Over the last couple of weeks, there have been a number of reminders that any device that plugs into a computer port can be a hazard. This is even truer when the device plugs into an actively powered port, like USB. A few weeks ago, a flaw was demonstrated that showed that a USB cable could easily be made to create an opening for remote hacking into a system. The flaw is called BadUSB and was actually discovered years ago. Only recently, however, was the flaw applied to anything other than storage devices.
This week, a similar flaw was discovered that affects Thunderbolt devices, rather than traditional USB. This discovery comes care of research conducted between the Department of Computer Science and Technology at the University of Cambridge, Rice University and SRI International. The more creatively named Thunderclap bypasses Input-Output Memory Management Units over Thunderbolt over USB-C, otherwise known as Thunderbolt 3. According to the report,
An essential insight is that, while IOMMUs allow peripheral devices to be constrained, the DMA interface between device drivers and peripherals is a porous and complex attack surface that malicious actors can manipulate to influence software behavior and trigger vulnerabilities.
All of this underscores a recurring problem: insecure innocuous items. Over the years, we've seen a number of seemingly safe devices and software turn out to be just the opposite. The most obvious situation is mobile apps that pretend to be games and productivity software, but actually, steal your data and upload them to remote servers. Less obvious, but potentially more dangerous, are phone charging stations, like what you see at the airport. It is possible to place a Raspberry Pi inside of the charging station designed specifically to read data over the USB port on your phone.
The important thing to remember is, don't plug your device, either computer, phone, or tablet, into anything you do not trust entirely. Purchase USB cables and flash drives from known brands. Don't charge your phone on someone else's plug - always use your own environment or a Qi charger. Your privacy and security are not worth the slight savings you might receive.
For content creators, there is nothing worse than the strike system. Most users will receive one strike in their lifetime, often for things that are out of their control. That first strike will disable live streaming capabilities, and can even turn off monetization. The company has changed its policies on strikes, making the first rule violation a warning rather than a strike. This means that the majority of users will never receive an actual punishment anymore, making it far easier to build an audience. This applies to almost all rules but does not adjust YouTube's active content censorship.
Once YouTube began the process of censoring content, it was predicted that it would produce a slippery slope of continued censorship. While it started with advertisers complaining about terror videos, it has definitely evolved. Just last month, the company announced that they would define truth, and censor content that does not coincide with their truth. That policy has expanded its definition this week, officially declaring that anti-vaccination videos defied their truth. Because of this, any video that discusses anti-vaccination or the dubious science behind it can no longer be monetized. This decision was made after advertisers raised concerns that their products were appearing alongside these videos. YouTube said via statement,
We have strict policies that govern what videos we allow ads to appear on, and videos that promote anti-vaccination content are a violation of those policies. We enforce these policies vigorously, and if we find a video that violates them, we immediately take action and remove ads.
In addition to anti-vaccination videos, YouTube has taken action on another classification of videos: kids. Because of the way the YouTube algorithm works, once you start looking at certain videos, you create a profile that will continue to show that content. There is a large collection of videos of kids in compromising positions, usually girls in skirts who don't necessarily realize that they are flashing the camera. These videos have brought on inappropriate comments, timestamping, and sharing of "related content" by users. The process is detail by MattsWhatItIs.
Fortunately, YouTube has taken action on this problem by turning off comments on these videos, closing channels, and banning users. The problem has been known for years, but it took advertiser boycotts by companies like Epic Games before the company took action. It raises a question of what exactly is the driving force behind YouTube's motivations. The company willingly acts on videos that talk about flat-Earth, but it took advertiser interaction to respond to this.
Over the past few years, more internet users have begun using VPNs (virtual private networks) to protect their browsing history from prying eyes. With companies like Facebook and Google, not to mention ISPs themselves, expanding their snooping methods, it is no surprise that users are looking for ways to protect their privacy. Unfortunately, not everything is always as it seems when it comes to the internet.
Take, for example, VPN service Onavo Protect VPN, which was available in the Google Play Store, as well as Apple's App Store. As with any VPN, users expected that the service would allow them to connect to the network with the intention of anonymizing their browsing. The reality, however, is that the service, purchased by Facebook in 2013, did just the opposite. In fact, Facebook used the VPN as a direct method of collecting browsing and user data from those who were using it. According to the archived Google Play listing, the app did disclose its behavior, but we all know how much of an app's description users actually read.
Apple discovered the behavior in 2018 and pulled the app from the App Store for violating its data collection policies. This week, Facebook officially killed the project, removing the app from Google Play as well. While the website still exists, the information is definitely incorrect. Links to both iOS and Android apps are dead, and the company is no longer offering the service.
This is not the first time Facebook has done this type of thing. In fact, Facebook Research ran an experiment, paying rewards to teens and adults that would install a similar VPN service, which gave the company root access to their phones and tracked all of their behavior. This app is not distributed through official channels, meaning that Google and Apple have had no recourse to stop the behavior. According to Facebook, this program is no longer recruiting new members but will continue with those who are already involved.
The end of these programs definitely signals a Facebook that is aware of consumers' mistrust in the brand. 2018 was not a good year for Facebook's brand image, especially when it comes to privacy and security. Between hacks and improper data usage, Facebook is quickly becoming synonymous with privacy violation, and this move is intended to prevent another scandal.
