Resources

You Will Soon Be Able To Pay Your Subway Fare With Your Face in China

China has led the world in adoption of smartphone-based mobile payments to the point where the central bank had to remind merchants not to discriminate against cash. The next phase of development may be to pay with your face.

In Shenzhen, the local subway operator is testing various advanced technologies backed by the ultra-fast 5G network, including facial-recognition ticketing.

At the Futian station, instead of presenting a ticket or scanning a QR bar code on their smartphones, commuters can scan their faces on a tablet-sized screen mounted on the entrance gate and have the fare automatically deducted from their linked accounts.

Currently in a trial mode, the facial-recognition ticketing service could in future help improve the efficiency of handling the up to 5 million rides per day on the city’s subway network. Shenzhen Metro did not elaborate when it will roll out the facial payment service.

The introduction of facial recognition-and-payment services to the public transit system marks another step by China toward integrating facial recognition and other artificial intelligence-based technology into everyday life in the world’s most populous nation.

Consumers can already pay for fried chicken at KFC in China with its “Smile to Pay” facial recognition system, first introduced at an outlet in Hangzhou in January 2017.

“To use facial ticketing in the future, passengers will also need preregistration of their facial information and link their payment methods to their accounts, just like them making payments at the KFC restaurant,” said a staff member at the Futian station’s demonstration area in Shenzhen.
China may use facial recognition to stop kids from live streaming

Chinese cities are among the most digitally savvy and cashless in the world, with about 583 million people using their smartphones to make payment in China last year, according to the China Internet Network Information Center. Nearly 68 per cent of China’s internet users used a mobile wallet for their offline payments.

Paris street to ‘shut out Instagrammers’

Instagrammers love the colorful homes in Paris’s Rue Cremieux. But residents of Rue Cremieux have now had enough and are calling on the city council to restrict access at certain times.

Residents have asked the city council to provide a gate that can be closed at peak times — evenings, weekends and at sunrise and sunset, when good light attracts people searching for a perfect Instagram picture. One resident told radio station France Info: “We sit down to eat and just outside we have people taking photos, rappers who take two hours to film a video right beneath the window, or bachelorette parties who scream for an hour. Frankly, it’s exhausting.”

Hard Disks Can Be Turned Into Listening Devices

Researchers from the University of Michigan and Zhejiang Univeristy in China have found that hard disk drives can be turned into listening devices, using malicious firmware and signal processing calculations.

For a study titled “Hard Drive of Hearing: Disks that Eavesdrop with a Synthesized Microphone,” computer scientists Andrew Kwong, Wenyuan Xu, and Kevin Fu describe an acoustic side-channel that can be accessed by measuring how sound waves make hard disk parts vibrate. “Our research demonstrates that the mechanical components in magnetic hard disk drives behave as microphones with sufficient precision to extract and parse human speech,” their paper, obtained by The Register ahead of its formal publication, stated. “These unintentional microphones sense speech with high enough fidelity for the Shazam service to recognize a song recorded through the hard drive.”

The team’s research work, scheduled to be presented in May at the 2019 IEEE Symposium on Security and Privacy, explores how it’s possible to alter HDD firmware to measure the offset of a disk drive’s read/write head from the center of the track it’s seeking. The offset is referred to as the Positional Error Signal (PES) and hard drives monitor this signal to keep the read/write head in the optimal position for reading and writing data. PES measurements must be very fine because drive heads can only be off by a few nanometers before data errors arise. The sensitivity of the gear, however, means human speech is sufficient to move the needle, so to speak. Vibrations from HDD parts don’t yield particularly good sound, but with digital filtering techniques, human speech can be discerned, given the right conditions.

“Flashing HDD firmware is a prerequisite for the snooping […] because the ATA protocol does not expose the PES,” The Register reports. “To exfiltrate captured data, the three boffins suggest transmitting it over the internet by modifying Linux operating system files to create a reverse shell with root privileges or storing it to disk for physical recovery at a later date.”

