Apple

Apple Terminated Epic's Developer Account (epicgames.com) 197

Epic Games, in a blog post: We recently announced that Apple approved our Epic Games Sweden AB developer account. We intended to use that account to bring the Epic Games Store and Fortnite to iOS devices in Europe thanks to the Digital Markets Act (DMA). To our surprise, Apple has terminated that account and now we cannot develop the Epic Games Store for iOS. This is a serious violation of the DMA and shows Apple has no intention of allowing true competition on iOS devices.

The DMA requires Apple to allow third-party app stores, like the Epic Games Store. Article 6(4) of the DMA says: "The gatekeeper shall allow and technically enable the installation and effective use of third-party software applications or software application stores using, or interoperating with, its operating system and allow those software applications or software application stores to be accessed by means other than the relevant core platform services of that gatekeeper."

In terminating Epic's developer account, Apple is taking out one of the largest potential competitors to the Apple App Store. They are undermining our ability to be a viable competitor and they are showing other developers what happens when you try to compete with Apple or are critical of their unfair practices. If Apple maintains its power to kick a third party marketplace off iOS at its sole discretion, no reasonable developer would be willing to utilize a third party app store, because they could be permanently separated from their audience at any time.
Apple said one of the reasons it terminated Epic's developer account only a few weeks after approving it was because the Fortnite-maker publicly criticized its proposed DMA compliance plan, Epic said.
IOS

iOS 17.4 Is Here and Ready For a Whole New Europe (theverge.com) 22

Jess Weatherbed reports via The Verge: Apple's iOS 17.4 update is now available, introducing new emoji and a cryptographic security protocol for iMessage, alongside some major changes to the App Store and contactless payments for the iPhone platform in Europe. Apple is making several of these changes to comply with the EU's Digital Markets Act (DMA), a law that aims to make the digital economy fairer by removing unfair advantages that tech giants hold over businesses and end users. iOS 17.4 will allow third-party developers to offer alternative app marketplaces and app downloads to EU users from outside the iOS App Store. Developers wanting to take advantage of this will be required to go through Apple's approval process and pay Apple a "Core Technology Fee" that charges 50 euro cents per install once an app reaches 1 million downloads annually. iPhone owners in the EU will see different update notes that specifically mention new options available for app stores, web browsers, and payment options.

The approval process may take some time, but we know that at least one enterprise-focused app marketplace from Mobivention will be available on March 7th. Epic is also working on releasing the Epic Game Store on iOS in 2024, and software company MacPaw is planning to officially launch its Setapp store in April. iOS 17.4 allows people in the EU to download alternative browser engines that aren't based on Apple's WebKit, such as Chrome and Firefox, with a new choice screen in iOS Safari that will prompt users to select a default browser when opened for the first time. While no browser alternatives have been officially announced, both Google and Mozilla are currently experimenting with new iOS browsers that could eventually be released to the public.

Apple is also introducing new APIs that allow third-party developers to utilize the iPhone's NFC payment chip for contactless payment services besides Apple Pay and Apple Wallet in the European Economic Area. No alternative contactless providers have been confirmed yet, but users will find a list of apps that have requested the feature under Settings > Privacy & Security > Contactless & NFC. While Apple previously revealed it was planning to drop support for progressive web apps (PWAs) in the EU to avoid building "an entirely new integration architecture" around DMA compliance, the company now says it will "continue to offer the existing Home Screen web apps capability" for EU users. However, these homescreen apps will still run using WebKit technology, with no option to be powered by third-party browser engines.

Government

Oregon OKs Right-To-Repair Bill That Bans the Blocking of Aftermarket Parts (arstechnica.com) 75

An anonymous reader quotes a report from Ars Technica: Oregon has joined the small but growing list of states that have passed right-to-repair legislation. Oregon's bill stands out for a provision that would prevent companies from requiring that official parts be unlocked with encrypted software checks before they will fully function. Bill SB 1596 passed Oregon's House by a 42 to 13 margin. Gov. Tina Kotek has five days to sign the bill into law. Consumer groups and right-to-repair advocates praised the bill as "the best bill yet," while the bill's chief sponsor, state Sen. Janeen Sollman (D), pointed to potential waste reductions and an improved second-hand market for closing a digital divide.

