Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
As of 2024, a 2-hour limit on voice recordings is disastrously silly. Even without compression, 2 hours is only 2 audio CD's worth of data or ~1.4 GB. I normally fly with my cellphone and 60 GB's worth of podcasts (equivalent to 1000 *hours* @ 1 MB/min MP3 rates), and I'm only one of several hundred passengers on any given flight. Indeed, an Apple iPhone with at least this data capacity *from this very airplane* fell to the ground from 16,000' and was still working perfectly -- the screen wasn't even cracked! Perhaps voice recorders (or at least a USB stick/uSD card) should be *ejected* from the airplanes which have an anomalous event? https://www.reuters.com/business/aerospace-defense/alaska-737-cockpit-voice-recorder-data-erasure-renews-industry-safety-debate-2024-01-08/ [Monty Solomon spotted a related article: Alaska Airlines flight: Cockpit audio is lost, and a mysterious warning light is investigated https://www.latimes.com/california/story/2024-01-07/alaska-flight-door-plug-cockpit-audio-erased-warning-lights PGN]
https://theaircurrent.com/feed/dispatches/united-finds-loose-bolts-on-plug-doors-during-737-max-9-inspections/
Jared Eggleston, CBS News, 9 Jan 2024, via ACM TechNews, 12 Jan 2024 A federal trial has begun to determine whether Dominion Voting Systems' touch-screen voting machines used in the U.S. state of Georgia can be hacked or manipulated. In Georgia, once voters make their choices, their ballots are printed with their votes and a QR code; the QR code is ultimately what is read and cast as the voter's ballot. Several voters and the Coalition for Good Governance, who launched the suit, want the state to revert to paper ballots which, they say, will assure voters their ballots are being counted properly.
Based on Mirai malware, self-replicating NoaBot installs cryptomining app on infected devices. https://arstechnica.com/security/2024/01/a-previously-unknown-worm-has-been-stealthily-targeting-linux-devices-for-a-year/
https://theintercept.com/2024/01/12/open-ai-military-ban-chatgpt/
https://www.theverge.com/2024/1/9/24031904/openai-pennsylvania-chatgpt-pilot-program-ai
https://arstechnica.com/?p=1994243
The AI Image Creator, part of Microsoft’s Bing and Windows Paint, makes extremely violent images of Joe Biden, the pope and others. Microsoft’s failed response points the finger at rogue users. McDuffie’s precise original prompt no longer works, but after he changed around a few words, Image Generator still makes images of people with injuries to their necks and faces. Sometimes the AI responds with the message *Unsafe content detected(, but not always. The images it produces are less bloody now ” Microsoft appears to have cottoned on to the red corn syrup ” but they’re still awful. [...] “Fundamentally, I don’t think this is a technology problem; I think it’s a capitalism problem,'' says Hany Farid, a professor at the University of California at Berkeley. “They’re all looking at this latest wave of AI and thinking, *We can’t miss the boat here.*'' He adds: “The era of ‘move fast and break things’ was always stupid, and now more so than ever.” Profiting from the latest craze while blaming bad people for misusing your tech is just a way of shirking responsibility. https://www.washingtonpost.com/technology/2023/12/28/microsoft-ai-bing-image-creator/
The company’s move into facial recognition technology speaks to a broader exchange of privacy for convenience https://www.washingtonpost.com/travel/2023/12/20/clear-facial-recognition-technology-airport-security/ TSA self-screening is the next big step for airport security. Checking in with airport security could soon resemble ordering from a kiosk at a fast-food restaurant In January, select passengers at Harry Reid International Airport in Las Vegas will begin testing a new self-service screening system from the Transportation Security Administration. The setup will resemble a supermarket self-checkout, with travelers scanning their identification and carry-on bags instead of arugula and toilet paper. https://www.washingtonpost.com/travel/2023/12/18/tsa-self-service-screening-las-vegas/
https://undark.org/2024/01/03/brain-computer-neurorights/
Police “nerve centers” are blurring the line between public and private surveillance. https://www.themarshallproject.org/2024/01/13/police-video-surveillance-california