The researchers note that this technique does require a fairly loud conversation to take place near the eavesdropping hard drive. “To record comprehensible speech, the conversation had to reach 85 dBA, with 75 dBA being the low threshold for capturing muffled sound,” the report says. “To get Shazam to identify recordings captured through a hard drive, the source file had to be played at 90 dBA. Which is pretty loud. Like lawn mower or food blender loud.”

Age of Surveillance Capitalism: “We Thought We Were Searching Google, But Google Was Searching Us”

Corporations have created a new kind of marketplace out of our private human experiences. That is the conclusion of an explosive new book that argues big tech platforms like Facebook and Google are elephant poachers, and our personal data is ivory tusks. Author Shoshana Zuboff writes in “The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power”: “At its core, surveillance capitalism is parasitic and self-referential. It revives Karl Marx’s old image of capitalism as a vampire that feeds on labor, but with an unexpected turn. Instead of labor, surveillance capitalism feeds on every aspect of every human’s experience.”

Facebook’s global lobbying against data privacy laws

Facebook has targeted politicians around the world – including the former UK chancellor, George Osborne – promising investments and incentives while seeking to pressure them into lobbying on Facebook’s behalf against data privacy legislation, an explosive new leak of internal Facebook documents has revealed.

The documents, which have been seen by the Observer and Computer Weekly, reveal a secretive global lobbying operation targeting hundreds of legislators and regulators in an attempt to procure influence across the world, including in the UK, US, Canada, India, Vietnam, Argentina, Brazil, Malaysia and all 28 states of the EU. The documents include details of how Facebook:

– Lobbied politicians across Europe in a strategic operation to head off “overly restrictive” GDPR legislation. They include extraordinary claims that the Irish prime minister said his country could exercise significant influence as president of the EU, promoting Facebook’s interests even though technically it was supposed to remain neutral.

– Used chief operating officer Sheryl Sandberg’s feminist memoir Lean In to “bond” with female European commissioners it viewed as hostile.

– Threatened to withhold investment from countries unless they supported or passed Facebook-friendly laws.

The documents appear to emanate from a court case against Facebook by the app developer Six4Three in California, and reveal that Sandberg considered European data protection legislation a “critical” threat to the company. A memo written after the Davos economic summit in 2013 quotes Sandberg describing the “uphill battle” the company faced in Europe on the “data and privacy front” and its “critical” efforts to head off “overly prescriptive new laws”.

Most revealingly, it includes details of the company’s “great relationship” with Enda Kenny, the Irish prime minister at the time, one of a number of people it describes as “friends of Facebook”. Ireland plays a key role in regulating technology companies in Europe because its data protection commissioner acts for all 28 member states. The memo has inflamed data protection advocates, who have long complained about the company’s “cosy” relationship with the Irish government.

Facebook admits 18% of Research spyware users were teens, not <5%

Facebook has changed its story after initially trying to downplay how it targeted teens with its Research program that a TechCrunch investigation revealed was paying them gift cards to monitor all their mobile app usage and browser traffic. “Less than 5 percent of the people who chose to participate in this market research program were teens” a Facebook spokesperson told TechCrunch and many other news outlets in a damage control effort 7 hours after we published our report on January 29th. At the time, Facebook claimed that it had removed its Research app from iOS. The next morning we learned that wasn’t true, as Apple had already forcibly blocked the Facebook Research app for violating its Enterprise Certificate program that supposed to reserved for companies distributing internal apps to employees.

It turns out that wasn’t the only time Facebook deceived the public in its response regarding the Research VPN scandal. TechCrunch has obtained Facebook’s unpublished February 21st response to questions about the Research program in a letter from Senator Mark Warner, who wrote to CEO Mark Zuckerberg that “Facebook’s apparent lack of full transparency with users – particularly in the context of ‘research’ efforts – has been a source of frustration for me.”