"Oregon improves on Right to Repair laws in California, Minnesota and New York by making sure that consumers have the choice of buying new parts, used parts, or third-party parts for the gadgets and gizmos," said Gay Gordon-Byrne, executive director of Repair.org, in a statement. Like bills passed in New York, California, and Minnesota, Oregon's bill requires companies to offer the same parts, tools, and documentation to individual and independent repair shops that are already offered to authorized repair technicians. Unlike other states' bills, however, Oregon's bill doesn't demand a set number of years after device manufacture for such repair implements to be produced. That suggests companies could effectively close their repair channels entirely rather than comply with the new requirements. California's bill mandated seven years of availability.

If signed, the law's requirements for parts, tools, and documentation would apply to devices sold after 2015, except for phones, which are covered after July 2021. The prohibition against parts pairing only covers devices sold in 2025 and later. Like other repair bills, a number of device categories are exempted, including video game consoles, HVAC and medical gear, solar systems, vehicles, and, very specifically, "Electric toothbrushes."

Education

In a First, US Students Will Take the SAT Entirely Online (npr.org) 76

The SAT, a college admissions exam that for nearly a century was completed using paper and pencil, is now officially all-digital. From a report: This week, students in the U.S. will begin taking the new SAT on their own devices -- including a tablet or a laptop -- or on school devices. The test is also one hour shorter (down from three hours), has shorter reading passages and uses digital tools, like a highlighter, a graphing calculator and a bookmark to go back to skipped questions. The revamped test, which ditches the paper and pencil, aims to make cheating harder and grading easier.

Students will still take the exam at a test center or at a high school. "Today's students, they do a lot of their living digitally, they do a lot of their learning digitally and they do a lot of their test taking digitally," says Priscilla Rodriguez, who oversees the SAT for the College Board, the organization behind the test. Throughout March and April, the College Board expects more than 1 million students to take the new digital SAT. Students can take the exam on Saturday test dates or during SAT School Days, where participating high schools offer the test to upperclassmen free of charge during the school day.

Bitcoin

Bitcoin Surges To Record Above $69,000 (bloomberg.com) 181

Bitcoin surged to a record as demand from new US exchange-traded funds and a looming reduction in the token's supply growth fuel a breathtaking rebound in the original cryptocurrency. From a report: The largest digital asset rose as much as 2.5% to $69,191.95 as of 10:10 a.m. Tuesday in New York. Bitcoin has climbed about 62% so far in 2024, outperforming global stocks and spreading optimism across the digital-asset market.

In an ironic twist, Bitcoin owes much of its resurgence to a regulator long-viewed as hostile to crypto: the US Securities and Exchange Commission. The SEC approved spot-Bitcoin exchange-traded funds in early January after suffering a legal defeat last year in its attempt to reject them. The move has widened the mass-market accessibility of Bitcoin, helping the crypto sector to turn the page following a bear market in 2022 and a string of subsequent bankruptcies, including the implosion of Sam Bankman-Fried's FTX exchange.

AI

Gartner Predicts Search Engine Volume Will Drop 25% by 2026, Due To AI Chatbots and Other Virtual Agents 93

Gartner: By 2026, traditional search engine volume will drop 25%, with search marketing losing market share to AI chatbots and other virtual agents, according to Gartner. "Organic and paid search are vital channels for tech marketers seeking to reach awareness and demand generation goals," said Alan Antin, Vice President Analyst at Gartner. "Generative AI (GenAI) solutions are becoming substitute answer engines, replacing user queries that previously may have been executed in traditional search engines. This will force companies to rethink their marketing channels strategy as GenAI becomes more embedded across all aspects of the enterprise."

