Connect with us

Technology

Google herds FLoC back to the lab for undisclosed ad tech modifications • The Register

Voice Of EU

Published

on

Google has decided to let the initial test of its FLoC ad technology conclude in a few days to work on improvements but isn’t inclined to share feedback from test participants.

Privacy advocates would prefer if the online ad giant provided more insight into the test results, since Google’s ongoing ad infrastructure rewrite affects every internet business and internet user, not to mention the digital ad industry generating $350bn annually.

FLoC stands for Federated Learning of Cohorts and promises a way to divide browser users into interest groups so they can be presented with interest-based ads without revealing personal information to advertisers. It’s one proposal among many, collectively referred to as the Privacy Sandbox, intended to repackage targeted advertising technology so it can continue amid tighter privacy laws and technical limitations like the eventual discontinuation of third-party cookies.

Google last month bought itself another year-and-a-half or so to develop and deploy its Privacy Sandbox systems by pushing back the date when it will drop support for third-party cookies – a current mechanism by which ads get targeted that has fallen out of favor. And it now appears the search ad giant intends to take advantage of the extra time to make its Privacy Sandbox less of a sieve.

Google’s FLoC “Origin Trial,” which began in March, is set to conclude on July 13. During that period, things have not gone well. Privacy advocates have spotted potential concerns and rival browser makers have declared their disinterest in the technology.

While those participating in the trial – web publishers, ad tech companies, and the like – have expressed interest in extending the test, Google opted to retreat and regroup.

“We’ve decided not to extend this initial Origin Trial,” said senior software engineer Josh Karlin in a forum post last week. “Instead, we’re hard at work on improving FLoC to incorporate the feedback we’ve heard from the community before advancing to further ecosystem testing.”

F-words all round

Then on Wednesday, in a Web Commerce Interest Group (WCIG) meeting on a related Privacy Sandbox proposal called First Locally-Executed Decision over Groups Experiment (FLEDGE), Google mathematician Michael Kleber said while comments about FLoC made through public channels exist, the company doesn’t intend to disclose private feedback from those testing the technology.

“The main summary of that feedback will be the next version, and you can surmise based on what features (and the reasoning for these changes) are available in the next version,” Kleber explained, according to the meeting transcript.

Via Twitter, Dr Lukasz Olejnik, independent privacy researcher and consultant, questioned that approach, asking whether the public is just supposed to guess what was said by interpreting technical changes.

Kleber responded, “We write extensively about all the design aspects of our proposals! And we get lots of feedback, which is often public. But when people give us private feedback, we don’t publish it.”

In an email to The Register, Olejnik said the frontal critique of FLoC has clearly made a strong impression and that he expects Google’s design and development teams will take advantage of the extra time to revise the technology.

“FloC greatly suffered due to an apparent lack of coherent PR/communications, or ideas for the privacy lines to adopt,” he said. “It may also seem as if some strategic mistakes happened here as well. [Whether that’s] because of the initial desire to move at an impressively rapid pace is anyone’s guess.”

Olejnik said he wondered whether it makes sense to not describe the nature of changes made to the Privacy Sandbox in response to feedback. “I would consider that such explanations would be helpful, and leaving analysts to decipher the rationale from the design decisions is pretty non-transparent,” he said.

‘Tone deaf and too clever by half’

In a phone interview with The Register, Ashkan Soltani, a privacy researcher and former Federal Trade Commission technologist, said Google’s approach to FLoC was typical for the company, “tone deaf and too clever by half in that it tries to engineer a solution to a human problem and misses the mark.”

The issue people have is not with cookies per se, he said, “the thing people take issue with is the passive collection and inference of their preferences. FLoC does that by default and broadcasts those to more sites because it’s based on a first-party context. It further perpetuates a business model that people have problems with.”

The challenge Google faces to have people accept its Privacy Sandbox vision is that the regulatory and competitive environment is a lot more complicated now than it was when the web was being invented and technical decisions could be made by fiat.

Soltani pointed to how the decision of a single Netscape engineer to allow third-party cookies to be set by default laid the groundwork for the ad industry.

“For better or worse, the negative externalities and problems the industry created with privacy and divisive content, all those things weren’t pondered at the time,” he explained. “Now those decisions need to be more careful. Where you draw that line and how you draw that line affects billions of dollars.”

Further complicating the situation is pushback from existing ad tech companies that profit from the status quo. Soltani pointed to the efforts of James Roswell, CEO of data service biz 51degrees, to shape web standards in a way that suits marketers.

“His group is responsible for the lawsuit [against Google] by the UK Competition and Markets Authority (CMA),” said Soltani. “He has been incredibly successful and problematic in the W3C process in terms of finding ways to disrupt and undermine the standards making process.”

