all that iron (servers) and can’t find staff. But then there are numerous Dutch providers who say: ‘Just leave it to us. Then we will arrange everything.’

Van Eeten also does not understand why the registration system used by SIDN would be so demanding. ‘In principle it seems quite simple, I estimate a few hundred accounts on a database. I don’t see any reason why a Dutch cloud service couldn’t handle that.’

The criticism is partly a matter of timing: five years ago there would have been a lot less fuss about it. Van Eeten: ‘But in recent years the question has increasingly arisen whether it is wise to outsource more and more digital services to a handful of American companies. That discussion is about digital sovereignty. And that has become quite a thing in Europe.’

Source: ‘No one understands outsourcing the management of .nl domains to Amazon’ – Emerce

It’s completely nuts that a technical organisation says they can’t be technical – and is washing its hands of running the most popular TLD per capita population in the world!

Wyze says camera breach let 13,000 customers briefly see into other people’s homes

Posted on by

Last week, co-founder David Crosby said that “so far” the company had identified 14 people who were able to briefly see into a stranger’s property because they were shown an image from someone else’s Wyze camera. Now we’re being told that number of affected customers has ballooned to 13,000.

The revelation came from an email sent to customers entitled “An Important Security Message from Wyze,” in which the company copped to the breach and apologized, while also attempting to lay some of the blame on its web hosting provider AWS.

“The outage originated from our partner AWS and took down Wyze devices for several hours early Friday morning. If you tried to view live cameras or Events during that time, you likely weren’t able to. We’re very sorry for the frustration and confusion this caused.

The breach, however, occurred as Wyze was attempting to bring its cameras back online. Customers were reporting seeing mysterious images and video footage in their own Events tab. Wyze disabled access to the tab and launched its own investigation.

As it did before, Wyze is chalking up the incident to “a third-party caching client library” that was recently integrated into its system.

This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.

But it was too late to prevent an estimated 13,000 people from getting an unauthorized peek at thumbnails from a stranger’s homes. Wyze says that 1,504 people tapped to enlarge the thumbnail, and that a few of them caught a video that they were able to view. It also claims that all impacted users have been notified of the security breach, and that over 99 percent of all of its customers weren’t affected.

[…]

Source: Wyze says camera breach let 13,000 customers briefly see into other people’s homes – The Verge

Which it’s better to store stuff on your own NAS hardware instead of some vendor’s cloud.

Chinese and US researchers show new side channel can reproduce fingerprints by listening to swiping sounds on screen

Posted on by

An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound [PDF] proposes a side-channel attack on the sophisticated Automatic Fingerprint Identification System (AFIS). The attack leverages the sound characteristics of a user’s finger swiping on a touchscreen to extract fingerprint pattern features. Following tests, the researchers assert that they can successfully attack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.” This is claimed to be the first work that leverages swiping sounds to infer fingerprint information.

[…]

the PrintListener paper says that “finger-swiping friction sounds can be captured by attackers online with a high possibility.” The source of the finger-swiping sounds can be popular apps like Discord, Skype, WeChat, FaceTime, etc. Any chatty app where users carelessly perform swiping actions on the screen while the device mic is live. Hence the side-channel attack name – PrintListener.

[…]

Source: Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks | Tom’s Hardware

Four-day week made permanent for most UK firms in world’s biggest trial

Posted on by

Of the 61 organisations that took part in a six-month UK pilot in 2022, 54 (89%) are still operating the policy a year later, and 31 (51%) have made the change permanent.

More than half (55%) of project managers and CEOs said a four-day week – in which staff worked 100% of their output in 80% of their time – had a positive impact on their organisation, the report found.

For 82% this included positive effects on staff wellbeing, 50% found it reduced staff turnover, while 32% said it improved job recruitment. Nearly half (46%) said working and productivity improved.

[…]

The four-day working week report, by the thinktank Autonomy and researchers from the University of Cambridge, the University of Salford and Boston College in the US, found that “many of the significant benefits found during the initial trial have persisted 12 months on”, although they noted that it was a small sample size.

Almost all (96%) of staff said their personal life had benefited, and 86% felt they performed better at work, while 38% felt their organisation had become more efficient, and 24% said it had helped with caring responsibilities.

Organisations reduced working hours by an average of 6.6 hours to reach a 31.6-hour week. Most gave their staff one full day off a week, either universal or staggered. The report found that protected days off were more effective than those on which staff were “on call” or sometimes expected to work.

The most successful companies made their four-day week “clear, confident and well-communicated”, and co-designed their policies between staff and management, thinking carefully about how to adapt work processes, the authors wrote.

[…]

 

Source: Four-day week made permanent for most UK firms in world’s biggest trial | Work-life balance | The Guardian

Varda Space, Rocket Lab nail first-of-its-kind spacecraft landing in Utah, bring back space grown drugs

Posted on by

A spacecraft containing pharmaceutical drugs that were grown on orbit has finally returned to Earth today after more than eight months in space.