With GenAI driving down the cost of producing content, there is an impact around activities including keyword strategy and website domain authority scoring. Search engine algorithms will further value the quality of content to offset the sheer amount of AI-generated content, as content utility and quality still reigns supreme for success in organic search results. There will also be a greater emphasis placed on watermarking and other means to authenticate high-value content. Government regulations across the globe are already holding companies accountable as they begin to require the identification of marketing content assets that AI creates. This will likely play a role in how search engines will display such digital content.
EU

European Commission Confirms Apple's Anti-Competitive Behavior Is Illegal and Harms Consumers (spotify.com) 87

The EU Commission on Monday fined Apple about $2 billion for stifling competition from rival music streaming services. In a blog post, Spotify writes: Apple's rules muzzled Spotify and other music streaming services from sharing with our users directly in our app about various benefits -- denying us the ability to communicate with them about how to upgrade and the price of subscriptions, promotions, discounts, or numerous other perks. Of course, Apple Music, a competitor to these apps, is not barred from the same behaviour. By requiring Apple to stop its illegal conduct in the EU, the EC is putting consumers first. It is a basic concept of free markets -- customers should know what options they have, and customers, not Apple, should decide what to buy, and where, when and how.

While we appreciate the EC addressing this important case, we also know that the details matter. Apple has routinely defied laws and court decisions in other markets. So we're looking forward to the next steps that will hopefully clearly and conclusively address Apple's long-standing unfair practices.

From the beginning, the foundational belief of the internet is that it should be a fair and open ecosystem. That belief has fueled growth, innovation and discovery around the world. Today the leading way people access the internet is via their mobile phones. So why should the same principles not apply? And while we are pleased that this case delivers some justice, it does not solve Apple's bad behaviour towards developers beyond music streaming in other markets around the world. Our work will not be done until we succeed in securing a truly fair digital marketplace everywhere and our commitment to helping to make this a reality remains unwavering.
Further reading: Apple's response.
Cloud

Propose Class Action Alleges Apple's Cloud Storage is an 'Illegal Monopoly' (thehill.com) 169

"Apple faces a proposed class action lawsuit alleging the company holds an illegal monopoly over digital storage for its customers," reports the Hill: The suit, filed Friday, claims "surgical" restraints prevent customers from effectively using any service except its iCloud storage system. iCloud is the only service that can host certain data from the company's phones, tablets and computers, including application data and device settings. Plaintiffs allege the practice has "unlawfully 'tied'" the devices and iCloud together... "As a result of this restraint, would-be cloud competitors are unable to offer Apple's device holders a full-service cloud-storage solution, or even a pale comparison."
The suit argues that there are "no technological or security justifications for this limitation on consumer choice," according to PC Magazine.

The class action's web site is arguing that "Consumers may have paid higher prices than they allegedly would have in a competitive market."
AI

How AI is Taking Water From the Desert (msn.com) 108

Microsoft built two datacenters west of Phoenix, with plans for seven more (serving, among other companies, OpenAI). "Microsoft has been adding data centers at a stupendous rate, spending more than $10 billion on cloud-computing capacity in every quarter of late," writes the Atlantic. "One semiconductor analyst called this "the largest infrastructure buildout that humanity has ever seen."

But is this part of a concerning trend? Microsoft plans to absorb its excess heat with a steady flow of air and, as needed, evaporated drinking water. Use of the latter is projected to reach more than 50 million gallons every year. That might be a burden in the best of times. As of 2023, it seemed absurd. Phoenix had just endured its hottest summer ever, with 55 days of temperatures above 110 degrees. The weather strained electrical grids and compounded the effects of the worst drought the region has faced in more than a millennium. The Colorado River, which provides drinking water and hydropower throughout the region, has been dwindling. Farmers have already had to fallow fields, and a community on the eastern outskirts of Phoenix went without tap water for most of the year... [T]here were dozens of other facilities I could visit in the area, including those run by Apple, Amazon, Meta, and, soon, Google. Not too far from California, and with plenty of cheap land, Greater Phoenix is among the fastest-growing hubs in the U.S. for data centers....

