TikTok Unveils New US-Based ‘Transparency and Accountability Center’

The Verge was part of “a handful” of journalists invited to Los Angeles to tour TikTok’s new “Transparency and Accountability Center…. part of a multi-week press blitz by TikTok to push Project Texas, a novel proposal to the US government that would partition off American user data in lieu of a complete ban.”
TikTok says it has already taken thousands of people and over $1.5 billion to create Project Texas. The effort involves TikTok creating a separate legal entity dubbed USDS with an independent board from ByteDance that reports directly to the US government. More than seven outside auditors, including Oracle, will review all data that flows in and out of the US version of TikTok. Only American user data will be available to train the algorithm in the US, and TikTok says there will be strict compliance requirements for any internal access to US data. If the proposal is approved by the government, it will cost TikTok an estimated $700 million to $1 billion per year to maintain…..
At one point during the tour, I tried asking what would hypothetically happen if, once Project Texas is greenlit, a Bytedance employee in China makes an uncomfortable request to an employee in TikTok’s US entity. I was quickly told by a member of TikTok’s PR team that the question wasn’t appropriate for the tour.

Other notes from the tour:

The journalists weren’t allowed to enter a special server room “housing the app’s source code for outside auditors to review.”

A room that explained TikTok’s algorithm using iMacs running “code simulators” was “frustratingly vague”

“Despite it being called a transparency center, TikTok’s PR department made everyone agree to not quote or directly attribute comments made by employees leading the tour.”

The Verge ultimately concludes TikTok’s Transparency and Accountability Center is “a lot of smoke and mirrors designed to give the impression that it really cares.”

Read more of this story at Slashdot.

Are Citywide Surveillance Cameras Effective?

The Washington Post looks at the effectiveness — and the implications — of “citywide surveillance” networks, including Memphis’s SkyCop , “built on 2,100 cameras that broadcast images back to a police command center every minute of every day.”

Known for their blinking blue lights, the SkyCop cameras now blanket many of the city’s neighborhoods, gas stations, sidewalks and parks. The company that runs SkyCop, whose vice president of sales previously worked for the Memphis police, promotes it as a powerful crime deterrent that can help “neighborhoods take back their streets.” But after a decade in which Memphis taxpayers have paid $10 million to expand the surveillance system, crime in the city has gone up….

No agency tracks nationwide camera installation statistics, but major cities have invested heavily in such networks. Police in Washington, D.C., said they had deployed cameras at nearly 300 intersections by 2021, up from 48 in 2007. In Chicago, more than 30,000 cameras are viewable by police; in parts of New York City, the cameras watch every block. Yet researchers have found no substantive evidence that the cameras actually reduce crime….

In federal court, judges have debated whether round-the-clock police video recording could constitute an unreasonable search as prohibited by the Fourth Amendment. Though the cameras are installed in public areas, they also capture many corners of residential life, including people’s doors and windows. “Are we just going to put these cameras in front of everybody’s house and monitor them and see if anybody’s up to anything?” U.S. Circuit Judge O. Rogeriee Thompson said during oral arguments for one such case in 2021….

Dave Maass, a director at the digital rights group Electronic Frontier Foundation who researches police surveillance technology, said these systems have expanded rapidly in the United States without real evidence that they have led to a drop in crime. “This often isn’t the community coming in and asking for it, it’s police going to conferences where … vendors are promising the world and that they’ll miraculously solve crimes,” Maass said. “But it’s just a commercial thing. It’s just business.”
Nonetheless, the Post notes that in Memphis many SkyCop cameras are even outfitted “with license-plate recognition software that records the time and location of every passing car.”

Read more of this story at Slashdot.

‘My Printer Is Extorting Me’, Complains Subscriber to HP’s ‘Instant Ink’ Program

A writer for the Atlantic complains that their HP printer is shaking them down like a loan shark.
I discovered an error message on my computer indicating that my HP OfficeJet Pro had been remotely disabled by the company. When I logged on to HP’s website, I learned why: The credit card I had used to sign up for HP’s Instant Ink cartridge-refill program had expired, and the company had effectively bricked my device in response….

Instant Ink is a monthly subscription program that purports to monitor one’s printer usage and ink levels and automatically send new cartridges when they run low. The name is misleading, because the monthly fee is not for the ink itself but for the number of pages printed. (The recommended household plan is $5.99 a month for 100 pages). Like others, I signed up in haste during the printer-setup process, only slightly aware of what I was purchasing. Getting ink delivered when I need it sounded convenient enough to me….

The monthly fee is incurred whether you print or not, and the ink cartridges occupy some liminal ownership space. You possess them, but you are, in essence, renting both them and your machine while you’re enrolled in the program…. Here was a piece of technology that I had paid more than $200 for, stocked with full ink cartridges. My printer, gently used, was sitting on my desk in perfect working order but rendered useless by Hewlett-Packard, a tech corporation with a $28 billion market cap at the time of writing, because I had failed to make a monthly payment for a service intended to deliver new printer cartridges that I did not yet need….