Soltani also pointed out that the W3C leadership has been trying to expand its dues paying membership, which has brought more ad tech firms into the standards-making process.

That’s made the voices of the few organizations advocating for internet users harder to hear. And one of those organizations, Mozilla, has become less vigorous in its defense of privacy.

“Mozilla has been slow to adapt and has not engaged,” Soltani said, attributing the shift in part to layoffs that affected its policy team. “It’s been playing a wait-and-see strategy. The one saving grace [in terms of user-focused advocacy in the standards process] has been Apple and folks like [WebKit engineer] John Wilander.”

“You can’t be blind to the fact that who can participate [in the standards process] and how much time they have will dictate outcomes,” he said. “At the end of the day, I do think while standards are important, as they bleed into policy debates, there’s a question to the transparency and legitimacy of the standards making process if it’s skewed to [W3C] members.”

In other words, if there are concerns about FLoC, perhaps they should be disclosed to the public and addressed in the open. ®



Source link

Technology

Apple’s new lockdown mode to protect from spyware such as Pegasus

Voice Of EU

Published

on

Coming to devices this autumn, the new lockdown mode aims to make Apple devices ultra-secure at the expense of functionality.

Apple has developed a new ‘lockdown mode’ for its devices to give extra security to users who are more susceptible to targeted spyware cyberattacks.

Individuals such as journalists, lawyers, government officials and human rights activists have been reportedly targeted by authoritarian governments and criminals using spyware such Pegasus by Israel’s NSO Group or, more recently, Italian spyware Hermit.

The new lockdown mode will be made available on the iPhone, iPad and Mac devices later this year, when Apple – known to make some of the most secure devices and software in the market – is expected to release a suite of software updates.

Apple describes lockdown mode as “an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security”. Turning it on secures the device’s defences, but comes at the cost of functionality.

Once turned on, lockdown mode blocks most message attachment types other than images and disables features such as link previews. Web browsing technologies such as just-in-time JavaScript compilation are disabled except for sites trusted by the user.

Incoming invitations and service requests, including FaceTime calls, are also blocked if the user has not previously interacted with the person initiating the call or request. Wired connections with a computer or accessory are also blocked when the iPhone is locked.

Lockdown mode is not compatible with the kinds of device management software often used by larger organisations.

“Lockdown mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” said Ivan Krstić, Apple’s head of security engineering and architecture.

Krstić noted that the “vast majority of users” will never be victims of highly targeted cyberattacks. But for the ones who may be at risk, Apple will work “tirelessly” to protect them.

“That includes continuing to design defences specifically for these users, as well as supporting researchers and organisations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”

Last November, Apple sued the NSO Group behind Pegasus spyware in a bid to “hold it accountable for the surveillance and targeting of Apple users”, two months after it had to issue an urgent security patch for a Pegasus backdoor on all devices.

NSO Group develops surveillance technology that can be used to track targeted iOS and Android users. It claims its products are only used by government intelligence and law enforcement agencies to prevent and investigate serious crime and terror incidents.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

Bridie Connell: the 10 funniest things I have ever seen (on the internet) | Comedy

Voice Of EU

Published

on

Ah, the internet. My reliable friend. I turn to it when I need to smile (cute pet videos), when I need to cry (war veterans being reunited with their kids), and when I need to destroy what’s left of my self-esteem (Instagram). There are plenty of arguments about why life would be better without it, and honestly? It probably would be. But it also wouldn’t be as funny. Here’s a bunch of things from the world wide web that never fail to make me laugh.

There’s nothing I enjoy more than people trying to make the world a better place. Particularly when they make the world better in a way they’d never intended. I can just imagine the conversations that took place in the drafting process for this campaign:

“We need a catchy and educational campaign to tackle the horrors of addiction.”

“Yes, one that shows we’re in this together, as a community.”

“One that doesn’t stereotype addicts.”

“I’ve got it!”

The result is what I believe they call a “swing and a miss.” A+ for effort, though.

If there was an award for best award acceptance speech, this would win. Julia Louis-Dreyfus is brilliantly funny (while accepting an award for being brilliantly funny) and she remains my hero.

Allow TikTok content?

This article includes content provided by TikTok. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. To view this content, click ‘Allow and continue’.

Here’s one for my fellow theatre kids. This pitch perfect sketch is from comedian and writer Jacob Kaplan. Does it make me laugh? Yes. Does it make me tense every single muscle in my body and hold my breath while I try not to think about the time that 14-year-old Bridie wrote a play about the dangers of DRINK-DRIVING and also DRUGS, which inexplicably culminated in a peppy dance routine? … No comment.

Amber Ruffin is one of the most versatile and talented comedians around. I love a lot of what she does, but this song is a special favourite. Hilarious, a little creepy and downright catchy: a winning combo!