Microsoft, the biggest tech firm on the planet, has made ambitious plans to tackle climate change. In 2020, it pledged to be carbon-negative (removing more carbon than it emits each year) and water-positive (replenishing more clean water than it consumes) by the end of the decade. But the company also made an all-encompassing commitment to OpenAI, the most important maker of large-scale AI models. In so doing, it helped kick off a global race to build and deploy one of the world's most resource-intensive digital technologies. Microsoft operates more than 300 data centers around the world, and in 2021 declared itself "on pace to build between 50 and 100 new datacenters each year for the foreseeable future...."

Researchers at UC Riverside estimated last year... that global AI demand could cause data centers to suck up 1.1 trillion to 1.7 trillion gallons of freshwater by 2027. A separate study from a university in the Netherlands, this one peer-reviewed, found that AI servers' electricity demand could grow, over the same period, to be on the order of 100 terawatt hours per year, about as much as the entire annual consumption of Argentina or Sweden... [T]ensions over data centers' water use are cropping up not just in Arizona but also in Oregon, Uruguay, and England, among other places in the world.

The article points out that Microsoft "is transitioning some data centers, including those in Arizona, to designs that use less or no water, cooling themselves instead with giant fans." And an analysis (commissioned by Microsoft) on the impact of one building said it would use about 56 million gallons of drinking water each year, equivalent to the amount used by 670 families, according to the article. "In other words, a campus of servers pumping out ChatGPT replies from the Arizona desert is not about to make anyone go thirsty."
Programming

'Communications of the ACM' Is Now Open Access (acm.org) 25

Long-time Slashdot reader theodp writes: CACM [Communications of the ACM] Is Now Open Access," proclaims the Association for Computing Machinery (ACM) in its tear-down-this-CACM-paywall announcement. "More than six decades of CACM's renowned research articles, seminal papers, technical reports, commentaries, real-world practice, and news articles are now open to everyone, regardless of whether they are members of ACM or subscribe to the ACM Digital Library."

Ironically, clicking on Google search results for older CACM articles on Aaron Swartz currently returns page-not-found error messages and the CACM's own search can't find Aaron Swarz either, so perhaps there's some work that remains to be done with the transition to CACM's new website. ACM plans to open its entire archive of over 600,000 articles when its five-year transition to full Open Access is complete (January 2026 target date).

"They are right..." the site's editor-in-chief told Slashdot. "We need to get Google to reindex the new site ASAP."
Open Source

Linux Foundation Launches Open Source Fraud Prevention Solutions, Supported By Gates Foundation (linuxfoundation.org) 20

This week Linux Foundation Charities launched "a groundbreaking open source software solution for real-time fraud prevention" named Tazama — "with support from the Bill & Melinda Gates Foundation."

They're calling it "the first-ever open source platform dedicated to enhancing fraud management in digital payments." Until now, the financial industry has grappled with proprietary and often costly solutions that have limited access and adaptability for many, especially in developing economies.

This challenge is underscored by the Global Anti-Scam Alliance, which reported that nearly $1 trillion was lost to online fraud in 2022. Tazama challenges this status quo by providing a powerful, scalable, and cost-effective alternative that democratizes access to advanced financial monitoring tools that can help combat fraud... The solution's architecture emphasizes data sovereignty, privacy, and transparency, aligning with the priorities of governments worldwide. Hosted by LF Charities, which will support the operation and function of the project, Tazama showcases the scalability and robustness of open source solutions, particularly in critical infrastructure like national payment switches.

Jim Zemlin, executive director of the Linux Foundation, described their reaction as "excited to see an open source solution that not only enhances financial security but also provides a platform for our community to actively contribute to a project with broad societal impacts."

And the announcement also includes a comment from the Bill & Melinda Gates Foundation's deputy director for payment systems. "This pioneering open source platform helps address critical challenges like fraud detection and compliance and paves the way for innovative, inclusive financial solutions that serve everyone, especially those in low-income countries.