In the response from Facebook’s VP of US public policy Kevin Martin, the company admits that (emphasis ours) “At the time we ended the Facebook Research App on Apple’s iOS platform, less than 5 percent of the people sharing data with us through this program were teens. Analysis shows that number is about 18 percent when you look at the complete lifetime of the program, and also add people who had become inactive and uninstalled the app.” So 18 percent of research testers were teens. It was only less than 5 percent when Facebook got caught. Given users age 13 to 35 were eligible for Facebook’s Research program, 13 to 18 year olds made of 22 percent of the age range. That means Facebook clearly wasn’t trying to minimize teen involvement, nor were they just a tiny fraction of users.

Oceans Are Getting Louder, Posing Potential Threats to Marine Life

Slow-moving, hulking ships crisscross miles of ocean in a lawn mower pattern, wielding an array of 12 to 48 air guns blasting pressurized air repeatedly into the depths of the ocean.

The sound waves hit the sea floor, penetrating miles into it, and bounce back to the surface, where they are picked up by hydrophones. The acoustic patterns form a three-dimensional map of where oil and gas most likely lie.

The seismic air guns probably produce the loudest noise that humans use regularly underwater, and it is about to become far louder in the Atlantic. As part of the Trump administration’s plans to allow offshore drilling for gas and oil exploration, five companies are in the process of seeking permits to carry out seismic mapping with the air guns all along the Eastern Seaboard, from Central Florida to the Northeast, for the first time in three decades. The surveys haven’t started yet in the Atlantic, but now that the ban on offshore drilling has been lifted, companies can be granted access to explore regions along the Gulf of Mexico and the Pacific.

Even Years Later, Twitter Doesn’t Delete Your Direct Messages

Twitter retains direct messages for years, including messages you and others have deleted, but also data sent to and from accounts that have been deactivated and suspended, according to security researcher Karan Saini. Saini found years-old messages in a file from an archive of his data obtained through the website from accounts that were no longer on Twitter. He also reported a similar bug, found a year earlier but not disclosed until now, that allowed him to use a since-deprecated API to retrieve direct messages even after a message was deleted from both the sender and the recipient — though, the bug wasn’t able to retrieve messages from suspended accounts.

Direct messages once let users “unsend” messages from someone else’s inbox, simply by deleting it from their own. Twitter changed this years ago, and now only allows a user to delete messages from their account. “Others in the conversation will still be able to see direct messages or conversations that you have deleted,” Twitter says in a help page. Twitter also says in its privacy policy that anyone wanting to leave the service can have their account “deactivated and then deleted.” After a 30-day grace period, the account disappears, along with its data. But, in our tests, we could recover direct messages from years ago — including old messages that had since been lost to suspended or deleted accounts. By downloading your account’s data, it’s possible to download all of the data Twitter stores on you.

Nearly All US Teens Short On Sleep, Exercise

Too little sleep. Not enough exercise. Far too much “screen time.” That is the unhealthy lifestyle of nearly all U.S. high school students, new research finds. The study, of almost 60,000 teenagers nationwide, found that only 5 percent were meeting experts’ recommendations on three critical health habits: sleep; exercise; and time spent gazing at digital media and television… “Five percent is a really low proportion,” said study leader Gregory Knell, a research fellow at University of Texas School of Public Health, in Dallas. “We were a bit surprised by that….”

“If kids are viewing a screen at night — staring at that blue light — that may affect their ability to sleep,” Knell said. “And if you’re not getting enough sleep at night, you’re going to be more tired during the day,” he added, “and you’re not going to be as physically active.”

Experts recommend a minimum of 8 hours of sleep at night for teenagers, plus at least one hour every day of “moderate to vigorous” exercise.

One professor of adolescent medicine points out that some high school homework now even requires using a computer — even though too much screen time can affect teenagers’ abiity to sleep.

