The UpStream (Page 4)

CD Projekt Red gets ransomed, auction fails to attract attention

posted Saturday Feb 13, 2021 by Scott Ertz

CD Projekt Red gets ransomed, auction fails to attract attention

We have said many times that malware, including ransomware, can affect anyone, so everyone should be vigilant. Late last year, SolarWinds was hacked. This company makes network management software, and yet they were hit. Last month, malware detection company Malwarebytes was hit by the same group. The latest high-profile company to fall victim to malware is CD Projekt Red, the publisher for Cyberpunk 2077.

The company, which has had a rough 12 months, announced they had been hit by ransomware. The hackers claimed to have source code for several of the company's popular titles, including Cyberpunk 2077 and The Witcher 3, and the code would be released in some manner if the company didn't pay up. The company's official position was,

We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data.

This stand was possible in part because the data that was lost did not contain customer data, only their own. Presumably, the company would have responded differently if the hackers had information about you. The company was also likely hoping that the hackers were bluffing - either not having all of the data they claimed or not going through with the sale after the deadline. This week, that might have gone awry.

According to VX Underground, the code was posted on a dark web auction site. Security firm KELA confirmed the authenticity of the code, and told The Verge about the rules of the auction. It cost just shy of $5000 to participate, and had a $500k bid raise and a $7 million "buy it now" option. As of Thursday, the auction was listed as closed successfully, with a note saying,

An offer was received outside the forum that satisfied us.

Presumably, the note wants us to believe that someone offered a large sum well over the $1 million going price, but below the BIN price. However, because of the slow movement of the auction, there is another theory - no one actually bid on the auction and the closure was an attempt to save face following a spectacular failure. Emisoft analyst, Brett Callow, said in a blog post,

There is another possible scenario that we think is more likely: no buyer exists and the closure of the auction is simply a means for the criminals to save face after failing to monetize the attack following CD Projekt's refusal to pay the ransom. We have seen this behavior in the past with REvil, a ransomware group that threatened to release damaging information about Donald Trump. Although the hacked law firm refused to pay to prevent the leak, the information was never published-the attackers just claimed to have sold it.

For ransomware attacks to continue to be successful, the threat has to be credible, and if the threat in this case was a failure, it could affect future attempts. However, it is good to see that this one, in particular, was a failure.

North Dakota wants to ruin iPhone, according to Apple privacy engineer

posted Saturday Feb 13, 2021 by Scott Ertz

North Dakota wants to ruin iPhone, according to Apple privacy engineer

Over the past few years, Apple has done a lot of marketing around the idea of privacy. This is likely because they have begun to lose their perceiver authority in security, which only existed because no one used their products, making them a worthless target. These days, however, Apple devices (at least the mobile kind) can be found everywhere, so there's value in attacking them now. So, the company's public perception of a focus on privacy has become its driving goal. However, there is a point where privacy, usability, and ownership collide, and iOS is that place.

While Apple has received praise for their tracking change, except from Facebook, there has been a lot of backlash on another topic - app fairness. The topic was originally raised by Epic Games when they were not allowed to keep Fortnite in the App Store after removing the in-store payment system. Since then, the Coalition for App Fairness has been formed, even adding major media publishers. Now, the group has a new unofficial partner - the state of North Dakota.

The state has proposed a bill that would prevent any "digital application distribution platform" from locking users into a single, exclusive distribution method, such as an app store. While this law seems specifically aimed at Apple's devices, such as iOS, iPadOS, tvOS, and watchOS, it would apply to other companies, including Android, Roku, and more. While the Coalition for App Fairness, and most users, are excited about this potential, Apple is not. Apple's Chief Privateness Engineer, Erik Neuenschwander, said that the bill would "destroy iPhone as you know it." Yes, Erik, that's kind of what they're going for.

There are a few important notes to keep in mind. If passed, the law would only apply to North Dakota. However, as we know with vehicle emissions, one state can set the rules for the country. Apple would be required to make the capability possible, and it would have to apply to all iPhones and iPads within the state of North Dakota, even if they were purchased somewhere else. As such, it might come down to implementing the capability nationwide. Knowing Apple, though, it is more likely that they will be as vindictive and petty as possible and implement a GPS-enabled feature.