"The launch of Tazama signifies another stride towards securing and democratizing digital financial services."
EU

Spotify, Epic Games, and Others Argue Apple's App Store Changes Do Not Comply With DMA (macrumors.com) 47

An anonymous reader quotes a report from MacRumors: Spotify, Epic Games, Deezer, Paddle, and several other developers and EU associations today sent a joint letter to the European Commission to complain about Apple's "proposed scheme for compliance" with the Digital Markets Act (DMA). The 34 companies and associations do not believe Apple's plans "meet the law's requirements." Apple's changes "disregard both the spirit and letter of the law" and if left unchanged, will "make a mockery of the DMA," according to the letter. Several specific components of Apple's plan are highlighted, including the Core Technology Fee, the Notarization process, and the terms that developers must accept:

- Apple's requirement to stay with the current App Store terms or opt in to new terms provides developers with "an unworkable choice" that adds complexity and confusion. The letter suggests that neither option is DMA compliant and would "consolidate Apple's stronghold over digital markets."
- The Core Technology Fee and transaction fees will hamper competition and will prevent developers from agreeing to the "unjust terms."
- Apple is using "unfounded privacy and security concerns" to limit user choice. The "scare screens" that Apple plans to show users will "mislead and degrade the user experience."
- Apple is not allowing sideloading, and it is making the installation and use of new app stores "difficult, risky and financially unattractive for developers."

The companies and associations are urging the European Union to take "swift, timely and decisive action against Apple." The way the European Commission responds to Apple's proposal "will serve as a litmus test of the DMA and whether it can deliver for Europe's citizens and economy."
Further reading: Apple Backtracks on Removing EU Home Screen Web Apps in iOS 17.4
Canada

Police Now Need Warrant For IP Addresses, Canada's Top Court Rules (www.cbc.ca) 36

The Supreme Court of Canada ruled today that police must now have a warrant or court order to obtain a person or organization's IP address. CBC News reports: The top court was asked to consider whether an IP address alone, without any of the personal information attached to it, was protected by an expectation of privacy under the Charter. In a five-four split decision, the court said a reasonable expectation of privacy is attached to the numbers making up a person's IP address, and just getting those numbers alone constitutes a search. Writing for the majority, Justice Andromache Karakatsanis wrote that an IP address is "the crucial link between an internet user and their online activity." "Thus, the subject matter of this search was the information these IP addresses could reveal about specific internet users including, ultimately, their identity." Writing for the four dissenting judges, Justice Suzanne Cote disagreed with that central point, saying there should be no expectation of privacy around an IP address alone. [...]

In the Supreme Court majority decision, Karakatsanis said that only considering the information associated with an IP address to be protected by the Charter and not the IP address itself "reflects piecemeal reasoning" that ignores the broad purpose of the Charter. The ruling said the privacy interests cannot be limited to what the IP address can reveal on its own "without consideration of what it can reveal in combination with other available information, particularly from third-party websites." It went on to say that because an IP address unlocks a user's identity, it comes with a reasonable expectation of privacy and is therefore protected by the Charter. "If [the Charter] is to meaningfully protect the online privacy of Canadians in today's overwhelmingly digital world, it must protect their IP addresses," the ruling said.

Justice Cote, writing on behalf of justices Richard Wagner, Malcolm Rowe and Michelle O'Bonsawin, acknowledged that IP addresses "are not sought for their own sake" but are "sought for the information they reveal." "However, the evidentiary record in this case establishes that an IP address, on its own, reveals only limited information," she wrote. Cote said the biographical personal information the law was designed to protect are not revealed through having access to an IP address. Police must use that IP address to access personal information that is held by an ISP or a website that tracks customers' IP addresses to determine their habits. "On its own, an IP address does not even reveal browsing habits," Cote wrote. "What it reveals is a user's ISP -- hardly a more private piece of information than electricity usage or heat emissions." Cote said placing a reasonable expectation of privacy on an IP address alone upsets the careful balance the Supreme Court has struck between Canadians' privacy interests and the needs of law enforcement. "It would be inconsistent with a functional approach to defining the subject matter of the search to effectively hold that any step taken in an investigation engages a reasonable expectation of privacy," the dissenting opinion said.

