Website Fined By German Court For Leaking Visitor’s IP Address Via Google Fonts

Earlier this month, a German court fined an unidentified website $110 for violating EU privacy law by importing a Google-hosted web font. The Register reports: The decision, by Landgericht Munchen’s third civil chamber in Munich, found that the website, by including Google-Fonts-hosted font on its pages, passed the unidentified plaintiff’s IP address to Google without authorization and without a legitimate reason for doing so. And that violates Europe’s General Data Protection Regulation (GDPR). That is to say, when the plaintiff visited the website, the page made the user’s browser fetch a font from Google Fonts to use for some text, and this disclosed the netizen’s IP address to the US internet giant. This kind of hot-linking is normal with Google Fonts; the issue here is that the visitor apparently didn’t give permission for their IP address to be shared. The website could have avoided this drama by self-hosting the font, if possible.

The decision says IP addresses represent personal data because it’s theoretically possible to identify the person associated with an IP address, and that it’s irrelevant whether the website or Google has actually done so. The ruling directs the website to stop providing IP addresses to Google and threatens the site operator with a fine of 250,000 euros for each violation, or up to six months in prison, for continued improper use of Google Fonts. Google Fonts is widely deployed — the Google Fonts API is used by about 50m websites. The API allows websites to style text with Google Fonts stored on remote servers — Google’s or a CDN’s — that get fetched as the page loads. Google Fonts can be self-hosted to avoid running afoul of EU rules and the ruling explicitly cites this possibility to assert that relying on Google-hosted Google Fonts is not defensible under the law.

Read more of this story at Slashdot.

Can AI Help Us Reimagine Chess?

Three research scientists at DeepMind Technologies teamed up with former world chess champion Vladimir Kramnik to “explore what variations of chess would look like at superhuman level,” according to their new article in Communications of the ACM. Their paper argues that using neural networks and advanced reinforcement learning algorithms can not only surpass all human knowledge of chess, but also “allow us to reimagine the game as we know it….”

“For example, the ‘castling’ move was only introduced in its current form in the 17th century. What would chess have been like had castling not been incorporated into the rules?”

AfterAlphaZero was trained to play 9 different “variants” of chess, it then played 11,000 games against itself, while the researchers assessed things like the number of stalemates and how often the special new moves were actually used. The variations tested:

– Castling is no longer allowed
– Castling is only allowed after the 10th move
– Pawns can only move one square
– Stalemates are a win for the attacking side (rather than a draw)
– Pawns have the option of moving two squares on any turn (and can also be captured en passant if they do)
– Pawns have the option of moving two squares — but only when they’re in the second or third row of squares. (After which they can be captured en passant )
– Pawns can move backwards (except from their starting square).
– Pawns can also move sideways by one square.
– It’s possible to capture your own pieces.
“The findings of our quantitative and qualitative analysis demonstrate the rich possibilities that lie beyond the rules of modern chess.”

AlphaZero’s ability to continually improve its understanding of the game, and reach superhuman playing strength in classical chess and Go, lends itself to the question of assessing chess variants and potential variants of other board games in the future. Provided only with the implementation of the rules, it is possible to effectively simulate decades of human experience in a day, opening a window into top-level play of each variant. In doing so, computer chess completes the circle, from the early days of pitting man vs. machine to a collaborative present of man with machine, where AI can empower players to explore what chess is and what it could become….

The combination of human curiosity and a powerful reinforcement learning system allowed us to reimagine what chess would have looked like if history had taken a slightly different course. When the statistical properties of top-level AlphaZero games are compared to classical chess, a number of more decisive variants appear, without impacting the diversity of plausible options available to a player….
Taken together, the statistical properties and aesthetics provide evidence that some variants would lead to games that are at least as engaging as classical chess.

“Chess’s role in artificial intelligence research is far from over…” their article concludes, arguing that AI “can provide the evidence to take reimagining to reality.”

Read more of this story at Slashdot.

Not Just the IRS – 20 US Agencies Are Already Set Up For Selfie IDs

America’s Internal Revenue Service created an uproar with early plans to require live-video-feed selfies to verify identities for online tax services (via an outside company called ID.me).

But Wired points out that more than 20 U.S. federal agencies are already using a digital identification system (named Login.gov and built on services from LexisNexis) that “can use selfies for account verification.”

It’s run by America’s General Services Administration, or GSA….
The GSA’s director of technology transformation services Dave Zvenyach says facial recognition is being tested for fairness and accessibility and not yet used when people access government services through Login.gov. The GSA’s administrator said last year that 30 million citizens have Login.gov accounts and that it expects the number to grow significantly as more agencies adopt the system.

“ID.me is supplying something many governments ask for and require companies to do,” says Elizabeth Goodman, who previously worked on Login.gov and is now senior director of design at federal contractor A1M Solutions. Countries including the UK, New Zealand, and Denmark use similar processes to ID.me’s to establish digital identities used to access government services. Many international security standards are broadly in line with those of the U.S., written by the National Institute of Standards and Technology (NIST).

Goodman says that such programs need to provide offline options such as visiting a post office for people unable or unwilling to use phone apps or internet services….

