Connect with us

Technology

Damages class certified • The Register

Voice Of EU

Published

on

A US judge has approved a limited class action against Apple for breach of contract following allegations it used third-party servers including “cloud storage facilities belonging to Amazon, Microsoft, or Google” to host customers’ data instead of its own premium iCloud service.

The case – which has been running since 2019 – was brought by Andrea Williams from Florida and California resident James Stewart, according to court papers published last week [PDF].

The pair sued Apple for “breach of contract”, claiming they had paid Apple for iCloud storage above the 5GB of data that is offered for free. They cited the agreed Terms of Service, stating: “When iCloud is enabled, your content will be automatically sent to and stored by Apple.”

What appears to lie at the heart of the case is the allegation that “Apple failed to inform Williams and Stewart that their data was being stored on ‘non-Apple remote servers and facilities’ despite alleged assurances to the contrary”, as well as upset over allegedly being charged a “price premium” that they claim “harmed” class members “who would have otherwise utilized… cheaper cloud storage alternatives.”

According to northern California District Judge Lucy Koh’s order:

“According to the [complaint]… Apple lacked the facilities needed to readily provide the cloud storage space being sold to class members through iCloud.”

An amended complaint filed on April 27, 2020, cited an internal presentation on Apple’s first in-house iCloud servers (codenamed “Project McQueen”), which according to court docs “discusse[d] the ‘dual writing’ of iCloud data on both McQueen servers and Amazon’s S3.”

It also cited a slide from another undated internal Apple presentation allegedly “show[ing] the percentage of total storage on and daily uploads to third-party servers. The other slide graph[ed], over time, iCloud storage across five different storage providers — of which ‘Apple’ is only one source.”

Apple had previously retorted in its response to the amended complaint that the plaintiffs lacked “proof that every member of the class had their iCloud data placed on third-party servers during the Damages Class Period [i.e., September 16, 2015 until October 31, 2018].”

Lawyers for Apple also argued the plaintiffs lacked proof that could “determine which US paid iCloud subscribers may have had some data stored historically on third-party servers.”

Judge Koh denied the motion for a separate injunctive relief class certification that would have forced Apple to make changes to its iCloud terms of service.

She also added that presentations showing “as of approximately March 2019, Apple stored about 40 per cent of all iCloud data on Apple servers” suggested “a substantial percentage of class members did not have their iCloud data stored on third-party servers.”

The court certified the class to all persons in the United States who paid for a subscription to iCloud at any time during the period September 16, 2015 to January 31, 2016, with Judge Koh finding the plaintiffs lacked “common proof of outsourcing” after January 2016.

The Reg has asked Apple for comment. ®

Source link

Technology

Ford’s new car safety tech can automatically reduce vehicle speed

Voice Of EU

Published

on

The new Ford Geofencing Speed Limit Control system alerts a driver when the car breaks a speed limit – then slows down the vehicle.

Speed limit signs may soon be a thing of the past as Ford is now trialling connected vehicle technology that can automatically reduce a car’s speed in certain zones to improve road safety.

Up to 29pc of all road fatalities in Europe, depending on the country, are pedestrians and cyclists, according to a 2020 report by the European Transport Safety Council. Setting up speed limits in certain areas is one of the frontline measures to minimise road accidents.

Future Human

Now, US carmaker Ford is testing its new Geofencing Speed Limit Control system across two German cities, Cologne and Aachen, to see if the technology can help in making roads safer, preventing fines for drivers and improving the appearance of roadsides.

A geofence is a virtual parameter in a real-world area. It is often used by mobility companies and start-ups, such as Ireland’s Zipp Mobility, to identify and enforce low-speed zones in cities.

How does it work?

Ford’s new system uses geofencing technology to alert a driver through the dashboard when the vehicle enters an area with a designated speed limit. It then lowers the vehicle speed to match the limit automatically.

However, the driver can override the automated system and deactivate speed limit control at any time. They can also use the technology to set their own geofencing zones at speed as low as 20kmph.

