Archived version

Beijing may soon issue "cyberspace IDs" to its citizens, after floating a proposal for the scheme last Friday. The draft comes from the Ministry of Public Security and the Cyberspace Administration of China (CAC).

Although the policy is only open for comments and not certain to be adopted, the IDs would serve to "protect citizens' personal information, regulate the public service for authentication of cyberspace IDs, and accelerate the implementation of the trusted online identity strategy," according to a notice posted by the State Council – China's equivalent of a ministerial cabinet.

The ID will take two forms: one as a series of letter and numbers, and the other as an online credential. Both will correspond to the citizen's real-life identity, but with no details in plaintext – presumably encryption will be applied. A government national service platform will be responsible for authenticating and issuing the cyberspace IDs.

[...]

China is one of the few countries in the world that requires citizens to use their real names on the internet. ISPs are required to collect the real names and ID numbers when customers sign up for services and, since 2017, social media sites like Weibo and WeChat must authenticate accounts with documents – including national ID.

Logitech CEO Hanneke Faber recently discussed the possibility of one day selling a mouse that customers can use "forever." The executive said such a mouse isn't "necessarily super far away" and will rely on software updates, likely delivered through a subscription model.

Speaking on a July 29 episode of The Verge's Decoder podcast, Faber, who Logitech appointed as CEO in October, said that members of a "Logitech innovation center" showed her "a forever mouse" and compared it to a nice but not "super expensive" watch. She said:

I’m not planning to throw that watch away ever. So why would I be throwing my mouse or my keyboard away if it’s a fantastic-quality, well-designed, software-enabled mouse? The forever mouse is one of the things that we’d like to get to.

Having to pay a regular fee for full use of a peripheral could deter customers, though. HP is trying a similar idea with rentable printers that require a monthly fee. The printers differ from the idea of the forever mouse in that the HP hardware belongs to HP, not the user. However, concerns around tracking and the addition of ongoing expenses are similar.>>>>

So we'll all have our own familiar soon?

Archive link

Michael Orlitzky was not having a good day with his laundry. First CSC Serviceworks, a laundry management company, replaced all of the machines in his building with new coin-op or app-powered ones. The card reading machines had been an issue for years because the cards would stop working and the recharge machine would steal dollar bills, Orlitzky said. Now he had another enemy with its own quirks to get used to. Plus, CSC had replaced the machines about a week ahead of schedule, meaning that any cash on his or others’ laundry cards was now worthless and unusable.

Then, one of the new machines ate his quarters. The first machine was stuck on the cold setting, and he had to pay another $2 and move all of his belongings to another machine. He called CSC customer service and was on hold for an hour. CSC eventually told him to get a refund through the company’s website, which in turn insisted he install CSC’s app to proceed.

“That was the day I decided laundry would be free,” Orlitzky told 404 Media in an email.

Orlitzky then discovered multiple bypasses to CSC machines that allow him to wash his clothes for free. Since then, he’s been pretty quiet about the whole thing. Orlitzky published a brief write-up of his escapades on his personal website last year, but hasn’t shared it on social media. Some people in his building know his secret, but that’s about it. That is, until now, with Orlitzky due to speak at the DEF CON hacker conference in August about how he found infinite money cheats for CSC laundry machines. The talk is called “Laundering Money.”

I'm hoping Lina Khan keeps up her good work (and that Harris keeps Khan as the FTC head). | archive

Senators Ron Wyden (D-OR) and Edward Markey (D-MA) sent a letter [PDF] to the US regulator's boss Lina Khan on Friday after the pair conducted an investigation into General Motors, Honda, and Hyundai.

Honda buried the disclosures about its business relationship with Verisk, which did not appear on the first page, and were not likely to be seen by many consumers.

GM and Hyundai allegedly neglected to mention selling data to Verisk at all.

If GM car owners wanted notifications about things like attempted break-ins and vehicle component health, they needed to sign up for the manufacturer's Smart Driver program, and doing so would quietly opt them into allowing their info to be sold on.

"The lengthy disclosures presented by GM before the opt-in did not disclose to consumers that as part of enrolling in Smart Driver, their driving data would be shared with data brokers and resold to insurance companies," the senators alleged, adding GM "disclosed customer location data to two other companies, which it refused to name."

Hyundai apparently enrolled its drivers into a similar Drive Score program without even asking, if they enabled the internet connection on the vehicle.

The first modern barcode was scanned 50 years ago this summer – on a 10-pack of chewing gum in a grocery store in Troy, Ohio, in the U..S.

Fifty is ancient for most technologies, but barcodes are still going strong. More than 10 billion barcodes are scanned every day around the world. And newer types of barcode symbols, such as QR codes, have created even more uses for the technology.

Archived version

A little-known spyware maker based in Minnesota has been hacked, TechCrunch has learned, revealing thousands of devices around the world under its stealthy remote surveillance.

[...]

The data shows that Spytech’s spyware — Realtime-Spy and SpyAgent, among others — has been used to compromise more than 10,000 devices since the earliest-dated leaked records from 2013, including Android devices, Chromebooks, Macs, and Windows PCs worldwide.