Apple

Number of Government Agencies Have Concerns About 'Sideloading' on iPhone, Apple Says (reuters.com) 109

A number of government agencies in the European Union and elsewhere have voiced concerns about security risks as Apple opens up its iPhones and iPads to rival app stores to comply with EU tech rules, Apple said on Friday. From a report: Under the Digital Markets Act, from March 7 Apple will be required to offer alternative app stores on iPhones and allow developers to opt out of using its in-app payment system, which charges fees of up to 30%. The U.S. tech giant, which on Jan. 24 detailed the changes to bring its App Store in line with the EU rules, said "sideloading" has sparked concerns from both EU and non-EU government agencies and users.
Government

How the Pentagon Learned To Use Targeted Ads To Find Its Targets (wired.com) 55

An anonymous reader quotes an excerpt from a Wired article: In 2019, a government contractor and technologist named Mike Yeagley began making the rounds in Washington, DC. He had a blunt warning for anyone in the country's national security establishment who would listen: The US government had a Grindr problem. A popular dating and hookup app, Grindr relied on the GPS capabilities of modern smartphones to connect potential partners in the same city, neighborhood, or even building. The app can show how far away a potential partner is in real time, down to the foot. But to Yeagley, Grindr was something else: one of the tens of thousands of carelessly designed mobile phone apps that leaked massive amounts of data into the opaque world of online advertisers. That data, Yeagley knew, was easily accessible by anyone with a little technical know-how. So Yeagley -- a technology consultant then in his late forties who had worked in and around government projects nearly his entire career -- made a PowerPoint presentation and went out to demonstrate precisely how that data was a serious national security risk.

As he would explain in a succession of bland government conference rooms, Yeagley was able to access the geolocation data on Grindr users through a hidden but ubiquitous entry point: the digital advertising exchanges that serve up the little digital banner ads along the top of Grindr and nearly every other ad-supported mobile app and website. This was possible because of the way online ad space is sold, through near-instantaneous auctions in a process called real-time bidding. Those auctions were rife with surveillance potential. You know that ad that seems to follow you around the internet? It's tracking you in more ways than one. In some cases, it's making your precise location available in near-real time to both advertisers and people like Mike Yeagley, who specialized in obtaining unique data sets for government agencies.

Working with Grindr data, Yeagley began drawing geofences -- creating virtual boundaries in geographical data sets -- around buildings belonging to government agencies that do national security work. That allowed Yeagley to see what phones were in certain buildings at certain times, and where they went afterwards. He was looking for phones belonging to Grindr users who spent their daytime hours at government office buildings. If the device spent most workdays at the Pentagon, the FBI headquarters, or the National Geospatial-Intelligence Agency building at Fort Belvoir, for example, there was a good chance its owner worked for one of those agencies. Then he started looking at the movement of those phones through the Grindr data. When they weren't at their offices, where did they go? A small number of them had lingered at highway rest stops in the DC area at the same time and in proximity to other Grindr users -- sometimes during the workday and sometimes while in transit between government facilities. For other Grindr users, he could infer where they lived, see where they traveled, even guess at whom they were dating.

Intelligence agencies have a long and unfortunate history of trying to root out LGBTQ Americans from their workforce, but this wasn't Yeagley's intent. He didn't want anyone to get in trouble. No disciplinary actions were taken against any employee of the federal government based on Yeagley's presentation. His aim was to show that buried in the seemingly innocuous technical data that comes off every cell phone in the world is a rich story -- one that people might prefer to keep quiet. Or at the very least, not broadcast to the whole world. And that each of these intelligence and national security agencies had employees who were recklessly, if obliviously, broadcasting intimate details of their lives to anyone who knew where to look. As Yeagley showed, all that information was available for sale, for cheap. And it wasn't just Grindr, but rather any app that had access to a user's precise location -- other dating apps, weather apps, games. Yeagley chose Grindr because it happened to generate a particularly rich set of data and its user base might be uniquely vulnerable.
The report goes into great detail about how intelligence and data analysis techniques, notably through a program called Locomotive developed by PlanetRisk, enabled the tracking of mobile devices associated with Russian President Vladimir Putin's entourage. By analyzing commercial adtech data, including precise geolocation information collected from mobile advertising bid requests, analysts were able to monitor the movements of phones that frequently accompanied Putin, indicating the locations and movements of his security personnel, aides, and support staff.

