Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Thousands of alleged email addresses and passwords linked to organizations battling the coronavirus pandemic prominent have been dumped on the Internet, where they almost immediately were used to foment hacking attempts and harassment by far-right extremists.
https://thehackernews.com/2020/04/zero-day-warning-its-possible-to-hack.html
It is, perhaps, your dream job “ doing software testing for positive world-changing applications such as space exploration. But that comes with additional concerns, such as lives at stake and too-far-to-repair constraints.
https://www.functionize.com/blog/how-nasa-does-software-testing-and-qa/
Amazon wouldn't be the first consumer company to do it, but it would be the biggest.
“The virus is reminding us that the purpose of scholarly communication is not to allocate credit for career advancement, and neither is it to keep publishers afloat.”
For research-policy manager Elizabeth Gadd, the pandemic has highlighted the importance of open science. (Wonkhe | 6 min read)
https://wonkhe.com/blogs/the-purpose-of-publications-in-a-pandemic-and-beyond/
Experian, Equifax and TransUnion are now offering free credit reports to all Americans on a weekly basis for the next year so you can protect your financial health during hardships from the coronavirus.
https://www.nytimes.com/2020/04/22/us/politics/coronavirus-china-disinformation.html
American officials were alarmed by fake text messages and social media posts that said President Trump was locking down the country. Experts see a convergence with Russian tactics.
https://www.washingtonpost.com/nation/2020/04/22/las-vegas-coronavirus-reopen/
Just two months ago, the discovery that two people infected with the coronavirus had no symptoms was such big scientific news that it was published in the New England Journal of Medicine. <https://www.inquirer.com/health/coronavirus-transmission-asymptommatic-nejm-german-report-20200218.html>
Now, it is becoming clear that much, if not most, of the spread of the virus is by infected people who don't get sick. New evidence comes from a Boston homeless shelter, an Italian town, a California county, and a Navy aircraft carrier. […]
I can't even send a private message to my sister.
I'd say we've now reached the “tipping point” in killing free speech on the Internet.
Encryption is no longer just about privacy; end2end encryption is now essential to avoid censorship.
I sent a message with a subject heading:
Subject: <<some text>> protect against COVID19
My message got bounced with the following explanation: ------------------------------------------------------------- This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
emailname@domain host mx01.domain [XX.XX.XX.XX] SMTP error from remote mail server after end of data: 554 5.7.1 [P4] Message blocked due to spam content in the message.
A revered global brand, Denmark's Lego has generously contributed their expertise and facilities to manufacture and donate personal protective equipment (PPE). Lego has pledged US$ 50M for pandemic relief efforts.
This example of corporate generosity from a trusted brand raises an important risk. Lego makes toys. The pandemic has compelled a humane business decision to become PPE suppliers, almost overnight.
The USA Today article does not discuss factory health and safety certification or compliance standards. Apparently, one must assume that you can “Bet your life on Lego.”
Must Lego PPE satisfy ISO and other important/essential standards? Are the PPE recipients equipped to perform receiving inspections and verify fitness for use? Where are the inspection results? Are the inspectors qualified? Has a manufacturing or inspection waiver been granted given the emergency? Under whose authority? Is industrial regulatory compliance mandatory under pandemic conditions for PPE?
If the PPE is faulty, patients and healthcare personnel will be at greater risk of infection.
Reports about ineffective coronavirus test kits, substandard personal protective equipment (PPE), and global shortages are noteworthy. See: https://www.dw.com/en/coronavirus-netherlands-recalls-defective-masks-bought-from-china/a-52949216, https://globalnews.ca/news/6769162/canada-medical-supplies-coronavirus/, https://www.nytimes.com/2020/04/19/nyregion/coronavirus-face-shields-factory-nyc.html.
Israel's Ministry of Health distributes such an application, which seems to be using something similar Google's Timeline to backtrack confirmed infected people and warn app holders who had come in contact with them.
I have downloaded this application, and indeed received a warning that I had been in the vicinity of an infected person, and have to go into isolation for up to 14 days from the moment of contact. The only problem was that I got the warning on the 13th day, with less than 12 hours left of the isolation time!
In an environment where it may take several days for an infected person to show symptoms, a few more days to wait for an inspection, and a few more till the results are in, the whole idea becomes a sad joke. The long delay also makes using proximity technology like Bluetooth useless, unless all contacts between any two people, infected or not, are recorded and kept in a database to be checked later if any of them is found to have been infected.
I belatedly learned that the proposed app defined a “contact” as a user to have remained within 1.5 metres of another user (one of whom had marked themself as “infected”) for 15 minutes.
Although this would very largely avoid the “passing by” and “loose dog” scenarios I postulated, it raises other questions.
Whilst the potential to be infected by another person rises by exposure duration and proximity, one expulsion of virus-laden droplets immediately upon “contact” can be sufficient to cause infection. The 15 minute “exposure” seems a wholly arbitrary time. And what if the “contact” is broken—possibly by a signal dropout or just that the parties moved more than 1.5 metres apart—within that time, but then resumed, does the clock reset? Could I spend several hours in a meeting room 1.5 metres away from an infected person across the table, but have the clock reset itself every time I leaned my chair back?
Secondly, the recommended “social distance” is two metres (and some scientists have indicated this is inadequate and should be at least doubled), so even the lower figure is not met for the app. That aside, the figure is somewhat arbitrary too, and presumably can only be determined by signal strength or maybe a “handshake” time between the two devices. Whatever, it will likely not be so precise as to differentiate distances around 1.5 metres. BTW, I do appreciate that the 1.5 metre figure is not necessarily precise, and anyway the signal distance will vary by situation and over time.