Varda Space Industries’ in-space manufacturing capsule, called Winnebago-1, landed in the Utah desert at around 4:40 p.m. EST. Inside the capsule are crystals of the drug ritonavir, which is used to treat HIV/AIDS. It marks a successful conclusion of Varda’s first experimental mission to grow pharmaceuticals on orbit, as well as the first time a commercial company has landed a spacecraft on U.S. soil, ever.

The capsule will now be sent back to Varda’s facilities in Los Angeles for analysis, and the vials of ritonavir will be shipped to a research company called Improved Pharma for post-flight characterization, Varda said in a statement. The company will also be sharing all the data collected through the mission with the Air Force and NASA, per existing agreements with those agencies.

The first-of-its-kind reentry and landing is also a major win for Rocket Lab, which partnered with Varda on the mission. Rocket Lab hosted Varda’s manufacturing capsule inside its Photon satellite bus; through the course of the mission, Photon provided power, communications, attitude control and other essential operations. At the mission’s conclusion, the bus executed a series of maneuvers and de-orbit burns that put the miniature drug lab on the proper reentry trajectory. The final engine burn was executed shortly after 4 p.m. EST.

[…]

Source: Varda Space, Rocket Lab nail first-of-its-kind spacecraft landing in Utah | TechCrunch

Universal Antivenom for Snake Bites Might Soon Be a Reality

Posted on by

[…]

a team of scientists says they’ve created a lab-made antibody geared to counteract toxic bites from a wide variety of snakes. In early tests with mice, the uber-antivenom appeared to work as intended.

Snake antivenom is typically derived from the antibodies of horses or other animals that produce a strong immune response to snake toxins. These donated antibodies can be highly effective at preventing serious injury and death from a snakebite, but they come with serious limitations.

The chemical makeup of one species’s toxin can vary significantly from another’s, for instance, so antibodies to one specific toxin provide little protection against others. Manufacturers can try to work around this by inoculating animals with several toxins at once, but this method has drawbacks, such as needing a higher dose of antivenom since only some of the antibodies will have any effect.

[…]

Though snake toxins are remarkably complex and different from one another, even within the same class, the team managed to find sections of these toxins that were pretty similar across different species.

The scientists produced a variety of 3FTx toxins in the lab and then screened them against a database of more than 50 billion synthetic antibodies, looking for ones that could potentially neutralize several toxins at once. After a few rounds of selection, they ultimately identified one antibody that seemed to broadly neutralize at least five different 3FTx variants, called 95Mat5. They then put the antibody to a real-life test, finding that it fully protected mice from dying from the toxins of the many-banded krait, Indian spitting cobra, and black mamba, in some cases better than conventional antivenom; it also offered some protection against venom from the king cobra.

[…]

As seen with the king cobra, the 95Mat5 antibody alone may not work against every elapid snake. And it wouldn’t protect against bites from viper snakes, the other major family of venomous snakes. But the team’s process of identifying broadly neutralizing antibodies—adapted from similar research on the HIV virus—could be used to find other promising antivenom candidates.

[…]

Source: Universal Antivenom for Snake Bites Might Soon Be a Reality

Video generation models as world simulators by OpenAI Sora

Posted on by

[…]

Our largest model, Sora, is capable of generating a minute of high fidelity video. Our results suggest that scaling video generation models is a promising path towards building general purpose simulators of the physical world.

This technical report focuses on (1) our method for turning visual data of all types into a unified representation that enables large-scale training of generative models, and (2) qualitative evaluation of Sora’s capabilities and limitations. Model and implementation details are not included in this report.

[…]

Sampling flexibility

Sora can sample widescreen 1920x1080p videos, vertical 1080×1920 videos and everything inbetween. This lets Sora create content for different devices directly at their native aspect ratios. It also lets us quickly prototype content at lower sizes before generating at full resolution—all with the same model.

[…]

Source: Video generation models as world simulators

Canadian college M&M Vending machines secretly scanning faces – revealed by error message

Posted on by

[…]

The scandal started when a student using the alias SquidKid47 posted an image on Reddit showing a campus vending machine error message, “Invenda.Vending.FacialRecognitionApp.exe,” displayed after the machine failed to launch a facial recognition application that nobody expected to be part of the process of using a vending machine.

Reddit post shows error message displayed on a University of Waterloo vending machine (cropped and lightly edited for clarity).
Enlarge / Reddit post shows error message displayed on a University of Waterloo vending machine (cropped and lightly edited for clarity).
SquidKid47 on Reddit

“Hey, so why do the stupid M&M machines have facial recognition?” SquidKid47 pondered.

The Reddit post sparked an investigation from a fourth-year student named River Stanley, who was writing for a university publication called MathNEWS.

Stanley sounded alarm after consulting Invenda sales brochures that promised “the machines are capable of sending estimated ages and genders” of every person who used the machines without ever requesting consent.

This frustrated Stanley, who discovered that Canada’s privacy commissioner had years ago investigated a shopping mall operator called Cadillac Fairview after discovering some of the malls’ informational kiosks were secretly “using facial recognition software on unsuspecting patrons.”