This capability underscored the surveillance potential of commercially available data, providing insights into the activities and security arrangements of high-profile individuals without directly compromising their personal devices.
Privacy

Cheap Doorbell Cameras Can Be Easily Hijacked, Says Consumer Reports (arstechnica.com) 23

An anonymous reader quotes a report from Ars Technica: Video doorbell cameras have been commoditized to the point where they're available for $30-$40 on marketplaces like Amazon, Walmart, Temu, and Shein. The true cost of owning one might be much greater, however. Consumer Reports (CR) has released the findings of a security investigation into two budget-minded doorbell brands, Eken and Tuck, which are largely the same hardware produced by the Eken Group in China, according to CR. The cameras are further resold under at least 10 more brands. The cameras are set up through a common mobile app, Aiwit. And the cameras share something else, CR claims: "troubling security vulnerabilities."

Among the camera's vulnerabilities cited by CR:
- Sending public IP addresses and Wi-Fi SSIDs (names) over the Internet without encryption
- Takeover of the cameras by putting them into pairing mode (which you can do from a front-facing button on some models) and connecting through the Aiwit app
- Access to still images from the video feed and other information by knowing the camera's serial number.

CR also noted that Eken cameras lacked an FCC registration code. More than 4,200 were sold in January 2024, according to CR, and often held an Amazon "Overall Pick" label (as one model did when an Ars writer looked on Wednesday). CR issued vulnerability disclosures to Eken and Tuck regarding its findings. The disclosures note the amount of data that is sent over the network without authentication, including JPEG files, the local SSID, and external IP address. It notes that after a malicious user has re-paired a doorbell with a QR code generated by the Aiwit app, they have complete control over the device until a user sees an email from Eken and reclaims the doorbell.
"These video doorbells from little known manufacturers have serious security and privacy vulnerabilities, and now they've found their way onto major digital marketplaces such as Amazon and Walmart," said Justin Brookman, director of tech policy at Consumer Reports, in a statement. "Both the manufacturers and platforms that sell the doorbells have a responsibility to ensure that these products are not putting consumers in harm's way."
Bitcoin

Winklevoss Twins' Start-Up Will Pay Burned Customers $1 Billion (thedailybeast.com) 17

Emily Shugerman reports via The Daily Beast: Gemini, the crypto startup owned by the Winklevoss twins, will have to return $1.1 billion to customers who lost money in their partnership with the now-bankrupt crypto lender Genesis. In a deal with the New York State Department of Financial Services, Gemini agreed to return the funds lost by customers of its Earn program, in which users could loan their crypto to Genesis in exchange for interest payments. According to the Department of Financial Services, Gemini "did not fully vet or sufficiently monitor [Genesis] throughout the life of Earn," and the company defaulted on its loans and then went bankrupt, leaving some 200,000 Earn customers empty-handed. "Gemini failed to conduct due diligence on an unregulated third party, later accused of massive fraud, harming Earn customers who were suddenly unable to access their assets after Genesis Global Capital experienced a financial meltdown," DFS Superintendent Adrienne A.Harris said in a statement. "Today's settlement is a win for Earn customers, who have a right to the assets they entrusted to Gemini."

In a tweet, Gemini said it was "pleased to announce that we have finally reached a settlement in principle with Genesis and other creditors in the Genesis Bankruptcy that will, if approved by the Bankruptcy Court, result in all Earn users receiving 100% of their digital assets back in kind." The DFS said Gemini would also pay $40 million to the Genesis bankruptcy for the benefit of Earn customers, as well as a $37 million fine for "significant failures that threatened the safety and soundness of the company."