In fact, Wired argues that in many cases, a selfie or biometric data is virtually required by U.S. federal security guidelines from 2017:

NIST’s 2017 standard says that access to systems that can leak sensitive data or harm public programs should require verifying a person’s identity by comparing them to a photo — either remotely or in person — or using biometrics such as a fingerprint scanner. It says that a remote check can be done either by video with a trained agent, or using software that checks for an ID’s authenticity and the “liveness” of a person’s photo or video…. California’s Employment Development Department said that ID.me blocked more than 350,000 fraudulent claims in the last three months of 2020. But the state auditor said an estimated 20 percent of legitimate claimants were unable to verify their identities with ID.me.

Caitlin Seeley George, director of campaigns and operations with nonprofit Fight for the Future, says ID.me uses the specter of fraud to sell technology that locks out vulnerable people and creates a stockpile of highly sensitive data that itself will be targeted by criminals. …

Read more of this story at Slashdot.

Secrets of ‘Space Invaders’ — and One Very Tiny Homegrown Cabinet

IEEE Spectrum has republished an article from nearly 40 years ago remembering one of the long-forgotten secrets of the classic video game Space Invaders.

It’s about that iconic descending musical notes accompanying the onslaught of the aliens…

The more aliens a player shot, the faster they approached; their drumbeat quickened, the tension mounted. Ironically, says Bill Adams, director of game development for Midway Manufacturing Co., of Chicago, Ill., which licensed Space Invaders for sale in the United States, these features of the game were accidental. “The speeding up of the space invaders was just a function of the way the machine worked,” he explained. “The hardware had a limitation — it could only move 24 objects efficiently. Once some of the invaders got shot, the hardware did not have as many objects to move, and the remaining invaders sped up. And the designer happened to put out a sound whenever the invaders moved, so when they sped up, so did the tone.”

Accident or not, the game worked. As of mid-1981, according to Steve Bloom, author of the book Video Invaders, more than 4 billion quarters had been dropped into Space Invaders games around the world — “which roughly adds up to one game per earthling.”

But Space Invaders also enjoyed at least one special home-grown revival earlier this month. Hobbyist Nu Iotachi used an Arduino Pro Micro board to build their own Space Invaders arcade cabinet that’s just 3.15 inches tall (80 millimeters).

Made from thin hand cut plywood with pinhead joysticks, “Its Microchip ATmega328 microcontroller contains a processor running at 16MHz,” reports the project’s site Hackster.io, “which is far faster than the processor in the original Space Invaders arcade cabinet.”

Read more of this story at Slashdot.

More Than 80% of NFTs Created For Free On OpenSea Are Fraud Or Spam, Company Say

An anonymous reader quotes a report from Motherboard: OpenSea has revealed just how much of the NFT activity on its platform is defined by fakery and theft, and it’s a lot. In fact, according to the company, nearly all of the NFTs created for free on its platform are either spam or plagiarized. The revelation began with some drama. On Thursday, popular NFT marketplace OpenSea announced that it would limit how many times a user could create (or “mint”) an NFT for free on the platform using its tools to 50. So-called “lazy minting” on the site lets users skip paying a blockchain gas fee when they create an NFT on OpenSea (with the buyer eventually paying the fee at the time of sale), so it’s a popular option especially for people who don’t have deep pockets to jumpstart their digital art empire.

This decision set off a firestorm, with some projects complaining that this was an out-of-the-blue roadblock for them as they still needed to mint NFTs but suddenly couldn’t. Shortly after, OpenSea reversed course and announced that it would remove the limit, as well as provided some reasoning for the limit in the first place: The free minting tool is being used almost exclusively for the purposes of fraud or spam. “Every decision we make, we make with our creators in mind. We originally built our shared storefront contract to make it easy for creators to onboard into the space,” OpenSea said in a tweet thread. “However, we’ve recently seen misuse of this feature increase exponentially. Over 80% of the items created with this tool were plagiarized works, fake collections, and spam.”

Read more of this story at Slashdot.

DeFi Platform Qubit Finance Begs Hacker To Return $80 Million In Stolen Funds

Qubit Finance took to Twitter last night to beg hackers to return more than $80 million in stolen cryptocurrency this week. ZDNet reports: On Thursday, the DeFi platform said their protocol was exploited by a hacker who eventually stole 206,809 binance coins from Qubit’s QBridge protocol, worth more than $80 million according to PeckShield. An hour after the first message, the company explained that they were tracking the exploiter and monitoring the stolen cryptocurrency. They noted that they contacted the hacker and offered them the maximum bug bounty in exchange for a return of the funds, something a number of other hacked DeFi platforms have tried to middling success. They shared multiple messages on Twitter that they purportedly sent to the hacker offering a bug bounty of $250,000 and begging for a return of the stolen funds.

“We propose you negotiate directly with us before taking any further action. The exploit and loss of funds have a profound effect on thousands of real people. If the maximum bounty offer is not what you are looking for, we are open to have a conversation. Let’s figure out a situation,” the Qubit Finance Team wrote. The company later explained in a blog post that their Qubit protocol “was subject to an exploit to our QBridge deposit function.” […] Blockchain security company CertiK released a detailed explanation of how the attack occurred and has been tracking the stolen funds as the hackers move them to different accounts. “For the non-technical readers, essentially what the attacker did is take advantage of a logical error in Qubit Finance’s code that allowed them to input malicious data and withdraw tokens on Binance Smart Chain when none were deposited on Ethereum,” CertiK explained.

Read more of this story at Slashdot.