Now some will argue—with fair reason—that the actual distance and time are not that important; after all, whether or not a person (or cat) is infected by another is highly variable and unpredictable. However, it is this variability and unpredictability that contributes to undermining the usefulness/purpose of the app. The imprecision in detection of “contacts” is likely to generate many—very possibly too many—false positives and - potentially worse and definitely ‘too’—many false negatives. And the “too many” false positives presents the potential for the mischievous and malevolent to effectively ‘DDOS’ the system. It's use will likely, as with some other proposals, engender a false sense of security among users.
PS: Apologies for the solecism of the misused apostrophe in my previous, I failed to catch Apple's erroneous autocorrection—MB.
> The creation of a global surveillance juggernaut that governments will > never willingly give up or restrict solely to public health situations! > -LW
This is what worries me. World War 2 ended in Europe in May 1945 (we were due to have a big 75th anniversary commemoration next month), but British governments of the day didn't really pay much attention. We had identity cards until 1950, rationing well into the 1950s, conscription until 1960, and exchange controls until 1980—in the 1970s, Brits traveling abroad on vacation were limited to taking 50 pounds (~$60) with them.
Since then, about 15 years ago the government was enthusiastically proceeding with plans for compulsory national identity cards (“we'll find them so useful that we we'll wonder how we ever managed without them!”) backed up with a computerised citizens' database. More recently, in last year's British general election, if the Labour party had won there was a strong possibility that exchange controls would have to be re-introduced to prevent the loss of tax revenues. Since the Covid-19 lockdown, various politicians in the UK have proposed that this is a once-in-a-lifetime opportunity to reorder society on a fairer, more-equitable basis, presumably more like the popular and successful models of Cuba or the Soviet Bloc… :o) There's a letter in today's newspaper saying “I hope this pandemic cements the use of debit cards for all transactions and thereby the end of cash”.
Whether you consider these developments as good or bad depends on your politics, but I feel uneasy if they're introduced under the guise of tackling a public health issue. Benjamin Franklin's famous quote comes to mind:
> “They that can give up essential liberty to obtain a little temporary > safety deserve neither liberty nor safety.”
> Would the Information Technology Community promote the idea that we should > all pay a low fee for sending each email.
It may surprise you to know that this solution has been suggested before: more than once even!
Here's an example from 2003:
https://web.archive.org/web/20031229160109/http://www.pcpro.co.uk/news/news_story.php?id=51289
and one from 2013:
https://forums.moneysavingexpert.com/discussion/4383787/stop-spam-pay-for-email
Quote:
Your post advocates a
(X) technical (X) legislative (X) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses (X) Mailing lists and other legitimate email uses would be affected (X) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it (X) Users of email will not put up with it (X) Microsoft will not put up with it ( ) The police will not put up with it ( ) Requires too much cooperation from spammers (X) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it (X) Lack of centrally controlling authority for email (X) Open relays in foreign countries (X) Ease of searching tiny alphanumeric address space of all email addresses ( ) Asshats (X) Jurisdictional problems (X) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money (X) Huge existing software investment in SMTP (X) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email (X)Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches (X) Extreme profitability of spam ( ) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers ( ) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering (X) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks (X) Countermeasures must work if phased in gradually (X) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work. […]
> Would the Information Technology Community promote the idea that we should > all pay a low fee for sending each email.
You mean, we aren't? Last I checked I get a bill from my cableco every month. I could divide it by the number of bytes transferred, multiply that by the size of this message, and tell you exactly how much I paid for sending this e-mail.
I suggested this some time back, only I was thinking of a truly diminutive fee: 1 mil (1/10 cent). For normal users, this would be down in the grass — not even worth bothering with. I also suggested a mechanism whereby:
Most spammers send out millions or tens of millions of messages, and don't care that most of them don't lead anywhere—they make a profit if 1 person falls for it (Nigerian scam) or for commercial ads if 1/100 of 1% respond. This would either stop most of those spams, or force them to be a great deal more selective in who they send their emails to.
I'd love to see the same for telephone calls: if the recipient rejects the call, the caller is charged 10 cents, split between the phone system and the recipient. Phone calls are a great deal more intrusive than emails, which is why I suggest the higher fee.
At the time the idea was pooh-poohed (I no longer remember why). We'll see what people think of Stewart Fist's version.
I know every reader of RISKS will initially bristle at the idea. But, if we were charged, say, 1 cent per mail sent, then most individuals would payonly fractions of a dollar a day, and in a competitive world, this would beset off against annual fees However those scam organisation which exist by flooding the world's mailboxes with unwanted, illegal and disgusting emails by the millions,would be quickly driven out of business. The global email and Internet system is never going to reach its potential until there is an actual money penalty for abusing the technology. Couldn't such a charge be introduced on a global scale at the borders?
After reading the article, one thing I couldn't figure out was ‘which Newton?’ There's a few throughout the country, and it could have been the Newton near me, or hundreds of miles away, or one I've never heard of.
This is one constant issue with news sources, particularly local ones — they often don't say where they are located. Saying you're ‘XYZ area's number one news source!’ might be good for the locals, but in today's connected world, it doesn't help the guy who stumbles on a random news article. Also referring to your geographic location as being in the ‘bi/tri/quad-state region’. To me, growing up on Long Island, ‘tri-state’ meant NY, NJ, CT. To the local archery shop a bit west of me in northeastern New Jersey, it means NJ, PA, and the southern tier of NY. Both are technically correct correct, but neither really give me an idea of where they are, and are ambiguous.
For the local paper's web site, the fix is easy—put the state you're in at the top. That resolves it, most of the time. Until you hit New Jersey, where we have plenty of localities with similar or identical names.
The risk? Such ambiguities could incite or enrage people who read a story and connect a name to a nearby location, when nothing at all has happened there. There's enough fake news going around. We don't need to unintentionally create more of it…
Please report problems with the web pages to the maintainer