“Connected vehicle technology has the proven potential to help make everyday driving easier and safer to benefit everyone, not just the person behind the wheel,” said Michael Huynh, manager of City Engagement Germany at Ford Europe.

“Geofencing can ensure speeds are reduced where – and even when – necessary to help improve safety and create a more pleasant environment.”

Ford already has in-built assistance technologies that help drivers ensure they are abiding by speed limits. However, the new geofencing speed limit control system is the first that can automatically reduce a vehicle’s speed without the driver’s intervention.

Eyes on the road

The year-long trial that runs until March 2023 is collaboration between the Ford City Engagement team, city officials in Cologne and Aachen, and Ford software engineers in Palo Alto, California.

Together with colleagues in Aachen, the Palo Alto engineers developed technology that connects the vehicle to the geofencing system for GPS tracking and data exchange.

Germany has more than 1,000 types of road signs, which can often confuse drivers and distract them from the road ahead. Geofencing technologies such as the new Ford system can help drivers stay focused.

“Our drivers should benefit from the latest technical support, including geofencing based assistant systems that enable them to keep to the speed limits and fully concentrate on the road,” said Dr Bert Schröer of AWB, a Cologne waste disposal company involved in the trial.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

Pushing Buttons: Why linking real-world violence to video games is a dangerous distraction | Games

Voice Of EU

Published

on

Welcome to Pushing Buttons, the Guardian’s gaming newsletter. If you’d like to receive it in your inbox every week, just pop your email in below – and check your inbox (and spam) for the confirmation email.

Sign up for Pushing Buttons, our weekly guide to what’s going on in video games.

Remember how, in the wake of yet more awful shootings in the US this month, Fox News decided to blame video games rather than, you know, the almost total absence of meaningful gun control? Remember how I said last week that the video-games-cause-violence “argument” was so mendacious and nakedly manipulative that I wasn’t going to dignify it with a response?

Well, here I am, responding, because the supposed link between video games and real-life violence is one of the most persistent myths that I’ve encountered over the course of my career, and it has an interesting (if also infuriating) history.

Many video games have violent content, just as many films and TV series have violent content (and of course many books, as anyone who has endured a Bret Easton Ellis novel will attest). And it makes intuitive sense that the interactivity of games – especially shooting games – might appear more troubling, from the outside, than passive media such as film. (I gotta say, though, that in 25 years of playing video games I have never seen a scene as violent or upsetting as, say, a Quentin Tarantino movie.)

But the idea that exposure to these violent games turns people into killers in real life is comprehensively false – and it deflects attention from the actual drivers of real-world violence, from inequality to access to firearms to online radicalisation. It is a very politically motivated argument, and one that makes me instantly suspicious of the person wielding it. The NRA, for instance, trots it out on the regular. Donald Trump, inciter of actual real-life violent riots, was fond of it too. Why might that be, I wonder?

First, the facts: there is no scientifically credible link between video games and real-life violence. A lot of the studies around this issue are, in a word, bad – small sample sizes, lab conditions that have no relation to how people engage with games in the real world – but the best we have show either no link at all between violent games and violent thoughts or behaviour, or a positive correlation so minuscule as to be meaningless. A review of the science in 2020, which looked at and re-evaluated 28 global studies of video games and violence, found no cumulative harm, no long-term effect, and barely even any short-term effect on aggression in the real world. It concluded that the “long-term impacts of violent games on youth aggression are near zero”.

This seems self-evident: video games have been a part of popular culture for at least 50 years, since Pong, and violent games have existed in some form since Space Invaders, though they’ve gotten more visually realistic over time. If video games were in some way dangerous – if they significantly affected our behaviour, our emotional responses – you would expect to have seen widespread, cross-cultural changes in how we act. That is demonstrably not the case. Indeed, overall, violent crime has been decreasing for more than 20 years, the exact period of time during which games have become ubiquitous. Though it would be unscientific to credit video games with that effect, you would think that if the generations of people who’ve now played Doom or Call of Duty or Grand Theft Auto were warped by it, we might be seeing some evidence of that by now.