Bitcoin

Reddit Discloses Bitcoin and Ether Investments In IPO Filing (techreport.com) 7

As part of its IPO filing with the SEC, Reddit disclosed that it has invested some of its excess cash in bitcoin, ether and Polygon. From a report: Based on the document, the firm now holds BTC and ETH in its balance sheet. Notably, Reddit filing came as part of the IPO registration statement with the SEC. Apart from ETH and BTC, the filing revealed Reddit's investment in Polygon (MATIC). According to the document, the social media platform plans to use both Ether and Polygon as a form of payment for digital goods. Further, Reddit noted that the amount of Polygon and Ethereum from virtual goods is currently immaterial. However, it indicated the possibility of a continuous addition of Bitcoin and Ethereum to its treasury. Also, it plans to keep trying out its passion for virtual goods. Moreover, the document revealed that Reddit made the investments using some of its excess cash reserves. However, the firm didn't disclose details of the crypto investments it made.

Reddit's filing document revealed why the popular social media platform dabbled into crypto. According to the firm, it holds Bitcoin and Ethereum to enable its engineering and product teams to use them. Further, it cited the present regulatory stance that suggests these two assets are potentially non-securities under US laws. Also, Reddit disclosed its plans to expand its crypto holding by including other digital assets in its balance sheet. However, it highlighted that such a move will depend on future regulations that exempt crypto as a security.

Programming

White House Urges Devs To Switch To Memory-Safe Programming Languages (infoworld.com) 228

Tontoman shares a report: The White House Office of the National Cyber Director (ONCD) urged tech companies to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities. Such vulnerabilities are coding errors or weaknesses within software that can lead to memory management issues when memory can be accessed, written, allocated, or deallocated. They occur when software accesses memory in unintended or unsafe ways, resulting in various security risks and issues like buffer overflow, use after free, use of uninitialized memory, and double free that attackers can exploit.

Successful exploitation carries severe risks, potentially enabling threat actors to gain unauthorized access to data or execute malicious code with the privileges of the system owner. "For over 35 years, this same class of vulnerability has vexed the digital ecosystem. The challenge of eliminating entire classes of software vulnerabilities is an urgent and complex problem. Looking forward, new approaches must be taken to mitigate this risk," ONCD's report says. "The highest leverage method to reduce memory safety vulnerabilities is to secure one of the building blocks of cyberspace: the programming language. Using memory safe programming languages can eliminate most memory safety errors."

The Almighty Buck

Uber-Like Surge Pricing Is Coming For Fast Food (sfgate.com) 198

Fast food chain Wendy's announced it's adopting a similar approach to Uber's Surge Pricing policy by dynamically adjusting the prices of its menu items during peak demand periods at certain locations. The controversial strategy seeks to leverage real-time data to align pricing and demand, enhancing efficiency and potentially improving customer satisfaction. From a report: During a conference call earlier this month, Wendy's CEO Kirk Tanner said the fast-food chain would experiment with dynamic pricing as early as next year. "Beginning as early as 2025, we will begin testing more enhanced features like dynamic pricing and daypart offerings, along with AI-enabled menu changes and suggestive selling," he said. "As we continue to show the benefit of this technology in our company-operated restaurants, franchisee interest in digital menu boards should increase, further supporting sales and profit growth across the system."

Prices seesaw all the time on the sites of online retailers like Amazon that use algorithms and artificial intelligence to monitor competitors and glean insights into individual shoppers, adjusting prices depending on interest in the product or in the brand, said Timothy Webb, an assistant professor at the University of Delaware's hospitality and sport business management program. Coupons and other offers are also routinely dangled in mobile apps to encourage people to make purchases. "A lot of this stuff is already happening even if you don't realize that it is happening. If you have the Starbucks app and I have the Starbucks app, we probably have different offers," Webb said. "We might not be in the drive-through and they just increased the prices, but we are already paying different prices for the same products."

But, he says, Wendy's fans will likely see moderate, not massive, price swings during periods of peak demand. "It's not like $200 or $300 on a flight. This is a hypercompetitive industry. If Wendy's goes up $2 to $3 on a burger at dinner time, I would be shocked. People have too many options. They will just walk down the street and eat at Burger King instead," Webb said. "There will just be little price changes here."

Slashdot Top Deals