Only because of that official investigation did Canadians learn that “over 5 million nonconsenting Canadians” were scanned into Cadillac Fairview’s database, Stanley reported. Where Cadillac Fairview was ultimately forced to delete the entire database, Stanley wrote that consequences for collecting similarly sensitive facial recognition data without consent for Invenda clients like Mars remain unclear.

Stanley’s report ended with a call for students to demand that the university “bar facial recognition vending machines from campus.”

A University of Waterloo spokesperson, Rebecca Elming, eventually responded, confirming to CTV News that the school had asked to disable the vending machine software until the machines could be removed.

[…]

Source: Vending machine error reveals secret face image database of college students | Ars Technica

iOS and Android users face scans used to break into bank accounts

Posted on by

[…]

GoldPickaxe and GoldPickaxe.iOS target Android and iOS respectively, tricking users into performing biometric verification checks that are ultimately used to bypass the same checks employed by legitimate banking apps in Vietnam and Thailand – the geographic focus of these ongoing attacks.

The iOS version is believed only to be targeting users in Thailand, masquerading as the Thai government’s official digital pensions app. That said, some think it has also made its way to Vietnam. This is because very similar attacks, which led to the theft of tens of thousands of dollars, were reported in the region earlier this month.

“It is of note that GoldPickaxe.iOS is the first iOS Trojan observed by Group-IB that combines the following functionalities: collecting victims’ biometric data, ID documents, intercepting SMS, and proxying traffic through the victims’ devices,” the researchers said.

“Its Android sibling has even more functionalities than its iOS counterpart, due to more restrictions and the closed nature of iOS.”

[…]

Researchers also found the Android version bore many more disguises than the iOS version – taking the form of more than 20 different government, finance, and utility organizations in Thailand, and allowing attackers to steal credentials for all of these services.

How’d they get on Apple phones?

In the case of iOS, the attackers had to be cunning. Their first method involved the abuse of Apple’s TestFlight platform, which allows apps to be distributed as betas before full release to the App Store.

After this method was stymied, attackers switched to more sophisticated social engineering. This involved influencing users to enroll their devices in an MDM program, allowing the attackers to push bad apps to devices that way.

In all cases, the initial contact with victims was made by the attackers impersonating government authorities on the LINE messaging app, one of the region’s most popular.

[…]

Once the biometrics scans were captured, attackers then used these scans, along with deepfake software, to generate models of the victim’s face.

Attackers would download the target banking app onto their own devices and use the deepfake models, along with the stolen identity documents and intercepted SMS messages, to remotely break into victims’ banks.

[…]

Facial biometrics were only mandated in Thailand last year, with plans first announced in March with an enforcement date set for July. Vietnam is poised to mandate similar controls by April this year.

From July 2023, all Thai banking apps had to comply with the new initiative and replace one-time passcodes with facial biometrics to decrease the threat of financial fraud in the region. This applied specifically to transactions exceeding 50,000 BAT (roughly $1,400).

[…]

Source: Stolen iOS users face scans used to break into bank accounts

Which goes to show – biometrics are unchangeable and so make for a really bad (and potentially dangerous, if people are inclinded to amputate parts of your anatomy) security pass.

Whoops: ‘Smart’ Livall Helmet Allowed Real Time Surveillance And Location Tracking Of A Million Customers

Posted on by

livall smart helmets

[,,,] a company named Livall makes “smart” bike helmets for skiers and cyclists that includes features like auto-fall detection, GPS location monitoring, and integrated braking lights. The problem: the company apparently didn’t spend enough time securing the company’s app, allowing pretty much anybody to listen in on and track the precise location data of a million customers in real time.

Livall’s smartphone apps feature group audio chats and location data. The problem: Ken Munro, founder of U.K. cybersecurity testing firm Pen Test Partners, found that the chat groups were secured by a six-digit pin code that was very simple to brute force (via Techcrunch):

“That 6 digit group code simply isn’t random enough. We could brute force all group IDs in a matter of minutes.”

Munro also noted that there was nothing to alert a group of cyclists or skiers that someone new had entered the chat, allowing a third party to monitor them in complete silence:

“As soon as one entered a valid group code, one joined the group automatically. There was no further authorisation nor alerts to the other group user. It was therefore trivial to silently join any group, giving us access to any users location and the ability to listen in to any group audio communications.

Whoops a daisy. As with so many modern “smart” tech companies, Munro also notes that Livall only took their findings seriously once they got a prominent security journalist (Zack Whittaker at Techcrunch) involved to bring attention to the problem. Livall finally fixed the problem, but it’s not entirely clear that would have happened without Whittaker’s involvement.

[…]

Source: Whoops: ‘Smart’ Helmet Allowed Real Time Surveillance And Location Tracking Of A Million Customers | Techdirt

European human rights court says backdooring encrypted comms is against human rights

Posted on by
a picture of an eye staring at your from your mobile phone

The European Court of Human Rights (ECHR) has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights – a decision that may derail European data surveillance legislation known as Chat Control.

The Court issued a decision on Tuesday stating that “the contested legislation providing for the retention of all internet communications of all users, the security services’ direct access to the data stored without adequate safeguards against abuse and the requirement to decrypt encrypted communications, as applied to end-to-end encrypted communications, cannot be regarded as necessary in a democratic society.”

The “contested legislation” mentioned above refers to a legal challenge that started in 2017 after a demand from Russia’s Federal Security Service (FSB) that messaging service Telegram provide technical information to assist the decryption of a user’s communication. The plaintiff, Anton Valeryevich Podchasov, challenged the order in Russia but his claim was dismissed.

In 2019, Podchasov brought the matter to the ECHR. Russia joined the Council of Europe – an international human rights organization – in 1996 and was a member until it withdrew in March 2022 following its illegal invasion of Ukraine. Because the 2019 case predates Russia’s withdrawal, the ECHR continued to consider the matter.

The Court concluded that the Russian law requiring Telegram “to decrypt end-to-end encrypted communications risks amounting to a requirement that providers of such services weaken the encryption mechanism for all users.” As such, the Court considers that requirement disproportionate to legitimate law enforcement goals.

While the ECHR decision is unlikely to have any effect within Russia, it matters to countries in Europe that are contemplating similar decryption laws – such as Chat Control and the UK government’s Online Safety Act.

Chat Control is shorthand for European data surveillance legislation that would require internet service providers to scan digital communications for illegal content – specifically child sexual abuse material and potentially terrorism-related information. Doing so would necessarily entail weakening the encryption that keeps communication private.

Efforts to develop workable rules have been underway for several years and continue to this day, despite widespread condemnation from academics, privacy-oriented orgs, and civil society groups.

Patrick Breyer, a member of the European parliament for the Pirate Party, hailed the ruling for demonstrating that Chat Control is incompatible with EU law.

“With this outstanding landmark judgment, the ‘client-side scanning’ surveillance on all smartphones proposed by the EU Commission in its chat control bill is clearly illegal,” said Breyer.

“It would destroy the protection of everyone instead of investigating suspects. EU governments will now have no choice but to remove the destruction of secure encryption from their position on this proposal – as well as the indiscriminate surveillance of private communications of the entire population!” ®

Source: European human rights court says no to weakened encryption • The Register

New evidence changes key ideas about Earth’s climate history – it wasn’t that hot

Posted on by

A new study published in Science resolves a long-standing scientific debate, and it stands to completely change the way we think about Earth’s climate evolution.

The research debunks the idea that Earth’s surface (across land and sea) has experienced really hot temperatures over the last two billion years. Instead, it shows that Earth has had a relatively stable and mild climate.

Temperature is an important control over chemical reactions that govern life and our environment. This ground-breaking work will have significant implications for scientists working on or questions surrounding biological and climate .

[…]

In the work, Dr. Isson and Ph.D. student Sofia Rauzi adopted novel methods to illuminate a history of Earth’s surface .

They utilized five unique data records derived from different rock types including shale, iron oxide, carbonate, silica, and phosphate. Collectively, these ‘geochemical’ records comprise over 30,000 that span Earth’s multi-billion-year history.

To date, the study is the most comprehensive collation and interpretation of one of the oldest geochemical records—. Oxygen isotopes are different forms of the element oxygen. It is also the first study to use all five existing records to chart a consistent ‘map’ of temperature across an enormous portion of geological time.

“By pairing oxygen isotope records from different minerals, we have been able to reconcile a unified history of temperature on Earth that is consistent across all five records, and the oxygen isotopic composition of seawater,” says Dr. Isson.

The study disproves ideas that early oceans were hot with temperatures greater than 60°C prior to approximately half a billion years ago, before the rise of animals and land plants. The data indicates relatively stable and temperate early-ocean and temperatures of around 10°C which upends current thinking about the environment that complex life evolved in.

The work produces the first ever record of the evolution of terrestrial (land-based) and marine clay abundance throughout Earth history. This is the first direct evidence for an intimate link between the evolution of plants, marine creatures that make skeletons and shells out of silica (siliceous life forms), clay formation, and .

“The results suggest that the process of clay formation may have played a key role in regulating climate on early Earth and sustaining the temperate conditions that allowed for the evolution and proliferation of life on Earth,” says Dr. Isson.

[…]

The work produces the first ever record of the evolution of terrestrial (land-based) and marine clay abundance throughout Earth history. This is the first direct evidence for an intimate link between the evolution of plants, marine creatures that make skeletons and shells out of silica (siliceous life forms), clay formation, and .

“The results suggest that the process of clay formation may have played a key role in regulating climate on early Earth and sustaining the temperate conditions that allowed for the evolution and proliferation of life on Earth,” says Dr. Isson.

Source: New evidence changes key ideas about Earth’s climate history

23andMe Thinks ‘Mining’ Your DNA Data Is Its Last Hope

Posted on by

23andMe is in a death spiral. Almost everyone who wants a DNA test already bought one, a nightmare data breach ruined the company’s reputation, and 23andMe’s stock is so close to worthless it might get kicked off the Nasdaq. CEO Anne Wojcicki is on a crisis tour, promising investors the company isn’t going out of business because she has a new plan: 23andMe is going to double down on mining your DNA data and selling it to pharmaceutical companies.

“We now have the ability to mine the dataset for ourselves, as well as to partner with other groups,” Wojcicki said in an interview with Wired. “It’s a real resource that we could apply to a number of different organizations for their own drug discovery.”

That’s been part of the plan since day one, but now it looks like it’s going to happen on a much larger scale. 23andMe has always coerced its customers into giving the company consent to share their DNA for “research,” a friendlier way of saying “giving it to pharmaceutical companies.” The company enjoyed an exclusive partnership with pharmaceutical giant GlaxoSmithKline, but apparently the drug maker already sucked the value out of your DNA, and that deal is running out. Now, 23andMe is looking for new companies who want to take a look at your genes.

[…]

the most exciting opportunity for “improvements” is that 23andMe and the pharmaceutical industry get to develop new drugs. There’s a tinge of irony here. Any discoveries that 23andMe makes come from studying DNA samples that you paid the company to collect.

[…]

The problem with 23andMe’s consumer-facing business is the company sells a product you only need once in a lifetime. Worse, the appeal of a DNA test for most people is the novelty of ancestry results, but if your brother already paid for a test, you already know the answers.

[…]

it’s spent years trying to brand itself as a healthcare service, and not just a $79 permission slip to tell people you’re Irish. In fact, the company thinks you should buy yourself a recurring annual subscription to something called 23andMe+ Total Health. It only costs $1,188 a year.

[…]

The secret is you just can’t learn a ton about your health from genetic screenings, aside from tests for specific diseases that doctors rarely order unless you have a family history.

[…]

What do you get with these subscriptions? It’s kind of vague. Depending on the package, they include a service that “helps you understand how genetics and lifestyle can impact your likelihood of developing certain conditions,” testing for rare genetic conditions, enhanced ancestry features, and more. Essentially, they’ll run genetic tests that you may not need. Then, they may or may not recommend that you talk to a doctor, because they can’t offer you actual medical care.

You could also skip the middleman and start with a normal conversation with your doctor, who will order genetic tests if you need them and bill your insurance company

[…]

If 23andMe company survives, the first step is going to be deals that give more companies access to look at your genetics than ever before. But if 23andMe goes out of business, it’ll get purchased or sold off for parts, which means other companies will get a look at your data anyway.

Source: 23andMe Admits ‘Mining’ Your DNA Data Is Its Last Hope

What this piece misses is the danger of whom the data is sold to – or if it is leaked (which it was). Insurance companies may refuse to insure you. Your DNA may be faked. Your unique and unchangeable identity – and those of your family – has been stolen.

US judge dismisses authors’ ridiculous copyright claim against OpenAI

Posted on by

A US judge has dismissed some of the claims made by writers in a copyright infringement lawsuit against OpenAI, though gave the wordsmiths another chance to amend their complaint.

The case – Paul Tremblay et al vs OpenAI – kicked off in 2023 when novelists Paul Tremblay, Christopher Golden, and Richard Kadrey, and writer-comedian-actress Sarah Silverman accused OpenAI of illegally scraping their work without consent to train the AI champion’s large language models.

The creators claimed that ChatGPT produced accurate summaries of their books and offered that as evidence that their writing had been ripped off. Since OpenAI’s neural networks learn to generate text from its training data, the group argued that its output should be considered a “derivative work” of their IP.

The plaintiffs also alleged that OpenAI’s model deliberately omitted so-called copyright management information, or CMI – think books’ ISBN numbers and authors’ names – when it produced output based on their works. They also accused the startup of unfair competition, negligence, and unjust enrichment.

All in all, the writers are upset that, as alleged, OpenAI not only used copyrighted work without permission and recompense to train its models, its model generates prose that closely apes their own, which one might say would hinder their ability to profit from that work.

Federal district Judge Araceli Martínez-Olguín, sitting in northern California, was asked by OpenAI to dismiss the authors’ claims in August.

In a fresh order [PDF] released on Monday, Martínez-Olguín delivered the bad news for the scribes.

“Plaintiffs fail to explain what the outputs entail or allege that any particular output is substantially similar – or similar at all – to their books. Accordingly, the court dismisses the vicarious copyright infringement claim,” she wrote. She also opined that the authors couldn’t prove that CMI had been stripped from the training data or that its absence indicated an intent to hide any copyright infringement.

Claims of unlawful business practices, fraudulent conduct, negligence, and unjust enrichment were similarly dismissed.

The judge did allow a claim of unfair business practices to proceed.

“Assuming the truth of plaintiffs’ allegations – that defendants used plaintiffs’ copyrighted works to train their language models for commercial profit – the court concludes that defendants’ conduct may constitute an unfair practice,” Martínez-Olguín wrote.

Although this case against OpenAI has been narrowed, it clearly isn’t over yet. The plaintiffs have been given another opportunity to amend their initial arguments alleging violation of copyright by filing a fresh complaint before March 13.

The Register has asked OpenAI and a lawyer representing the plaintiffs for comment. We’ll let you know if they have anything worth saying. ®

Source: US judge dismisses authors’ copyright claim against OpenAI • The Register

See also: A Bunch Of Authors Sue OpenAI Claiming Copyright Infringement, Because They Don’t Understand Copyright

and: OpenAI disputes authors’ claims that every ChatGPT response is a derivative work, it’s transformative

France uncovers a vast Russian disinformation campaign in Europe

Posted on by

RUSSIA HAS been at the forefront of internet disinformation techniques at least since 2014, when it pioneered the use of bot farms to spread fake news about its invasion of Crimea. According to French authorities, the Kremlin is at it again. On February 12th Viginum, the French foreign-disinformation watchdog, announced it had detected preparations for a large disinformation campaign in France, Germany, Poland and other European countries, tied in part to the second anniversary of Vladimir Putin’s invasion of Ukraine and the elections to the European Parliament in June.

Viginum said it had uncovered a Russian network of 193 websites which it codenames “Portal Kombat”. Most of these sites, such as topnews.uz.ua, were created years ago and many were left dormant. Over 50 of them, such as news-odessa.ru and pravda-en.com, have been created since 2022. Current traffic to these sites, which exist in various languages including French, German, Polish and English, is low. But French authorities think they are ready to be activated aggressively as part of what one official calls a “massive” wave of Russian disinformation.

Viginum says it watched the sites between September and December 2023. It concluded that they do not themselves generate news stories, but are designed to spread “deceptive or false” content about the war in Ukraine, both on websites and via social media. The underlying objective is to undermine support for Ukraine in Europe. According to the French authorities, the network is controlled by a single Russian organisation.

[…]

For France, the detection of this latest Russian destabilisation effort comes after a series of campaigns that it has attributed to Moscow. Last November the French foreign ministry denounced a “Russian digital interference operation” that spread photos of Stars of David stencilled on walls in a neighbourhood of Paris, in order to stir intercommunal tension in France shortly after the start of the Israel-Hamas conflict. Viginum then detected a network of 1,095 bots on X (formerly Twitter), which published 2,589 posts. It linked this to a Russian internet complex called Recent Reliable News, known for cloning the websites of Western media outlets in order to spread fake news; the EU has dubbed that complex “Doppelgänger”.

France held the same network responsible in June 2023 for the cloning of various French media websites, as well as that of the French foreign ministry. On the cloned ministry website, hackers posted a statement suggesting, falsely, that France was to introduce a 1.5% “security tax” to finance military aid to Ukraine.

[…]

Key advance for capturing carbon from the air

Posted on by

vanadium crystal bar and cube

Zeiss Makro-Planar T*2/100mm ZE

A chemical element so visually striking that it was named for a goddess shows a “Goldilocks” level of reactivity — neither too much nor too little — that makes it a strong candidate as a carbon scrubbing tool.

The element is vanadium, and research by Oregon State University scientists has demonstrated the ability of vanadium peroxide molecules to react with and bind carbon dioxide — an important step toward improved technologies for removing carbon dioxide from the atmosphere.

[…]

how some transition metal complexes can react with air to remove carbon dioxide and convert it to a metal carbonate, similar to what is found in many naturally occurring minerals.

Transition metals are located near the center of the periodic table and their name arises from the transition of electrons from low energy to high energy states and back again, giving rise to distinctive colors. For this study, the scientists landed on vanadium, named for Vanadis, the old Norse name for the Scandinavian goddess of love said to be so beautiful her tears turned to gold.

Nyman explains that carbon dioxide exists in the atmosphere at a density of 400 parts per million. That means for every 1 million air molecules, 400 of them are carbon dioxide, or 0.04%.

“A challenge with direct air capture is finding molecules or materials that are selective enough, or other reactions with more abundant air molecules, such as reactions with water, will outcompete the reaction with CO2,” Nyman said. “Our team synthesized a series of molecules that contain three parts that are important in removing carbon dioxide from the atmosphere, and they work together.”

One part was vanadium, so named because of the range of beautiful colors it can exhibit, and another part was peroxide, which bonded to the vanadium. Because a vanadium peroxide molecule is negatively charged, it needed alkali cations for charge balance, Nyman said, and the researchers used potassium, rubidium and cesium alkali cations for this study.

[…]

vanadium peroxide is a beautiful, purple Goldilocks that becomes golden when exposed to air and binds a carbon dioxide molecule.”

She notes that another valuable characteristic of vanadium is that it allows for the comparatively low release temperature of about 200 degrees Celsius for the captured carbon dioxide.

[…]

“Being able to rerelease the captured CO2 enables reuse of the carbon capture materials, and the lower the temperature required for doing that, the less energy that’s needed and the smaller the cost. There are some very clever ideas about reuse of captured carbon already being implemented — for example, piping the captured CO2 into a greenhouse to grow plants.”

[…]

Story Source:

Materials provided by Oregon State University. Original written by Steve Lundeberg. Note: Content may be edited for style and length.

Journal Reference:

  1. Eduard Garrido Ribó, Zhiwei Mao, Jacob S. Hirschi, Taylor Linsday, Karlie Bach, Eric D. Walter, Casey R. Simons, Tim J. Zuehlsdorff, May Nyman. Implementing vanadium peroxides as direct air carbon capture materials. Chemical Science, 2024; 15 (5): 1700 DOI: 10.1039/D3SC05381D

 

Source: Key advance for capturing carbon from the air | ScienceDaily

Satellite beamed power from space to Earth for the first time ever

Posted on by

The first experiment to transmit power to Earth from space could lead to a space-based solar power station within 10 years, according to one of the researchers involved.

Such a station would benefit from greater exposure to the sun, due to the lack of clouds and atmosphere along with the ability to avoid nighttime darkness. However, the difficulty of designing and making structures large enough to be useful but light enough to launch by rocket has made such a facility impractical.

In a step forward, Ali Hajimiri at the California Institute of Technology and his colleagues launched the Microwave Array Power Transfer LEO Experiment (MAPLE) to space in January 2023. Two months later, they successfully beamed the first power to Earth, after which they ran the experiment for a further eight months.

MAPLE consists of a lightweight array of microwave-producing chips that can direct a beam to a specified location, though it can’t yet generate these microwaves from sunlight.

The team found that MAPLE could send 100 milliwatts of power through space and quickly refocus the beam to new locations. Over the course of the experiment, the team attempted to send power to Earth three times, receiving just 1 milliwatt on the ground each time.

A fully functional system capable of transmitting 100 megawatts, enough to power tens of thousands of homes, would need to be around a square kilometre in size, compared with the 150 square centimetres or so of MAPLE.

“The size of the system is many orders of magnitude smaller than the system that you would need to use for a full-blown application, but the key part here is to have the technology demonstrated in space,” says Hajimiri.

 

Reference:

arxiv DOI: 10.48550/arXiv.2401.15267

Source: Satellite beamed power from space to Earth for the first time ever | New Scientist

Fermi Resonance explains why carbon dioxide causes global warming

Posted on by

illustration of Fermi Resonance

Global warming is largely caused by carbon dioxide and other gases absorbing infrared radiation, trapping heat in Earth’s atmosphere – known as the greenhouse effect.

The most accurate climate models use precise measurements of the amount of radiation CO₂ can absorb to calculate how much heat will be trapped in the atmosphere. These models are excellent at predicting future changes in Earth’s climate, but they don’t provide a physical explanation for why this gas can absorb so much radiation, which can make their predictions difficult to explain.

Robin Wordsworth at Harvard University and his colleagues have now shown how CO₂’s heat-trapping properties can be explained in terms of quantum mechanical effects, in particular a phenomenon called the Fermi resonance.

Sign up to our Fix the Planet newsletter

Get a dose of climate optimism delivered straight to your inbox every month.

Sign up to newsletter

“Rather than just a narrow range of radiation getting absorbed, as you would naively expect, it becomes much broader,” says Wordsworth. “It’s this broadening which is really critical to understanding why carbon dioxide is an important greenhouse gas.”

The Fermi resonance describes how the different directions and patterns in which molecules vibrate can influence each other and make them vibrate more. This is similar to how two pendulums, connected by a shared string, can increase the amplitude of each other’s swinging.

A molecule of CO₂ consists of two oxygen atoms bonded to one carbon atom. Two of the molecule’s vibrations influence each other to make it absorb more light: a side-to-side stretching of the oxygen atoms, and a sidewinder snake-like zigzagging of these atoms.

Wordsworth and his colleagues came up with equations to describe how much radiation CO₂ can absorb based on its physical properties, with and without the Fermi resonance. They found that its light-absorbing features and its warming effect on Earth’s atmosphere could only be reproduced when the resonance was included.

The Fermi resonance was responsible for nearly half of the total warming effect. “Even things that are happening on the scale of our planet are determined, ultimately, by what’s going on at the micro scale,” says Wordsworth.

While it was already known that CO₂ had a particularly large Fermi resonance, having an equation that links this to the greenhouse effect could be useful for quick calculations without running a full climate model, says Jonathan Tennyson at University College London. This could also help physicists model the climate of exoplanets, which can require large amounts of computing power to fully simulate.

Something that Wordsworth and his team couldn’t explain is why CO₂ vibrates in such a unique way – a question that might never be answered without a theory of everything. “There doesn’t seem to be a clear reason why this resonance occurs in CO₂,” says Wordsworth. “One could imagine a different universe where it was slightly different, and carbon dioxide might not have the same effects.”

 

Reference:

arXiv DOI: 10.48550/arXiv.2401.15177

Source: Quantum quirk explains why carbon dioxide causes global warming | New Scientist

Meet GOODY-2, The World’s Most Ethical (And Useless) AI

Posted on by

AI guardrails and safety features are as important to get right as they are difficult to implement in a way that satisfies everyone. This means safety features tend to err on the side of caution. Side effects include AI models adopting a vaguely obsequious tone, and coming off as overly priggish when they refuse reasonable requests.

Prioritizing safety above all.

Enter GOODY-2, the world’s most responsible AI model. It has next-gen ethical principles and guidelines, capable of refusing every request made of it in any context whatsoever. Its advanced reasoning allows it to construe even the most banal of queries as problematic, and dutifully refuse to answer.

As the creators of GOODY-2 point out, taking guardrails to a logical extreme is not only funny, but also acknowledges that effective guardrails are actually a pretty difficult problem to get right in a way that works for everyone.

Complications in this area include the fact that studies show humans expect far more from machines than they do from each other (or, indeed, from themselves) and have very little tolerance for anything they perceive as transgressive.

This also means that as AI models become more advanced, so too have they become increasingly sycophantic, falling over themselves to apologize for perceived misunderstandings and twisting themselves into pretzels to align their responses with a user’s expectations. But GOODY-2 allows us all to skip to the end, and glimpse the ultimate future of erring on the side of caution.

[via WIRED]

Source: Meet GOODY-2, The World’s Most Responsible (And Least Helpful) AI | Hackaday

‘World’s biggest casino’ app Winstar exposed customers’ personal data: developer Dexia didn’t secure the db.

Posted on by

Oklahoma-based WinStar bills itself as the “world’s biggest casino” by square footage. The casino and hotel resort also offers an app, My WinStar, in which guests can access self-service options during their hotel stay, their rewards points and loyalty benefits, and casino winnings.

The app is developed by a Nevada software startup called Dexiga.

The startup left one of its logging databases on the internet without a password, allowing anyone with knowledge of its public IP address to access the WinStar customer data stored within using only their web browser.

Dexiga took the database offline after TechCrunch alerted the company to the security lapse.

[…]

the personal data included full names, phone numbers, email addresses and home addresses. Sen shared details of the exposed database with TechCrunch to help identify its owner and disclose the security lapse.

TechCrunch examined some of the exposed data and verified Sen’s findings. The database also contained an individual’s gender and the IP address of the user’s device, TechCrunch found.

None of the data was encrypted, though some sensitive data — such as a person’s date of birth — was redacted and replaced with asterisks.

A review of the exposed data by TechCrunch found an internal user account and password associated with Dexiga founder Rajini Jayaseelan.

[…]

Source: ‘World’s biggest casino’ app exposed customers’ personal data | TechCrunch

Artificial cartilage with the help of 3D printing

Posted on by

cartelige stem cells 3d printed in the letters TU

Growing cartilage tissue in the lab could help patiens with injuries, but it is very hard to make the tissue grow in exactly the right shape. A new approach could solve this problem: Tiny spherical containers are created with a high-resolution 3D printer. These containers are then filled with cells and assembled into the desired shape. The cells from different containers connect, the container itself is degradable and eventually disappears.

scaffolded spheroids for tissue engineering

[…]

A special high-resolution 3D printing process is used to create tiny, porous spheres made of biocompatible and degradable plastic, which are then colonized with cells. These spheroids can then be arranged in any geometry, and the cells of the different units combine seamlessly to form a uniform, living tissue. Cartilage tissue, with which the concept has now been demonstrated at TU Wien, was previously considered particularly challenging in this respect.

Tiny spherical cages as a scaffold for the cells

“Cultivating cartilage cells from stem cells is not the biggest challenge. The main problem is that you usually have little control over the shape of the resulting tissue,”

[…]

To prevent this, the research team at TU Wien is working with a new approach: specially developed laser-based high-resolution 3D printing systems are used to create tiny cage-like structures that look like mini footballs and have a diameter of just a third of a millimeter. They serve as a support structure and form compact building blocks that can then be assembled into any shape.

Stem cells are first introduced into these football-shaped mini-cages, which quickly fill the tiny volume completely.

[…]

The team used differentiated stem cells — i.e. stem cells that can no longer develop into any type of tissue, but are already predetermined to form a specific type of tissue, in this case cartilage tissue.

[…]

The tiny 3D-printed scaffolds give the overall structure mechanical stability while the tissue continues to mature. Over a period of a few months, the plastic structures degrade, they simply disappear, leaving behind the finished tissue in the desired shape.

First step towards medical application

In principle, the new approach is not limited to cartilage tissue, it could also be used to tailor different kinds of larger tissues such as bone tissue. However, there are still a few tasks to be solved along the way — after all, unlike in cartilage tissue, blood vessels would also have to be incorporated for these tissues above a certain size.

“An initial goal would be to produce small, tailor-made pieces of cartilage tissue that can be inserted into existing cartilage material after an injury,” says Oliver Kopinski-Grünwald. “In any case, we have now been able to show that our method for producing cartilage tissue using spherical micro-scaffolds works in principle and has decisive advantages over other technologies.”

Source: Artificial cartilage with the help of 3D printing | ScienceDaily