It is true that some perpetrators of mass murders – such as the Columbine shooters – were fans of video games. But given that the great majority of teenagers are fans of video games, that doesn’t mean much. More often than a fixation on violent media – of all kinds – mass shooters display an obsession with weapons or explosives or real-life killers, an interest in extremist views, social ostracisation. These are not otherwise well-adjusted people suddenly compelled to real-world violence by a game, or a film, or a Marilyn Manson album.

The history of the “video games cause violence” argument goes back even further than video games themselves: it’s an extension of the panic that flares up whenever a new and supposedly morally abject form of youth culture emerges. In the 1940s, when New York’s mayor ordered 2,000 pinball machines to be seized so that he could performatively smash them up, it was arcades; during the satanic panic of the 1980s and beyond, it was metal music. Since the mid to late 90s, it’s been video games, and no amount of studies debunking any link between them and real-world violence seems to make a difference.

So why does this argument keep showing up? In short: because it’s an easy scapegoat that ties into older generations’ instinctive wariness of technology, screen time and youth culture, and it greatly benefits institutions like the NRA and pro-gun politicians to have a scapegoat. Whenever video games are implicated in a violent event, there is usually stunning hypocrisy on display. After the El Paso shooting in 2019, Walmart removed violent video game displays from its stores – but continued to sell actual guns. Fox News, the TV network that platforms Tucker Carlson and the great replacement theory with him, is happy to point out that the perpetrator of a mass shooting played video games, while remaining oddly quiet on the racist ideas that show up in these shooters’ manifestos.

I’m not saying that we shouldn’t examine video game violence at all, or question it. Does every game that involves sneaking up on enemies need a gratuitous neck-breaking animation when you succeed in overpowering a guard? Why do games so often resort to violence as the primary method of interaction with a virtual world? Do we really need more violent media – couldn’t we be playing something more interesting than another military shooter? These are valid and interesting questions. But they have nothing to do with real-world violence.

What to play

‘The most interesting anti-violent video game I’ve played’. This week, we recommend 2015’s Undertale
‘The most interesting anti-violent video game I’ve played’. This week, we recommend 2015’s Undertale Photograph: Toby Fox

Back in 1994, video game magazine Edge ended its review of Doom with this infamous line: “If only you could talk to these creatures, then perhaps you could try and make friends with them, form alliances… Now that would be interesting.” Nearly 30 years later, “talk to the monsters” jokes and memes still crop up, even if nobody remembers where it originally came from.

Turns out that reviewer had a point, though, as proved by 2015’s Undertale, probably the most interesting anti-violent video game I’ve played. In this lo-fi role-playing game, you get into fights with plenty of monsters, but instead of battering them into submission you can win them over by talking them down and showing them mercy, which is often the more difficult option. In most games, there’s no question about what you do when a monster turns up in your path: this one makes you interrogate yourself. I interpreted it at the time as social commentary on pacifism and community, and looking back, I don’t think that was too much of an overreach.

Available on: PC, PlayStation 4, Xbox One, Nintendo Switch
Approximate play time: 6-10 hours

What to read

  • I’m going to start with a book this time: Lost in a Good Game: Why We Play Video Games and What They Can Do For Us, by Pete Etchells. A researcher and lecturer in biological psychology, Etchells’ perspective on video games is both relatable and extremely well-informed. He looks at the evidence (or lack of evidence) behind all the most pervasive beliefs about video games, and in the end he makes the case that most of the effects that they have on individuals and society are actually positive. It’s a reassuring read that I often recommend to worried parents who don’t play games themselves.

  • Grand Theft Auto V, perhaps the poster child for morally bankrupt video games that supposedly corrupt the youth, has now sold 165 million copies, following its launch on PS5 and Xbox Series X earlier this year. This makes it one of the most popular entertainment products of all time in any medium, and yet strangely, in the nine years since it was released, we have not seen the emergence of roving gangs of teenagers looking to act out their chaotic GTA Online shootouts in real life. Funny that.