There are tales of woe across HP’s customer-support site, in Reddit threads, and on Twitter. A pending class-action lawsuit in California alleges that the Instant Ink program has “significant catches” and does not deliver new cartridges on time or allow those enrolled to use cartridges purchased outside the subscription service, rendering the consumer frequently unable to print. Parker Truax, a spokesperson for HP, told me, “Instant Ink cartridges will continue working until the end of the current billing cycle in which [a customer cancels]. To continue printing after they discontinue their Instant Ink subscription and their billing cycle ends, they can purchase and use HP original Standard or XL cartridges.”
“Nobody told me that if I canceled, then all those cartridges would stop working,” complains another owner of an HP printer cited in the article. “I guess this is our future, where your printer ink spies on you.”

But the article ultimately concludes that the printer’s shakedown is “just one example of how digital subscriptions have permeated physical tech so thoroughly that they are blurring the lines of ownership. Even if I paid for it, can I really say that I own my printer if HP can flip a switch and make it inert?”

Read more of this story at Slashdot.

Apple Watches and iPhones are Placing Dozens of False Distress Calls About Skiers

Dispatchers for 911 emergency calls “are being inundated with false, automated distress calls from Apple devices owned by skiers who are very much alive,” reports the New York Times:

“Do you have an emergency?” [911 emergency dispatcher] Betts asked. No, the man said, he was skiing — safely, happily, unharmed. Slightly annoyed, he added, “For the last three days, my watch has been dialing 911.”

Winter has brought a decent amount of snowfall to [Colorado]’s ski resorts, and with it an avalanche of false emergency calls. Virtually all of them have been placed by Apple Watches or iPhone 14s under the mistaken impression that their owners have been debilitated in collisions. As of September, these devices have come equipped with technology meant to detect car crashes and alert 911 dispatchers. It is a more sensitive upgrade to software on Apple devices, now several years old, that can detect when a user falls and then dial for help. But the latest innovation appears to send the device into overdrive: It keeps mistaking skiers, and some other fitness enthusiasts, for car-wreck victims.

Lately, emergency call centers in some ski regions have been inundated with inadvertent, automated calls, dozens or more a week. Phone operators often must put other calls, including real emergencies, on hold to clarify whether the latest siren has been prompted by a human at risk or an overzealous device. “My whole day is managing crash notifications,” said Trina Dummer, interim director of Summit County’s emergency services, which received 185 such calls in the week from Jan. 13 to Jan. 22. (In winters past, the typical call volume on a busy day was roughly half that.) Ms. Dummer said that the onslaught was threatening to desensitize dispatchers and divert limited resources from true emergencies.

“Apple needs to put in their own call center if this is a feature they want,” she said.

Apple acknowledged this was occuring in “some specific scenarios,” the Times reports — but a spokesperson also “noted that when a crash is detected, the watch buzzes and sends a loud warning alerting the user that a call is being placed to 911, and it provides 10 seconds in which to cancel the call.”

But the Times points out that “skiers, in helmets and layers of clothing, often do not to detect the warning, so they may not cancel the call or respond to the 911 dispatcher.”

Read more of this story at Slashdot.

‘Legend of Zelda: A Link to the Past’ Reverse-Engineered for Linux, Switch, Mac, and Windows

More than 30 years ago Nintendo released the third game in its Legend of Zelda series — appropriately titled, “A Link to the Past.”

This week Neowin called it “one of the most beloved video games of all time,” reporting that it’s now been reverse-engineered by a GitHub user named Snesrev, “opening up the possibility of Link to the Past on other platforms, like Sega’s 32X or the Sony Playstation.”

This reimplementation of Link to the Past is written in C and contains an astonishing 80,000 lines of code. This version is also content complete, with all the same levels, enemies, and puzzles that fans of the original game will remember.

In its current state, the game requires the PPU and DSP libraries from LakeSNES, a fast SNES emulator with a number of speed optimizations that make the game run faster and smoother than ever before. Breaking from the LakeSNES dependency, which allows for compatibility on modern operating systems, would allow the code to be built for retro hardware. It also offers one of the craziest features I have seen in a long time; the game can run the original machine code alongside the reverse-engineered C implementation. This works by creating a save-state on both versions of the game after every frame of gameplay, comparing their state and proving that the reimplementation works…. Snesrev now works alongside 19 other contributors.

Despite the immense amount of work that went into this project, the result is brilliant. Not only does the game play just like the original, it also includes a number of new features that were not present in the original. For example, the game now supports pixel shaders, which allow for even more stunning visuals. It also supports widescreen aspect-ratios, giving players a wider field of view, making the game even more immersive on modern displays. Another new feature of this reimplementation is the higher quality world map. The new map is much more detailed and gives players a better sense of the world they are exploring….
The amount of time, effort, and talent that went into creating this is simply astonishing.
Thanks to Slashdot reader segaboy81 for sharing the article.