Unearthed Emails Show Google, Ad Giants Know They Break Privacy Laws

Privacy warriors have filed fresh evidence in their ongoing battle against real-time web ad exchange systems, which campaigners claim trample over Europe’s data protection laws. The new filings — submitted today to regulators in the UK, Ireland, and Poland — allege that Google and industry body the Interactive Advertising Bureau (IAB) are well aware that their advertising networks flout the EU’s privacy-safeguarding GDPR, and yet are doing nothing about it. The IAB, Google — which is an IAB member — and others in the ad-slinging world insist they aren’t doing anything wrong. The fresh submissions come soon after the UK Information Commissioner’s Office (ICO) revealed plans to probe programmatic ads. These are adverts that are selected and served on-the-fly as you visit a webpage, using whatever personal information has been scraped together about you to pick an ad most relevant to your interests. […] The ICO’s investigation will focus on how well informed people are about how their personal information is used for this kind of online advertising, which laws ad-technology firms rely on for processing said private data, and whether users’ data is secure as it is shared on these platforms.

Facebook decided which users are interested in Nazis—and let advertisers target them directly

Facebook makes money by charging advertisers to reach just the right audience for their message–even when that audience is made up of people interested in the perpetrators of the Holocaust or explicitly neo-Nazi music. Despite promises of greater oversight following past advertising scandals, a Times review shows that Facebook has continued to allow advertisers to target hundreds of thousands of users the social media firm believes are curious about topics such as “Joseph Goebbels,” “Josef Mengele,” “Heinrich Himmler,” the neo-nazi punk band Skrewdriver and Benito Mussolini’s long-defunct National Fascist Party.

Experts say that this practice runs counter to the company’s stated principles and can help fuel radicalization online. “What you’re describing, where a clear hateful idea or narrative can be amplified to reach more people, is exactly what they said they don’t want to do and what they need to be held accountable for,” said Oren Segal, director of the Anti-Defamation League’s center on extremism. After being contacted by The Times, Facebook said that it would remove many of the audience groupings from its ad platform.

Facebook’s broad reach and sophisticated advertising tools brought in a record $55 billion in ad revenue in 2018. Profit margins stayed above 40%, thanks to a high degree of automation, with algorithms sorting users into marketable subsets based on their behavior — then choosing which ads to show them. But the lack of human oversight has also brought the company controversy.

In 2017, Pro Publica found that the company sold ads based on any user-generated phrase, including “Jew hater” and “Hitler did nothing wrong.” Following the murder of 11 congregants at a synagogue in Pittsburgh in 2018, the Intercept found that Facebook gave advertisers the ability to target users interested in the anti-Semitic “white genocide conspiracy theory,” which the suspected killer cited as inspiration before the attacks.

Google Displays Fake Phone Numbers For Some Local Businesses In Toronto So They Can Record Calls

A spokesperson for Google has confirmed the service they’ve launched in Vancouver and Toronto to connect potential customers to trusted service providers funnels customers through ostensibly local phone numbers that are actually owned by Google for the purpose of call monitoring.

Google Local Services is an addition to its search platform that connects potential customers to local service providers who pay for the advertising. It launched in Toronto and Vancouver last December for locksmiths and heating, cooling and ventilation professionals. When someone in Toronto searches for a locksmith, for example, they’ll see some service providers with green check marks next to the company name, meaning they’ve been vetted by Google.

The number next to the listing has a local area code, but that’s not the business’ real contact info. Instead, it’s a dummy Google number that will route you to the business — after informing you that it will be recording anything you say.