I'm sure many UK RISKS subscribers can say more, but a four-part docudrama this month has brought to light the flawed Horizon accounting software used by the UK Post Office, which has led to hundreds of people being falsely accused of theft (and fined and even imprisoned) as a result of software bugs. The show, called "Mr Bates vs. the Post Office", showed earlier in January in the UK (not yet available outside the UK, although a VPN + a free subscription to ITVX will do the trick). The impact has been quite profound, with the Prime Minister Rishi Sindak calling for legislation to overturn verdicts, and the former CEO of the post office agreeing to return her CBE. This is scant comfort to hundreds of people whose lives were tremendously harmed by the prosecutions, including at least four people who committed suicide. The problems with the software are not new to RISKS readers - see for example a note from Lindsay Marshall in RISKS 31.22 (in 2019), a followup from Attila the Hun (sic) in RISKS 31.23, substantial details on one of the cases from Stephen Mason in RISKS 31.51, and an update from David Lesher in RISKS-32.62. The problems behind this aren't new, having been recognized almost since the software was rolled out nearly 25 years ago. Fujitsu, the maker of the software, is seemingly not being held to account: https://techcrunch.com/2024/01/10/fujitsu-post-office-scandal-government/ Much more detail in the Wikipedia page: https://en.wikipedia.org/wiki/British_Post_Office_scandal The RISKS? Flawed software isn't new; what's sad is how many have been harmed, and how long it's taken before real action is (finally) occurring.
Earth’s orbits are filling with satellites at an astounding pace. Already there are more than 9,000 satellites orbiting the planet, and more than 5,000 of them belong to Starlink, the constellation built by SpaceX to beam Interne service down to Earth. They are to be joined by thousands of satellites from other companies and countries in the decades ahead.an The more of them there are, the greater the satellites’ interference with ground astronomy’s ability to answer questions about the cosmos ” and humanity’s place in it. https://www.nytimes.com/2024/01/09/science/astronomy-telescopes-satellites-spacex-starlink.html?smid=nytcore-ios-share&referringSource=articleShare
David Rogers, chief marketing officer at Raptor Technologies, tells WIRED the company “immediately implemented remediation protocols” to secure the exposed data once it was contacted and started an investigation into the issue. “We have communicated with all Raptor customers,” Rogers says. “There is no indication at this time that any such data was accessed by third parties beyond the cybersecurity researcher and Raptor Technologies personnel,” he says, adding there is no reason to believe there has been any misuse of the information. “We sincerely regret this issue and any concern or inconvenience it may have caused,” Rogers says. The company's investigation into the incident is ongoing, Rogers says, adding that the “safety and wellbeing of children, staff, and the community members of our customers is the top priority of Raptor Technologies.” https://www.wired.com/story/us-school-shooter-emergency-plans-leak
https://www.theverge.com/2024/1/10/24032966/ftc-bans-outlogic-location-data-sales-tracking-settlement
The case involves eBay employees trying to intimidate a Massachusetts couple who write and produce an e-commerce newsletter. The company will pay a criminal penalty of $3 million. “EBay engaged in absolutely horrific, criminal conduct,” said Joshua S. Levy, the acting U.S. attorney. “The company’s employees and contractors involved in this campaign put the victims through pure hell, in a petrifying campaign aimed at silencing their reporting and protecting the eBay brand.” David and Ina Steiner, writers and publishers of a news site and blog called EcommerceBytes, live in Natick, Mass.; eBay is based in San Jose, Calif. During the course of the harassment campaign, eBay security team members flew to Boston to accelerate their activities against the couple in-person. When they were caught, they began a cover-up and destroyed incriminating messages. The forms of harassment included: threatening direct messages over Twitter, the social media platform that is now called X; attempts to install a GPS device on the Steiners’ car; posting ads for