YouTube is the latest service to test clipping published videos

posted Sunday Jan 31, 2021 by Scott Ertz

YouTube is the latest service to test clipping published videos

YouTube is currently testing a new feature inspired by Twitch - clips. This concept allows users to create small, sharable pieces of video from larger videos already available on the platform. Viewers will be able to hit a button and be presented with a sliding timeline editor. Users will be able to select up to 60 seconds, give the clip a name, and receive a unique URL to share wherever and however.

One of the big differences from the implementation on Twitch is that it will not create a new, unique video. Instead, it will function more like how sharing a video from a timestamp works. When someone follows the link, it will take you to the original video, with the timeline limited to the segment selected by the original sharer. The viewer will then have the option to view the entire video. Because they are already on the page, the player will just unlock the timeline and play from the beginning.

The nature of the implementation means that these clips are not listed anywhere. One of the aspects of clips that have made them a success on Twitch has been the popular clips section of a content creator's channel. Viewers can see the short segments of a streamer's longer videos that their fans have found the most interesting. Making the clips private on YouTube removes that engagement for fans.

For content creators, these clips could pose problems in regards to YouTube's recommendation engine. The algorithm takes views into account but also takes overall view time into account. So, if a content creator makes a perfect length video, and someone clips a 60-second segment, the channel will get the view, but will also show only 60-second retention. If Google doesn't take that into account, it will certainly harm the discoverability of new content.

In addition, it could harm income. Many content creators, including ourselves, include ad-reads in their videos. Clipping the video will remove that ad from the video, potentially leading to lower revenue for the creator. Google has said that ads will still be run on clips, so long as the original video is at least 30 seconds, though we suspect it will actually apply only to clips that are 30 seconds in the end. This means that creators will still have a way to monetize, but it will force them to rely even heavier on YouTube's own system, which can be revoked at a moment's notice without explanation.

What in the world actually happened with GameStop this week?

posted Saturday Jan 30, 2021 by Scott Ertz

What in the world actually happened with GameStop this week?

This week has been an absolutely fascinating one for the stock market, and everything that surrounds it. A stock that was significantly overpriced went through the roof instead of falling. A company called Robinhood, which bills itself as the democratization of investing, prevented people from investing. Reddit and Discord closed servers over racial discrimination. Google deleted thousands of app reviews. And, weirdest of all, Representative Alexandria Ocasio-Cortez and Senator Ted Cruz agreed on something. But, what exactly happened?

What is Short Selling?

This part has been one of the hardest to understand, so let's cover it quickly. Shorting a stock is a process in which an investor recognizes that a stock has been mispriced. This could be because of a misunderstanding of the business's dealings, an overreaction to an announcement, or simple market fluctuations. The investor will then borrow shares of a stock from another investor, traditionally large institutional investors, and sells them at the current price. The hope is that the price will correct itself in the short-term, lowering below the price they sold it at. The shorter will then repurchase the number of shares at the new price, and return them to the investor from which they borrowed them, with a small fee for the lend.

Shorting a stock does not mean that an investor is trying to destroy the price of a stock, but simply that they believe the stock is mispriced and is about to correct. For an investor to effectively destroy the stock itself, they would have to borrow and sell the shares to a market that doesn't want to purchase them, which would drive the price down. But, that would defeat the purpose of the entire process for the investor.

Why GameStop?

A group of amateur investors on Reddit board /r/WallStreetBets noticed that several hedge funds had short positions on GameStop. In an attempt to squeeze the hedge funds, the group all decided to make purchases of GameStop shares to try and drive the price up. Because of the size of the group, the price was driven up enough that the paradigm shifted, with WallStreetBets seeing a return and the hedge funds seeing a loss. Short squeeze is a fairly standard investment practice, so at this point, there was nothing particularly interesting about what was happening.

The big change happened when people who were not involved in the investment heard what was happening and decided they wanted to get involved. Some thought they saw the potential for financial gain, while others thought they were robbing the rich in order to feed the poor. Either way, it was a misunderstanding of what was actually going to happen next.