Internet Addiction Spawns US Treatment Programs

When Danny Reagan was 13, he began exhibiting signs of what doctors usually associate with drug addiction. He became agitated, secretive and withdrew from friends. He had quit baseball and Boy Scouts, and he stopped doing homework and showering. But he was not using drugs. He was hooked on YouTube and video games, to the point where he could do nothing else. As doctors would confirm, he was addicted to his electronics. “After I got my console, I kind of fell in love with it,” Danny, now 16 and a junior in a Cincinnati high school, said. “I liked being able to kind of shut everything out and just relax.” Danny was different from typical plugged-in American teenagers. Psychiatrists say internet addiction, characterized by a loss of control over internet use and disregard for the consequences of it, affects up to 8 percent of Americans and is becoming more common around the world.

“We’re all mildly addicted. I think that’s obvious to see in our behavior,” said psychiatrist Kimberly Young, who has led the field of research since founding the Center for Internet Addiction in 1995. “It becomes a public health concern obviously as health is influenced by the behavior.” At first, Danny’s parents took him to doctors and made him sign contracts pledging to limit his internet use. The “Reboot” program at the Lindner Center for Hope offers inpatient treatment for 11 to 17-year-olds who, like Danny, have addictions including online gaming, gambling, social media, pornography and sexting, often to escape from symptoms of mental illnesses such as depression and anxiety. Reboot patients spend 28 days at a suburban facility equipped with 16 bedrooms, classrooms, a gym and a dining hall. They undergo diagnostic tests, psychotherapy, and learn to moderate their internet use.

Schools Are Locking Students’ Phones Away to Help With Concentration

After one teacher at San Lorenzo High School brought pouches, created by the tech start-up Yondr, into her classroom to lock away students’ phones, the entire school began using them from the beginning of the school day at 8 a.m. until the end of the day at 3:10 p.m. According to a 2018 study from the Pew Research Center, more than half of teens said they felt loneliness, anxiety, or upset in the absence of a cellphone. The study also found that girls were more likely to feel these sentiments than boys.

“If something feels weird about modern life to young kids who are dealing with a lot of angst and anxiety in general, maybe it has something to do with relating to the world primarily through a screen eight hours a day,” Yondr’s founder Graham Dugoni told CNBC. Students said they initially felt awkward and annoyed having their phones taken away during the school day, but added that they started to see more teens interacting with each other. One student added that not having a phone in class helped with concentration.

Facebook Pays Teens To Install VPN That Spies On Them

Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” a fitting name for Facebook’s effort to map new trends and rivals around the globe.

We asked Guardian Mobile Firewall’s security expert Will Strafach to dig into the Facebook Research app, and he told us that “If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps — including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” It’s unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user’s device once they install the app.

Prisons Across the United States Are Quietly Building Databases of Incarcerated People’s Voice Prints

In New York and other states across the country, authorities are acquiring technology to extract and digitize the voices of incarcerated people into unique biometric signatures, known as voice prints.

Prison authorities have quietly enrolled hundreds of thousands of incarcerated people’s voice prints into large-scale biometric databases. Computer algorithms then draw on these databases to identify the voices taking part in a call and to search for other calls in which the voices of interest are detected. Some programs, like New York’s, even analyze the voices of call recipients outside prisons to track which outsiders speak to multiple prisoners regularly.

Corrections officials representing the states of Texas, Florida, and Arkansas, along with Arizona’s Yavapai and Pinal counties; Alachua County, Florida; and Travis County, Texas, also confirmed that they are actively using voice recognition technology today. And a review of contracting documents identified other jurisdictions that have acquired similar voice-print capture capabilities: Connecticut and Georgia state corrections officials have signed contracts for the technology

Authorities and prison technology companies say this mass biometric surveillance supports prison security and fraud prevention efforts. But civil liberties advocates argue that the biometric buildup has been neither transparent nor consensual. Some jurisdictions, for example, limit incarcerated people’s phone access if they refuse to enroll in the voice recognition system, while others enroll incarcerated people without their knowledge. Once the data exists, they note, it could potentially be used by other agencies, without any say from the public.

Americans Are Lining Up To Work For Amazon For $15 an Hour

Analysts had worried Amazon’s wage increase would cut into its profits. So far that doesn’t seem to be the case. Amazon reported $3 billion in profit for the fourth quarter.