Read more of this story at Slashdot.

Think Twice Before Using Google To Download Software, Researchers Warn

Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous, according to researchers and a pseudorandom collection of queries. Ars Technica reports: “Threat researchers are used to seeing a moderate flow of malvertising via Google Ads,” volunteers at Spamhaus wrote on Thursday. “However, over the past few days, researchers have witnessed a massive spike affecting numerous famous brands, with multiple malware being utilized. This is not “the norm.'”

The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros. Over the past month, Google Ads has become the go-to place for criminals to spread their malicious wares that are disguised as legitimate downloads by impersonating brands such as Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, Tor, and Thunderbird.

On the same day that Spamhaus published its report, researchers from security firm Sentinel One documented an advanced Google malvertising campaign pushing multiple malicious loaders implemented in .NET. Sentinel One has dubbed these loaders MalVirt. At the moment, the MalVirt loaders are being used to distribute malware most commonly known as XLoader, available for both Windows and macOS. XLoader is a successor to malware also known as Formbook. Threat actors use XLoader to steal contacts’ data and other sensitive information from infected devices. The MalVirt loaders use obfuscated virtualization to evade end-point protection and analysis. To disguise real C2 traffic and evade network detections, MalVirt beacons to decoy command and control servers hosted at providers including Azure, Tucows, Choopa, and Namecheap. “Until Google devises new defenses, the decoy domains and other obfuscation techniques remain an effective way to conceal the true control servers used in the rampant MalVirt and other malvertising campaigns,” concludes Ars. “It’s clear at the moment that malvertisers have gained the upper hand over Google’s considerable might.”

Read more of this story at Slashdot.

Dashlane Publishes Its Source Code To GitHub In Transparency Push

Password management company Dashlane has made its mobile app code available on GitHub for public perusal, a first step it says in a broader push to make its platform more transparent. TechCrunch reports: The Dashlane Android app code is available now alongside the iOS incarnation, though it also appears to include the codebase for its Apple Watch and Mac apps even though Dashlane hasn’t specifically announced that. The company said that it eventually plans to make the code for its web extension available on GitHub too. Initially, Dashlane said that it was planning to make its codebase “fully open source,” but in response to a handful of questions posed by TechCrunch, it appears that won’t in fact be the case.

At first, the code will be open for auditing purposes only, but in the future it may start accepting contributions too –” however, there is no suggestion that it will go all-in and allow the public to fork or otherwise re-use the code in their own applications. Dashlane has released the code under a Creative Commons Attribution-NonCommercial 4.0 license, which technically means that users are allowed to copy, share and build upon the codebase so long as it’s for non-commercial purposes. However, the company said that it has stripped out some key elements from its release, effectively hamstringing what third-party developers are able to do with the code. […]

“The main benefit of making this code public is that anyone can audit the code and understand how we build the Dashlane mobile application,” the company wrote. “Customers and the curious can also explore the algorithms and logic behind password management software in general. In addition, business customers, or those who may be interested, can better meet compliance requirements by being able to review our code.” On top of that, the company says that a benefit of releasing its code is to perhaps draw-in technical talent, who can inspect the code prior to an interview and perhaps share some ideas on how things could be improved. Moreover, so-called “white-hat hackers” will now be better equipped to earn bug bounties. “Transparency and trust are part of our company values, and we strive to reflect those values in everything we do,” Dashlane continued. “We hope that being transparent about our code base will increase the trust customers have in our product.”

Read more of this story at Slashdot.

Startups Capture CO2 and Store It In Concrete

A California startup using rocks to soak up carbon dioxide from the air has teamed up with a Canadian company to mineralize the gas in concrete, a technological tie-up that is a first and they say could provide a model for fighting climate change globally. Reuters reports: Heirloom Carbon Technologies delivered about 30 kg (66 lb) of CO2 collected from the air around its San Francisco Bay Area headquarters to neighboring Central Concrete, a Vulcan Materials’ (VMC.N) subsidiary that on Wednesday incorporated the gas into new concrete. That’s equivalent to tailpipe emissions of driving about 75 miles (120 km) in a car. The joint effort was the first time that carbon dioxide absorbed from the atmosphere using such Direct Air Capture (DAC) technology had been secured in concrete, where the CO2 will stay put for centuries, several scientists said.

Heirloom heats crushed limestone to release naturally absorbed CO2, then puts the CO2-starved rock on columns of huge trays, where they act like sponges, soaking up close to half their weight in the gas over three days. The rock is then heated to release the collected ambient carbon dioxide, and the cycle repeats. Canada’s CarbonCure, the concrete technology company, mixes CO2 with concrete ingredients, turning it into a mineral that strengthens the concrete, cutting the need for cement — the part of concrete with the biggest carbon footprint.

Read more of this story at Slashdot.