What's the Next Step for Investors?

As part of a short squeeze, once the investors with the short positions sell, it's a mad dash to get out. The sale of the short shares will signal the height of the price, so those invested in the squeeze will need to sell quickly, before the stock price inevitably crashes. The people who hold the stocks the longest are going to get the lowest price, and are therefore most likely to get harmed by the process.

The Reaction Is Way Worse

There is nothing illegal or immoral about short selling. There is nothing illegal or immoral about short squeezing. However, what happened after the initial squeeze has caused some issues. Because WallStreetBets never claimed that the price of the stock was going to go up, the actions do not constitute a "pump and dump" fraud. The actions could potentially be considered a Ponzi scheme under the right light, but will likely not be charged as such.

The real problem has been the overreaction from investment platforms, in particularly Robinhood. Despite the platform not being a true and proper investment or trading floor, it acts close enough. The big difference behind the scenes is how shares are purchased and distributed. Because of the behind the scenes concerns, the company decided to stop the ability to purchase shares of GameStop. Some saw this as a reaction to threats from institutional investors, while others saw it as a reaction to government interference. In reality, it was likely a reaction to protect itself from its own purchase and sale system.

No matter the reasoning, the perception of the action was a huge problem. Customer felt like they were being harmed by the establishment they thought they were trying to harm. That perception led to literally thousands of app users posting 1-star reviews for Robinhood on the app stores. The influx was so severe that Google felt the need to intervene. The company has confirmed that they deleted "at least" 100,000 negative reviews of the app from the Play Store. They claim that the review system was being misused, and therefore the reviews themselves were invalid.

So, What is the Problem?

The real problem that occurred here was the odd misunderstanding of what was happening, that will inevitably lead to the opposite of what people thought was the goal. The amateur investors that got into the practice late in the process, particularly those who bought in after the short squeeze forced the institutional investors to sell their positions, are going to lose their shirts.

Before the process started, the stock price was already inflated above its proper value. It was going to drop, if not for the intervention from Reddit. But, because the stock skyrocketed, the amount of loss that is coming is going to be significant. But, the hedge funds and other institutional investors are already out. Yes, some have filed bankruptcy and taken out new lines of credit under other corporate entities, but they will survive, because they are setup to handle loss.

Regular people, who invested their savings into a stock that is 10 times its proper price, are going to see that money thrown away, likely to institutional investors who will respond to the overcorrection, will get the stock back for a deal, far below where they had their short positions a week ago. The ones who will win the biggest are those who organized the scheme and likely got out before they got harmed, and instead made a ton of money in the process. Institutional investors will win, but in the long game - not this week or month. Wall Street did not get robbed in favor of the little buy - the little guy is the one who will end up losing in this scheme.

GeForce Now comes to Google Chrome following Safari in November

posted Saturday Jan 30, 2021 by Scott Ertz

GeForce Now comes to Google Chrome following Safari in November

Videogame streaming services have become the gaming industry's version of video streaming subscriptions. There are a lot of companies getting involved, and not everyone is having a good go of it. While Microsoft and Google's services have been met with mostly positive responses, other companies have not been quite as lucky. Every service has to go out of its way to separate itself from the pack. Microsoft has its Xbox game catalog and Xbox Game Pass to draw gamers in. Google has a strong ecosystem, and the ability to create bundles. Nvidia's GeForce Now service set itself apart by allowing you to play any PC game you already own through the service.

Like all of the other streaming services, GeForce Now has fought the ability to reach gamers where they want to play. One of the challenges, of course, has been Apple. The company has worked hard to ensure game streaming platforms have a hard time on their devices. Microsoft has fought the policies publicly, with slight success.

In an attempt to get around this, services, including GeForce Now, have resorted to building web versions of their interfaces. In November 2020, the service released a Safari-compatible version of their software, and this week, the service is officially available in Chrome as well. It can be used on Windows and Mac and allows for some app-style features. The most interesting is the ability to add a desktop shortcut for games from the app. The service is currently in beta but seems to be fully functional.