Spytech is the latest spyware maker in recent years to have itself been compromised, and the fourth spyware maker known to have been hacked this year alone.

[...]

Spytech is a maker of remote access apps, often referred to as “stalkerware,” which are sold under the guise of allowing parents to monitor their children’s activities but are also marketed for spying on the devices of spouses and domestic partners. Spytech’s website openly advertises its products for spousal surveillance, promising to “keep tabs on your spouse’s suspicious behavior.”

[...]

The breached data [...] contains logs of all the devices under Spytech’s control, including records of each device’s activity. Most of the devices compromised by the spyware are Windows PCs, and to a lesser degree Android devices, Macs and Chromebooks.

The device activity logs [...] were not encrypted.

Given the shutdown/attack today, which targeted stations far from the capital, this, ah... did not go well.

Excerpts from article:

Security measures in Paris have been turbocharged by a new type of AI, as the city enables controversial algorithms to crawl CCTV footage of transport stations looking for threats.

After training its algorithms on both open source and synthetic data, Wintics’ systems have been adapted to, for example, count the number of people in a crowd or the number of people falling to the floor—alerting operators once the number exceeds a certain threshold.

Houllier argues that his algorithms are a privacy-friendly alternative to controversial facial recognition systems used by past global sporting events, such as the 2022 Qatar World Cup. “Here we are trying to find another way,” he says. To him, letting the algorithms crawl CCTV footage is a way to ensure the event is safe without jeopardizing personal freedoms. “We are not analyzing any personal data. We are just looking at shapes, no face, no license plate recognition, no behavioral analytics.”

Levain is concerned the AI surveillance systems will remain in France long after the athletes leave. To her, these algorithms enable the police and security services to impose surveillance on wider stretches of the city. “This technology will reproduce the stereotypes of the police,” she says. “We know that they discriminate. We know that they always go in the same area. They always go and harass the same people. And this technology, as with every surveillance technology, will help them do that.”

At issue in the case is the Web and App Activity toggle in Android device’s settings. Turning the toggle off prevents future web and app activity being saved to a user’s Google account.

The class plaintiffs, a suit first filed in 2020, claim that Google collected their personalized data even though they turned the toggle off. They claim the toggle gives users the false impression that they can “opt out” of sharing all data with Google and third-party developers, and accused Google of invasion of privacy.

Santacana said that none of the data that Google collected could be tied back to a user and that the defendants had failed to include a single example of the data being tracked back to a user, being used for personalized advertisements or being used to build marketing profiles.

Seeborg, a Barack Obama appointee, told Santacana that he thought the language in Google’s privacy policy could possibly mislead a reasonable consumer into believing that toggling the function off stops collection of all data.

Santacana replied that it’s not Google’s fault if a user doesn’t interpret the policies correctly.

David Boies, counsel for the class plaintiffs, told Seeborg that he didn’t believe that Google doesn’t collect personal information, and that even the non-personal information could identify a person’s mobile device and be linked to a specific individual.

Boies read Seeborg copies of Google employees’ internal emails, in which multiple employees expressed that they felt the privacy policy was fooling users into thinking that personal information wasn’t being collected. In the emails, the Google employees also said they were collecting and using personal information.

Seeborg took the matter under submission.

Since the beginning of the generative AI boom, content creators have argued that their work has been scraped into AI models without their consent. But until now, it has been difficult to know whether specific text has actually been used in a training data set.

Now they have a new way to prove it: “copyright traps” developed by a team at Imperial College London, pieces of hidden text that allow writers and publishers to subtly mark their work in order to later detect whether it has been used in AI models or not. The idea is similar to traps that have been used by copyright holders throughout history—strategies like including fake locations on a map or fake words in a dictionary.

These AI copyright traps tap into one of the biggest fights in AI. A number of publishers and writers are in the middle of litigation against tech companies, claiming their intellectual property has been scraped into AI training data sets without their permission. The New York Times’ ongoing case against OpenAI is probably the most high-profile of these.

The code to generate and detect traps is currently available on GitHub, but the team also intends to build a tool that allows people to generate and insert copyright traps themselves.

This guy! 😮‍💨

To deal with all this Intel CPU disaster, I've been having to manually check MSI's website for mobo updates. It occurred to me that keeping BIOSes and other drivers that aren't delivered through your OS's update manager of choice is such a pain, and it's common knowledge that a lot of critical BIOS updates just don't get applied to systems because folks don't check for updates unless there's a problem.

Thinking about that, I realized that it would make life a lot easier if you could just have section in your RSS reader for firmware updates, and each mobo manufacturer published BIOS update announcements as an RSS feed. All your updates are in one place, and you're notified promptly! Of course, this would also apply to NVIDIA drivers, so you can get automatic updates on Windows without having to download Geforce NOW bloatware, but of course that's very intentional on NVIDIA's part.

Does anyone know of other easy ways to passively keep track of BIOS updates?

Looks like AMD saw Intel and is trying to capitalize and learn from Intel's mistake by delaying until they can guarantee a stable launch

Personally I see this as a win for consumers as you're more likely to get a higher quality product by either company (AMD's move here is likely to echo in Intel)