What to click

Gibbon: Beyond the Trees review – short, simple and lovely to play

Activision Blizzard’s Raven Software workers vote to form industry’s first union

Question Block

Will return next week. If you have anything you’d like me to answer, just email me on pushingbuttons@theguardian.com!

Source link

Continue Reading

Technology

Predator spyware uses in Chrome, Android zero-day exploits • The Register

Voice Of EU

Published

on

Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm’s Predator spyware in at least three campaigns in 2021, according to Google’s Threat Analysis Group (TAG).

The Predator campaigns relied on four vulnerabilities in Chrome (CVE-2021-37973, CVE-2021-37976, CVE-2021-38000 and CVE-2021-38003) and one in Android (CVE-2021-1048) to infect devices with the surveillance-ware. 

Based on CitizenLab’s analysis of Predator spyware, Google’s bug hunters believe that the buyers of these exploits operate in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain, Indonesia, and possibly other countries.

“We assess with high confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different government-backed actors who used them in at least the three campaigns,” Google security researchers Clement Lecigne and Christian Resell wrote in a TAG update this month.

Cytrox, which is based in the Balkan state of North Macedonia, did not respond to The Register‘s request for comment.

“Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits,” the researchers wrote, adding that seven of the nine zero-day exploits that TAG discovered last year were developed by commercial vendors and sold to government-backed operators.

While NSO Group and its Pegasus spyware is perhaps the most notorious of these commercial providers, we’re told that TAG is tracking more than 30 such software providers that possess “varying levels of sophistication.” All of them are selling exploits or surveillance malware to governments for supposedly legitimate purposes.

Highly-targeted campaigns

The Predator campaigns were highly targeted to just tens of users hit, according to the Googlers. While the researchers didn’t provide specifics about who these campaigns targeted, they do note that they’ve seen this sort of tech used against journalists in the past. Similarly, CitizenLab’s analysis details Predator spyware being used against an exiled Egyptian politician and an Egyptian journalist.  

Each of the TAG-discovered campaigns delivered a one-time link via email that spoofed URL shortening services. Once clicked, these URLs directed the victims to an attacker-owned domain that delivered Alien, Android malware that loads the Predator spyware and performs operations for it.

“Alien lives inside multiple privileged processes and receives commands from Predator over IPC,” Lecigne and Resell noted. “These commands include recording audio, adding CA certificates, and hiding apps.”

The first campaign, which TAG detected in August 2021, used a Chrome vuln on Samsung Galaxy S21 devices. Opening the emailed link in Chrome triggered a logic flaw in the browser that forced the Samsung-supplied browser to open another URL. The content at that other URL likely exploited flaws in the Samsung browser to fetch and run Alien.

The security researchers surmise that the attackers didn’t have exploits for the then-current version of Chrome (91.0.4472) and instead used n-day exploits against Samsung Browser, which was running an older version of Chromium. 

“We assess with high confidence this vulnerability was sold by an exploit broker and probably abused by more than one surveillance vendor,” they wrote.

The second campaign, which TAG observed in September 2021, chained two exploits: an initial remote code execution and then a sandbox escape. It targeted an up-to-date Samsung Galaxy S10 running the latest version of Chrome.

“After escaping the sandbox, the exploit downloaded another exploit in /data/data/com.android.chrome/p.so to elevate privileges and install the Alien implant,” according to Lecigne and Resell, adding that they haven’t retrieved a copy of the exploit.

TAG analyzed one other campaign, a full Android exploit chain, targeting an up-to-date Samsung phone running the latest version of Chrome. It included a zero-day in JSON.stringify and a sandbox escape, which used a Linux kernel bug in the epoll() system call to gain sufficient privileges to hijack the device.

This particular Linux kernel bug, CVE-2021-1048, was fixed more than a year before the campaign. However, the commit was not flagged as a security issue, so the update wasn’t backported to most Android kernels. All Samsung kernels remained vulnerable when the nation-state backed gangs carried out this exploit. ®

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!