This sketch from the late 1990s sketch group Big Train still delights me. Short, sharp, silly. Please and thank you!

Allow TikTok content?

This article includes content provided by TikTok. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. To view this content, click ‘Allow and continue’.

Adrian Bliss, Certified Internet Star™, is a go-to for inventive sketches (and a seemingly endless supply of costumes). Many of his skits feature historical characters, like this one about a Greek soldier inside the Trojan horse. That layer of awkwardness that the Brits do well drives this skit, and now that I’ve seen it I can only hear The Aeneid being read in Bliss’s voice: “I sing of arms and a man, innit.”

Now this, THIS is some relatable content. Don’t pretend you’ve never tied one on and woken up on a golf course/boat/gold lame suit, because I won’t believe you. Perfectly encapsulating the delight of a great night-turned great story, I give you this hungover Scotsman who woke up in the wrong house. Of course, it’s made all the better by the Glaswegian accent.

*Assumes elderly wizard voice* I have been studying and performing improv since I was knee-high to a grasshopper, so the Whose Line crew are some of my longtime heroes. This game is one of my faves, not just because it’s so funny and clever, but because the “mistake” that happens around the 2:20 mark encapsulates the joy and collaboration that good improv is all about. Oh dear, this got more earnest than I intended. Just watch it!

A masterclass in physical comedy, from one of the greats.

Last but not least, here’s a video to save for a day where you need a bit of a pick-me-up. This is my favourite of all “laughing baby” videos, a classic in a crowded genre. And sure, if we’re measuring “funny” by incisive satirical commentary or well crafted punchlines, then this is a fail – but no other video fires up my mirror neurons and makes me laugh as much as this one.

Seriously, if you watch this and don’t feel at least a little bit better, then call a cardiologist because you have NO HEART.



Source link

Continue Reading

Technology

North Korean ransomware dubbed Maui active since May 2021 • The Register

Voice Of EU

Published

on

For the past year, state-sponsored hackers operating on behalf of North Korea have been using ransomware called Maui to attack healthcare organizations, US cybersecurity authorities said on Wednesday.

Uncle Sam’s Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Treasury Department issued a joint advisory outlining a Pyongyang-orchestrated ransomware campaign that has been underway at least since May, 2021.

The initial access vector – the way these threat actors break into organizations – is not known. Even so, the FBI says it has worked with multiple organizations in the healthcare and public health (HPH) sector infected by Maui ransomware.

“North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services – including electronic health records services, diagnostics services, imaging services, and intranet services,” the joint security advisory [PDF] reads. “In some cases, these incidents disrupted the services provided by the targeted HPH Sector organizations for prolonged periods.”

The Feds assume the reason HPH sector organizations have been targeted is that they will pay ransoms rather than risk being locked out of systems, being denied data, or having critical services interrupted.

Maui, according to Silas Cutler, principal reverse engineer at security outfit Stairwell, is one of the lesser known families of ransomware. He says it stands out for its lack of service-oriented tooling, such as an embedded ransom note with recovery instructions. That leads him to believe Maui is operated manually by individuals who specify which files should be encrypted and exfiltrated.

The advisory, based on Stairwell’s research [PDF], indicates that the Maui ransomware is an encryption binary that a remote operator manually executes through command line interaction. The ransomware deploys AES, RSA, and XOR encryption to lock up target files. Thereafter, the victim can expect a ransom payment demand.

According to SonicWall, there were 304.7 million ransomware attacks in 2021, an increase of 151 percent. In healthcare, the percentage increase was 594 percent.

CrowdStrike, another security firm, in its 2022 Global Threat Report said North Korea has shifted its focus to cryptocurrency entities “in an effort to maintain illicit revenue generation during economic disruptions caused by the pandemic.” For example, consider the recent theft of $100 million of cryptocurrency assets from Harmony by the North Korea-based cybercrime group Lazarus. But organizations that typically transact with fiat currencies aren’t off the hook.

Sophos, yet another security firm, said in its State of Ransomware Report 2022 that the average ransom payment last year was $812,360, a 4.8X increase from the 2020 when the average payment was $170,000. The company also said more victims are paying ransoms: 11 percent in 2021 compared to 4 percent in 2020.

The advisory discourages the payment of ransoms. Nonetheless, the FBI is asking any affected organization to share information related to ransomware attacks, such as communication with foreign IP addresses, Bitcoin wallet details, and file samples. The advisory goes on to suggest ways to mitigate ransomware attacks and minimize damage.

Last month, the US Justice Department outlined its Strategic Plan for the next four years and cited enhancing cybersecurity and fighting cybercrime among its objectives. One of its key metrics for success will be the “percent of reported ransomware incidents from which cases are opened, added to existing cases, or resolved or investigative actions are conducted within 72 hours.” ®

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!