The service, which was in beta for a long time, finally released to the public in early 2020. But, the service hit speed bumps quickly, as publishers contested the service's tenant of streaming their games without their knowledge. Nvidia believed that by essentially providing a remote desktop interface that they would be able to do this without a contract, but after a few days publishers pulled access to their games. They have since managed to stabilize the catalog and win back the support of gamers.

Facebook makes one final appeal to Apple to allow secret tracking

posted Saturday Jan 30, 2021 by Scott Ertz

Facebook makes one final appeal to Apple to allow secret tracking

A lot of attention has been put on Big Tech lately. In some cases, it seems the entire industry agrees, whether correctly or incorrectly. But, in other instances, the industry is entirely split. One of the best examples has been privacy. Some companies have taken a neutral stance, some have taken a public stance in favor of user privacy, and some have built their business around violating that privacy. In this week's battle over privacy, Apple has taken the pro-user stance while Facebook and Google have taken a stance against it.

With the announcement of iOS and iPad OS 14, Apple announced that it would roll out a collection of new privacy policies for any apps in the App Store. The first new feature features a detailed list of data collection policies within each app. You can see if the app uses the IDFA (ID for Advertisers), UUID, phone number, etc. Some of these have long had dialogs for permission on first use, but the IDFA has not. That was the second new feature - a user prompt to allow or block app access to the IDFA, called App Tracking Transparency. Apple describes it saying,

App Tracking Transparency will require apps to get the user's permission before tracking their data across apps or websites owned by other companies. Under settings, users will be able to see which apps have requested permission to track so they can make changes as they see fit.

While both of these announcements brought controversy from companies who rely on this data, those who use the IDFA to connect your activities on and off-platform were the loudest. The remodeled App Store listing has already been released, but Apple delayed the dialog. With the announcement that the dialog had officially launched in the developer beta of iOS 14, Facebook went on the offensive, trying to change Apple's mind. In particular, they have tried to sway the public against this feature designed to protect them.

Facebook has claimed that, by limiting the company's ability to track you across all sites and apps they own, plus all sites that implement the company's tracking pixel, you will be harmed. If you manage a business page on Facebook, and you have accessed it through the app on an Apple device, you have likely seen the notification at the to trying to convince you this is bad.

Facebook has correctly pointed out that this policy shift would inhibit its ability to collect information to create more accurate and targeted ads. They even took an opportunity through its earnings report to attack Apple's decision, claiming to be on the side of small businesses. While the information presented is correct, it's not the whole story. Users will have the ability to decide if they want their ads to be more accurately targeted to them, or if they would prefer Facebook, a company not known for treating user data with respect, can know what they're doing. In addition, a lot of people will not read or understand what the dialog says, and will just accept it to get back to using the Facebook app.

Facebook has obviously been ignored by Apple, but the company may not be able to entirely ignore them for long. According to a report, the company is considering a lawsuit. The suit would allege that Apple has used its position to actively inhibit the business development of competitors and those it disagrees with. If the report is correct, it would add to Apple's anti-competitive woes, as there are organizations and lawsuits in place from others.

This case differs from the others in that it affects Apple's users differently. The Epic suit alleges that what Apple is doing is harming the users themselves by limiting the choice for users, while Facebook's potential suit would allege that Apple's actions are harming the company by giving choice to users.

Google has also fought the idea, but has decided that a legal challenge is not going to be a success. Instead, they have accepted the loss of access to the IDFA and have chosen a different technology to allow them to get around the limitation. In a blog post, the company said,

When Apple's policy goes into effect, we will no longer use information (such as IDFA) that falls under ATT for the handful of our iOS apps that currently use it for advertising purposes. As such, we will not show the ATT prompt on those apps, in line with Apple's guidance. We are working hard to understand and comply with Apple's guidelines for all of our apps in the App Store.

Google will switch to another Apple tool, SKAdNetwork, which allows for similar but significantly more limited tracking of users. Google is going to push Apple to enhance this SDK, hoping they will get all of the capabilities of IDFA, though it is unlikely that Apple will follow.

We're live now - Join us!



Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats