A flaw in Chromecast and Google Home could let companies zero in on your location via web pages. Photo by Marco Verch on Flickr.
A selection of 11 links for you. Not to be sold separately. I’m @charlesarthur on Twitter. Observations and links welcome.
DeepMind AI learns to reconstruct scenes from images • Axios
The system uses a pair of images of a virtual 3D scene taken from different angles to create a representation of the space. A separate “generation” network then predicts what the scene will look like from a different viewpoint it hasn’t seen before.
• After training the generative query network (GQN) on millions of images, it could use one image to determine the identity, position and color of objects as well as shadows and other aspects of perspective, the authors wrote.
• That ability to understand the scene’s structure is the “most fascinating” part of the study, wrote the University of Maryland’s Matthias Zwicker, who wasn’t involved in the research.
• The DeepMind researchers also tested the AI in a maze and reported the network can accurately predict a scene with only partial information.
• A virtual robotic arm could also be controlled by the GQN to reach a colored object in a scene.
Full paper at Science.
link to this extract
Samsung’s cancelled Project Valley foldable phone revealed in pictures • SamMobile
As you can see in the images, Samsung’s early foldable phone was simply a regular smartphone with a second display panel attached to it with a folding hinge. It’s a rather unattractive design that would have seemed out of place at a time when the Korean giant launched the beautiful Galaxy S6 and Galaxy S6 edge. It would certainly have garnered a lot of attention as no other manufacturer would have had something similar to offer at the time, but Samsung clearly wasn’t interested in releasing a foldable phone just to be the first on the market.
That’s not to say this early Project Valley prototype isn’t important, as it’s proof that Samsung has been serious about foldable devices for a long time. The company went as far as filing a patent for the user interface for the device, and it has recently been pretty upfront about its plans to release a foldable smartphone at some point in the near future.
I’d have called this a “folding” phone rather than a “foldable” phone. Somehow “foldable” to me suggests a single screen that somehow can be made smaller. But whatever – this looked horrible.
link to this extract
Listen to children who’ve just been separated from their parents at the border • ProPublica
The baritone voice of a Border Patrol agent booms above the crying. “Well, we have an orchestra here,” he jokes. “What’s missing is a conductor.”
Then a distraught but determined six-year-old Salvadoran girl pleads repeatedly for someone to call her aunt. Just one call, she begs anyone who will listen. She says she’s memorized the phone number, and at one point, rattles it off to a consular representative. “My mommy says that I’ll go with my aunt,” she whimpers, “and that she’ll come to pick me up there as quickly as possible.”
An audio recording obtained by ProPublica adds real-life sounds of suffering to a contentious policy debate that has so far been short on input from those with the most at stake: immigrant children. More than 2,300 of them have been separated from their parents since April, when the Trump administration launched its “zero tolerance” immigration policy, which calls for prosecuting all people who attempt to illegally enter the country and taking away the children they brought with them. More than 100 of those children are under the age of four. The children are initially held in warehouses, tents or big box stores that have been converted into Border Patrol detention facilities.
I recognise that this isn’t a political collection (generally), but this action by the present US administration – actions which predecessors including GW Bush and Obama considered and rejected – is indicative of a descent in public behaviour. A week ago I linked to an article which said “American collapse isn’t just economic and political – it’s moral and ethical, too“. This policy is indicative of that collapse.
I realise one wants to detain people who might be illegal immigrants at the border. But that doesn’t necessitate separating them from their children. That is inhuman.
link to this extract
Google to fix location data leak in Google Home, Chromecast • Krebs on Security
Craig Young, a researcher with security firm Tripwire, said he discovered an authentication weakness that leaks incredibly accurate location information about users of both the smart speaker and home assistant Google Home, and Chromecast, a small electronic device that makes it simple to stream TV shows, movies and games to a digital television or monitor.
Young said the attack works by asking the Google device for a list of nearby wireless networks and then sending that list to Google’s geolocation lookup services.
“An attacker can be completely remote as long as they can get the victim to open a link while connected to the same Wi-Fi or wired network as a Google Chromecast or Home device,” Young told KrebsOnSecurity. “The only real limitation is that the link needs to remain open for about a minute before the attacker has a location. The attack content could be contained within malicious advertisements or even a tweet.”
…When Young first reached out to Google in May about his findings, the company replied by closing his bug report with a “Status: Won’t Fix (Intended Behavior)” message. But after being contacted by KrebsOnSecurity, Google changed its tune, saying it planned to ship an update to address the privacy leak in both devices. Currently, that update is slated to be released in mid-July 2018.
The accuracy by this method is to within 10 metres – rather than the 2-3 miles that a typical IP address alone offers. If they get your location, plus an IP, plus some cookies, they’ve got your identity forever. “They” being advertisers who will want to pursue you on and off the net. Though how does Google Home “go” to a page, exactly?
Krebs suggests putting your IoT devices on a separate intranet from everything else. Quite a struggle.
link to this extract
FBI recovers WhatsApp, Signal data stored on Michael Cohen’s BlackBerry • Ars Technica
In a letter to the presiding judge in the case against Michael Cohen, President Donald Trump’s long-time personal attorney, the US Attorney’s Office for the Southern District of New York revealed today that it had obtained additional evidence for review—including a trove of messages and call logs from WhatsApp and Signal on one of two BlackBerry phones belonging to Cohen. The messages and call logs together constitute 731 pages of potential evidence. The FBI also recovered 16 pages of documents that had been shredded, but it has not yet been able to complete the extraction of data from the second phone.
The letter to Judge Kimba Wood stated that “the Government was advised that the FBI’s original electronic extraction of data from telephones did not capture content related to encrypted messaging applications, such as WhatsApp and Signal… The FBI has now obtained this material.”
This change is likely because of the way the messages are stored by the applications, not because the FBI had to break any sort of encryption on them. WhatsApp and Signal store their messages in encrypted databases on the device, so an initial dump of the phone would have only provided a cryptographic blob. The key is required to decrypt the contents of such a database, and there are tools readily available to access the WhatsApp database on a PC.
In a post to Twitter, attorney Michael Avenatti, who represents Stormy Daniels in her suit against Cohen over a nondisclosure agreement regarding her alleged sexual encounters with Donald Trump, crowed about the new evidence.
Manafort, Cohen – their opsec is revealed as pretty woeful. Part of what the FBI offered is “reconstructed shredded documents”. Oh dear.
link to this extract
New wearables forecast: smartwatches to continue ascendance while wristbands face flat growth • IDC
“The shift in consumer preferences towards smartwatches has been in full swing these past few quarters and we expect that to continue in the coming years,” said Jitesh Ubrani senior research analyst for IDC Mobile Device Trackers. “While Apple will undoubtedly lead in this category, what bears watching is how Google and its partners move forward. WearOS (formerly Android Wear) has been somewhat of a laggard recently and despite expected changes to the OS and the release of new silicon, we anticipate Android-based watches to be WearOS’ closest competitor due to the high amount of customization available to vendors and the lack of Google services in China.”
“Additionally, keep an eye on the other smartwatch platforms, including Fitbit’s Fitbit OS, Garmin’s Connected IQ, and Samsung’s Tizen,” said Ramon T. Llamas, research director for IDC’s Wearables team. “Fitbit’s Versa has had a warm reception in the market, and Garmin’s devices have had a steady presence for many quarters. Expect both companies to dive deeper into health and fitness while exploring new areas as well. Samsung, meanwhile, continues to make strides in the commercial space, including health care and wearable workflows.”
Smartwatches will evolve to encompass far more features and functionalities than they have today. “The smartwatches of 2022, even 2020, will make today’s smartwatches seem quaint,” added Llamas. “Health and fitness is a strong start, but when you include cellular connectivity, integration with other Internet of Things (IoT) devices and systems, and how smartwatches can enable greater efficiencies, the smartwatch market is heading for steady growth in the years to come.”
Forecasts the total market will grow 8.2% this year, to 124.9m units; smartwatches to be 44% of that (55m), of which Apple will be 20.2m.
link to this extract
Self-described ‘classical liberal’ YouTubers join far-right European political party • Right Wing Watch
YouTuber pundit Carl Benjamin, known online as “Sargon of Akkad,” Infowars editor-at-large Paul Joseph Watson and Scottish “Nazi pug” comedian Mark Meechan have announced that they are joining the right-wing populist and anti-immigrant UK Independence Party (UKIP), demolishing their claims that they are merely “classical liberals.”
Benjamin, Watson, and most recently Meechan, have become popular voices online for right-wing media audiences on YouTube in North America and Europe. For years, Benjamin and Watson have used their supposed “classical liberal” political orientation to present right-wing ideologies favorably and to incessantly bash caricatures of “social justice warrior” figures. Now these figures are joining an explicitly right-wing political party that has been rapidly crumbling since its political high point in 2015.
The first of the trio to join UKIP was Meechan, who is a Scottish comedian who was adopted by right-wing audiences when he stood trial for distributing a video in which a pug does a Nazi salute after Meechan prompts it with phrases like “Sieg Heil.” Meechan was supported in court by anti-Muslim activist Stephen “Tommy Robinson” Yaxley, but was ultimately fined £800 for the video.
I’m not sure if I would call UKIP “far right wing” – its members tend to be, though its policies are just very right wing. But these people joining it is hilarious: a case of the rats joining the sinking ship. UKIP is finished as a political force in the UK; it’s the dog that caught the car, since its only raison d’etre was to get the UK to leave the EU. Its vote collapsed in the council elections and general election last year.
link to this extract
Shortcuts: a new vision for Siri and iOS automation • MacStories
In their apps, third-party developers can embed messages and buttons (which they can design) to bring up the Siri UI to record a shortcut phrase. This means we’ll start seeing apps populate important screens or actions with suggestions and buttons to record a shortcut phrase. Moreover, in the Siri recording UI, developers can include a phrase suggestion, but it’s up to the user to decide what they want to record.
More importantly, users always have to create personalized shortcut phrases through direct interaction: apps cannot automatically fill the ‘My Shortcuts’ page in Settings with shortcuts and custom phrases. The user has to associate a custom phrase to a shortcut first.
The more I think about it, the more I see custom shortcut phrases as the next big step in making Siri a more personal assistant that is unique to each user. As would happen with an actual assistant, shortcut phrases allow users to form their own language over time, creating a personalized set of instructions that only their assistant can interpret and act upon. It’s the equivalent of jargon in a group of friends, but applied to Siri and app actions. The potential accessibility perks are tremendous too: Apple now enables everyone to create custom Siri phrases that can be however long or short they want; this removes the need to find actions nested in apps, multiple levels deep into their navigation stack.
Here’s why I believe Apple and the Workflow (now Shortcuts) team have been incredibly smart in reframing the concept of user automation around Siri and voice: when you think about it, custom phrases aren’t too dissimilar from keyboard shortcuts. However, spoken phrases are easier to remember – they don’t feel like dark magic to regular users who have never bothered with “automation” before, and, most of all, they are natively supported across the entire spectrum of Apple products, from iPhones and AirPods to HomePods and Watches.3
I strongly believe that personalized phrases are the first step towards changing the fundamental Siri experience, which is going to evolve into a personal command log – from one Siri to a million Siris, each uniquely tailored to the user who customized it.
There’s then a lot more about the Shortcuts app – what used to be the (third-party) Workflow app. You can turn any Workflow workflow into a Shortcut shortcut, if you follow me. It has taken quite a while, but Apple is getting iOS towards Android’s scriptability.
link to this extract
Google to invest $550m in Chinese ecommerce giant JD.com • Venturebeat
Google will invest $550m in Chinese ecommerce powerhouse JD.com, part of the US internet giant’s efforts to expand its presence in fast-growing Asian markets and battle rivals including Amazon.com.
The two companies described the investment as one piece of a broader partnership that will include the promotion of JD.com products on Google’s shopping service. This could help JD.com expand beyond its base in China and Southeast Asia and establish a meaningful presence in US and European markets.
Company officials said the agreement initially would not involve any major new Google initiatives in China, where the company’s main services are blocked over its refusal to censor search results in line with local laws.
JD.com’s investors include Chinese social media powerhouse Tencent Holdings Ltd, the arch-rival of Chinese e-commerce leader Alibaba Group Holding Ltd, and Walmart Inc.