Attackers Can Track Kids’ Locations Via Connected Watches

Over the last year of looking at kids GPS tracking watches we have found some staggering issues. With these devices it almost seems that having multiple security issues is the new normal.

While parents and guardians may get a feeling of security from using these devices, our testing and research shows it’s just that, a “feeling”.

A couple of years ago we bought and reviewed a number of smart kids tracker watches, including some Gator watches from TechSixtyFour.

After chatting to our friends at the Norwegian Consumer Council, who we know well through My Friend Cayla, we discovered they were working on exactly the same tech, by complete coincidence!

We decided to pause our project to avoid us duplicating their efforts. Shortly after, the Norwegian Consumers Council published the excellent ‘WatchOut’ research that demonstrated trivial access to kids GPS locations through vulnerable tracker watches, including the Gator.

It received plenty of press coverage and resulted in several kids tracker watches taking swift action to secure their systems.

A year on, we decided to have a look at the Gator watch again to see how their security had improved as a result of their actions.
TL; DR

Guess what: a train wreck. Anyone could access the entire database, including real time child location, name, parents details etc. Not just Gator watches either – the same back end covered multiple brands and tens of thousands of watches

The Gator web backend was passing the user level as a parameter. Changing that value to another number gave super admin access throughout the platform. The system failed to validate that the user had the appropriate permission to take admin control!

This means that an attacker could get full access to all account information and all watch information. They could view any user of the system and any device on the system, including its location. They could manipulate everything and even change users’ emails/passwords to lock them out of their watch.

‘The goal is to automate us’: welcome to the age of surveillance capitalism

The behaviour of the digital giants looks rather different from the roseate hallucinations of Wired magazine. What one sees instead is a colonising ruthlessness of which John D Rockefeller would have been proud. First of all there was the arrogant appropriation of users’ behavioural data – viewed as a free resource, there for the taking. Then the use of patented methods to extract or infer data even when users had explicitly denied permission, followed by the use of technologies that were opaque by design and fostered user ignorance.

And, of course, there is also the fact that the entire project was conducted in what was effectively lawless – or at any rate law-free – territory. Thus Google decided that it would digitise and store every book ever printed, regardless of copyright issues. Or that it would photograph every street and house on the planet without asking anyone’s permission. Facebook launched its infamous “beacons”, which reported a user’s online activities and published them to others’ news feeds without the knowledge of the user. And so on, in accordance with the disrupter’s mantra that “it is easier to ask for forgiveness than for permission”.

The combination of state surveillance and its capitalist counterpart means that digital technology is separating the citizens in all societies into two groups: the watchers (invisible, unknown and unaccountable) and the watched. This has profound consequences for democracy because asymmetry of knowledge translates into asymmetries of power.

Most Facebook users don’t know that it records a list of their interests, new study finds

Seventy-four percent of Facebook users are unaware that Facebook records a list of their interests for ad-targeting purposes, according to a new study from the Pew Institute.

Participants in the study were first pointed to Facebook’s ad preferences page, which lists out a person’s interests. Nearly 60 percent of participants admitted that Facebook’s lists of interests were very or somewhat accurate to their actual interests, and 51 percent said they were uncomfortable with Facebook creating the list.

Facebook has weathered serious questions about its collection of personal information in recent years. CEO Mark Zuckerberg testified before Congress last year acknowledging privacy concerns and touching upon the company’s collection of personal information. While Zuckerberg said Facebook users have complete control over the information they upload and the information Facebook uses to actively target ads at its users, it’s clear from the Pew study that most people are not aware of Facebook’s collection tactics.

The Pew study also demonstrates that, while Facebook offers a number of transparency and data control tools, most users are not aware of where they should be looking. Even when the relevant information is located, there are often multiple steps to go through to delete assigned interests.