fictitious sexual events at the Steiners’ house; and sending anonymous and scary items like a bloody pig’s mask to the couple’s home. A 24-page document detailing the charges that was released on Thursday broadens the number of eBay executives in the case. In earlier documents, only two executives were mentioned ” the chief executive and the chief communications officer. Now there is a third executive, identified as eBay’s senior vice president for global operations. “Sometimes, you just need to make an example out of someone,” read a text that the chief communications officer sent to the senior vice president on May 31, 2019. “Justice,” the text continued. The chief communications officer then wrote, referring to Ms. Steiner: “We are too nice. She needs to be crushed.” A spokesman for Devin Wenig, who was eBay’s chief executive at the time, had no comment. The other two former executives could not be reached. https://www.nytimes.com/2024/01/11/technology/ebay-cyberstalking-charges.html?smid=nytcore-ios-share&referringSource=articleShare
https://www.boston.com/news/local-news/2024/01/08/thefts-mail-collection-boxes-needham/ [Should you trust e-mail instead? PGN]
Silicon Valley figures have long warned about the dangers of artificial intelligence. Now their anxiety has migrated to other halls of power: the legal system, global gatherings of business leaders and top Wall Street regulators. https://www.washingtonpost.com/technology/2024/01/13/davos-ai-risk-finra/
Seems that Google is continuing to kill or hobble core services while they continue their AI binge. This won't end well, for Google or its users, or society at large, given the political climate that is going to come down on AI like a ton of bricks. -L https://techcrunch.com/2024/01/11/google-is-removing-17-underutilized-assistant-features/
Millions are going to lose everything.
SEC'S APPROVAL OF A BITCOIN CRYPTO ETF IS AN HISTORIC MISTAKE THAT WILL HARM INVESTORS, MARKETS, AND FINANCIAL STABILITY https://bettermarkets.org/newsroom/secs-approval-of-a-bitcoin-crypto-etf-is-an-historic-mistake-that-will-harm-investors-markets-and-financial-stability/
https://www.engadget.com/taylor-swift-deepfake-used-for-le-creuset-giveaway-scam-123231417.html
https://arstechnica.com/?p=1994532
https://appleinsider.com/articles/24/01/10/apple-was-warned-of-airdrop-flaws-before-chinas-hack
The recent slow moving derailment on the NYC subway is, of course, due to human error as the subway has little or no automation as we would think of it. Trains are prevented from colliding through the use of physical trips at the sides of the tracks at each block. Each train car has a matching lever that, if it is tripped "dumps" the brakes. Train brakes are fail safe, meaning when there is no air the brakes are applied. In this case both trains were in a complex interlocking of several sets of crossovers (switches for Americans, points to the British) and it seems that the block trip that would have thrown the offending train's brakes allowed the nose of the train into the path of the train crossing in front of it, which seems like en error in placement, as well as the motorperson (we don't call them drivers or engineers on the subway) being foolish in inching closer to a red signal. For anyone on the list who is interested in the NYC subway system I recommend the following book, which is updated annually, and is maintained by one author and a bunch of people who send in what they see in the system: https://www.nyctrackbook.com The interlocking in question is shown on page/map 11 labeled "96th-103rd Closeup".
In the NYT article it says: "She instead found evidence that the husband was using the Mercedes Me app by obtaining records of his Internet activity." How she obtained these records is left unstated. It could be relatively benign, like the the two of them sharing access to a Gmail account. But if not, one has to wonder if the ability for the wife to gain access to the husband's Internet activity is not as disturbing as the husband's access to the wife's car functions (though less directly harmful). Apparently it was in connection with a restraining order and an (implied) search warrant. Especially since "Mercedes [...] failed to respond to a search warrant" when requested to do so; what other source did she go to in order to get this data?
Please report problems with the web pages to the maintainer