For all of 2018, Fortnite was a force that could not be stopped. Not only gamers but really everyone heard of the game on a regular basis. Whenever something becomes such an iconic part of the culture, it is inevitable that people will try to make a dollar off of the trend. In the case of Fortnite, we saw the normal artwork, clothing, plushies, and collectibles, but this game wasn't quite the same as other trends.
In the UK, a supposed Fortnite-themed real-life event was planned: Fortnite Live Norwich. This convention of sorts promised attractions like archery practice, go-karts, rock climbing, and more. All of the attractions were supposed to be taken from current or previous game elements, allowing kids to experience the things they had played virtually in the real world. Unfortunately, the event did not go as planned.
As if trying to channel the massive failure that was Fyre Festival, Fortnite Live Norwich seemed to not plan for the possibility that people would actually attend. The number of attractions was incredibly limited, and the ones that were there were not designed for a lot of people. For example, the archery station could only accommodate 4 kids at a time. This poor planning meant that the 2,500 attendees, all of whom paid to enter, waited in very long lines and did not get the themed experience they were promised. In fact, the theming was light, to say the least. Staff, which were in very small quantity, were not even in costume.
Some attendees were able to get their money back on the day of the event, but most were either refused or were not willing to stand in another long line to get a refund. In response to the massive failure of an event that was not sponsored or endorsed by Epic Games, the maker of the game, Epic has said they will sue the organizers of the event. Obviously, this event has the potential to damage the reputation of Epic, whether or not they were involved.
Hopefully, in the end, the attendees will all get their money back, and the organizers will be punished to the point where others will not attempt anything like this without planning.
There is little doubt that Nest brought about the modern smarthome. Sure, there were companies making products in this category for decades, but it wasn't until the Nest thermostat that the general consumer was truly made aware of the idea. However, between the release of the first Nest product and today, a lot of things have changed. Those changes began when the company was purchased by Google for $3.2 billion in 2014. As Google reorganized time and again, the brand got moved around, first out of Google and then back inside.
In addition to the constant shift in focus outside of the company, Nest has branched out from its thermostat roots into other smarthome products, including a home security hub called Nest Guard. This hub connects a number of other Nest security products together and acts as the audible alarm for the entire system. This week, Google announced that a new feature would be added to the Guard: Google Assistant. With this added feature, you can now speak directly to the Guard and use any of the Google Assistant's features.
There's only one problem with this feature: how can it work? According to all of the documentation for the product says nothing about the device having a microphone. So, how are you supposed to be able to speak into it? Has Google figured out some way to listen to audio without a microphone? As it turns out, it's not nearly as cool as that. In fact, the Guard has had a microphone built-in all of this time, but Google never disclosed it.
For a company with a history of privacy violations, the idea that they placed connected microphones into the homes of unsuspecting consumers is beyond concerning. In response to criticism, Nest tweeted,
We included a microphone in the Nest Guard with features such as the Google Assistant in mind.
It has not been used up to this point, and you can enable or disable it at any time using the Nest app.
It's a clever sidestep of the issue, however, never addressing the transparency issues. The initial inclusion, as well as the lack of transparency even with customers who are concerned today, is going to create a lot of problems for Nest and Google. First, of course, is the loss of trust from consumers. If Google wants to be able to continue to grow its Assistant business, consumers have to trust that they are not being taken advantage of. However, more importantly, is the legal ramifications.
It is possible that the inclusion of the microphone without including it on the product packaging or documentation for 15 months could be legally identified as spy technology. That could place charges as high as espionage on the company and the employees involved in releasing the product. In most countries, including the US, espionage is classified as treason. Initial reports may have viewed this as an inconvenience for Google's smarthome ambitions, the reality is farmore dangerous for a lot of people at Google and Nest.
Since Disney first started talking about streaming services, it has been assumed that there would be one of more Disney-owned platforms designed to stream Disney-owned content. At once point, there was rumor of as many as three services, with one being designated for each of the major segments of the company's content: Disney, Marvel, and Lucas. Over time, the offering has been narrowed down to a single service that would house all of Disney's content under one roof.
This week, on the company's earnings call, CEO Bob Iger gave us a little bit of insight into the future of the platform. First, the service will be named Disney+, which is reminiscent of the previous branding of Hulu's paid service, Hulu Plus. The naming scheme is a little ironic as, with the closing of the Disney-Fox merger, Disney owns 60 percent of Hulu (30% from ABC and 30% from 20th Century Fox).
Even more surprising than the poor name choice is the format of the service. In addition to the expected Disney, Marvel, and Lucas branded content, Disney+ will also feature licensed content from other sources. This means that Disney+ will be in direct competition with Hulu, both for consumer spending, but also for streaming rights negotiations. In essence, Disney will be competing with themselves when new content becomes available for streaming.
Hulu has fairly sweeping contracts with ABC, Fox, and NBC when it comes to the shows that are broadcast over the air but do not have guarantees on everything. For example, new episodes of The Blacklist is currently missing from Hulu and is available exclusively through NBC's own streaming service and website. It is possible that, with time, we will see ABC content become equally questionable as to which service will get the rights, despite this behavior being bad for consumers.
The first major project that would have previously appeared on another service, Captain Marvel, will be skipping a Netflix release after the theater and will instead release exclusively on Disney+. The company has not announced an official release timeframe, but based on the Captain Marvel reveal, it will likely be available by the end of 2019. A preview of the service will be made available at a major investor meeting on April 11.