Google is stepping up its investments across Asia, where a rapidly growing middle class and a lack of infrastructure in retail, finance and other areas have made it a battleground for US and Chinese internet giants. Google recently took a stake in Indonesian ride-hailing firm Go-Jek, and sources have told Reuters that it may also invest in Indian e-commerce upstart Flipkart.
Google declined to comment on the rumored Flipkart deal. The JD.com investment is being made by the operating unit of Google rather than one of parent company Alphabet’s investment vehicles.
Google will get 27.1m newly issued JD.com Class A ordinary shares as part of the deal. This will give them less than a 1% stake in JD, a spokesman for JD said.
Google seems like it still wants to work out some way to get a toehold in China. Will this give it access to shopping data? Seems unlikely.
link to this extract
Adtech won’t fix ad fraud because it’s too lucrative, say specialists • Which-50
Adtech companies themselves are rarely accused of fraud. Instead, most of the fraud that Which-50 has investigated is committed by bad agents exploiting technical and process weaknesses found in the legitimate adtech ecosystem.
The rewards are significant. One former fraudster last year described to Which-50 how a small operation he worked in, with only three staff running a fairly unsophisticated grift, was raking in $US25,000 a week.
Our recent report about the MegaCast app serving tens of thousands of video ads in the background — irrespective of whether the app was engaged — operated at different scale altogether.
Another example: last year Forbes reported that a “… South Korean company, Kiniwini, hid an illegitimate ad clicking function inside 41 apps, most of which were games.”
That scam was uncovered not by Google, which manages the Android app store, but by security company Checkpoint. As Forbes noted, the scam bypassed Google’s Bouncer technology which is designed to mitigate against fraud. This was because the offending capability was downloaded after installation.
Google also missed the MegaCast racket. It was actually discovered by Pixalate which revealed the details in a company blog.
Accusations of direct fraud by adtech companies are more rare, although not unheard of. Occasionally these come to light where companies are accused directly of fraud by their competitors — such as when Steelhouse and Criteo went at each other in the US courts in 2016.
The parties settled their arguments shortly before their respective lawyers were due to commence the legal discovery process, telling the market through a statement that once they had a better understanding of how each other’s business worked, they realised it was all just an unfortunate misunderstanding.
Which-50 is not accusing either company of fraud. Rather we merely point out that each accused the other of exactly that before they settled.
China’s Huawei rebuts Australian security concerns amid Sino-Canberra tensions • Reuters
Australia is likely to ban Huawei from participating in a 5G mobile telecommunications roll-out in the nation as it fears the company is de facto controlled by China and sensitive infrastructure will fall into the hands of Beijing, according to Australian media reports.
Huawei denies the allegations, and, in a move that threatens to draw Australian politicians into a public spat that will further stain relations with China, dismissed Canberra’s security concerns.
“Recent public commentary around China has referenced Huawei and its role in Australia and prompted some observations around security concerns,” Huawei Australia Chairman John Lord and board directors John Brumby and Lance Hockridge wrote in the unprecedented letter.
“Many of these comments are ill-informed and not based on facts.”
Huawei, the world’s largest maker of telecommunications network equipment and the No. 3 smartphone supplier, has already been virtually shut out from the giant US market because of national security concerns.
Australia has longstanding concerns about Huawei. In 2012 it banned the company from supplying its massive National Broadband Network, and in May Canberra committed millions of dollars to ensure Huawei did not build an internet cable between Australia and the Solomon Islands.
Notable how US and Australia, two of the “five eyes” countries (along with Canada, UK and France) which cooperate on spying, aren’t happy about letting Huawei in. Though the UK, with care, is.
link to this extract
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
Errata, corrigenda and ai no corrida: none notified
Re. Google hack… I don’t have any smart devices yet, but if I did, I’d want a PiHole protecting me. It’s $40 for the Pi, one line of command to install, and the community is very good with updates and support. https://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/
Re. Tearing children away from their families… the bible uses the term “abomination” liberally. I think it applies here. But then again, it also applied to torture, Gitmo, and science denial (not to downplay gun proliferation , gerrymandering, and voter exclusion but those are not quite up there, probably). As a European I feel slightly isolated from the US’s utter moral bankruptcy, but.. is it coming to us too ?
Same actors were behind Brexit and the nationalist parties in Italy. It’s already there.