Companies are Subtly Tricking Users Online with ‘Dark Patterns’

CNN reports:

An “unsubscribe” option that’s a little too hard to find. A tiny box you click, thinking it simply takes you to the next page, but it also grants access to your data. And any number of unexpected charges that appear during checkout that weren’t made clearer earlier in the process. Countless popular websites and apps, from retailers and travel services to social media companies, make use of so-called “dark patterns,” or gently coercive design tactics that critics say are used to manipulate peoples’ digital behaviors.

The term “dark patterns” was coined by Harry Brignull, a U.K.-based user experience specialist and researcher of human-computer interactions. Brignull began noticing that when he reported to one of his clients that most test subjects felt deceived by an aspect of their website or app design, the client seemed to welcome the feedback. “That was always intriguing for me as a researcher, because normally the name of the game is to find the flaws and fix them,” Brignull told CNN Business. “Now we’re finding ‘flaws’ that the client seems to like, and want to keep.”

To put it in the parlance of Silicon Valley, he realized it was a feature, not a bug….

Brignull, for his part, said he has spent time testifying as an expert witness in some class action lawsuits related to dark patterns in the UK. “The scams don’t work when the victim knows what the scammer is trying to do,” Brignull said. “If they know what the scam is, then they’re not going to get taken in — and that’s why I’ve enjoyed so much exposing these things, and showing it to other consumers.”
The article notes that America’s Federal Trade Commission “is ramping up its enforcement in response to ‘a rising number of complaints about the financial harms caused by deceptive sign-up tactics, including unauthorized charges or ongoing billing that is impossible cancel.'”

Read more of this story at Slashdot.

1,500 Tesla Powerwall Owners Have Already Joined the New Virtual Power Plant In California

PG&E announced that more than 1,500 Tesla Powerwall owners have already decided to joined the new virtual power plant it launched in partnership with Tesla in California. Electrek reports: A virtual power plant (VPP) consists of distributed energy storage systems, like Tesla Powerwalls, used in concert to provide grid services and avoid the use of polluting and expensive peaker power plants. Last year, Tesla launched a test VPP in California, where Powerwall owners would join in voluntarily without compensation to let the VPP pull power from their battery packs when the grid needed it. Last month, Tesla and PG&E, a large electric utility company in Northern California, announced the launch of a new commercial VPP where homeowners with Powerwalls would get compensated for helping the grid with the energy in their battery packs.

PG&E has now released an update on the virtual power plant and said that more than 1,500 Tesla Powerwall owners have already joined the program: “On June 22, Tesla invited approximately 25,000 PG&E customers with Powerwalls to join the VPP and help form the world’s largest distributed battery. In the first two weeks of the new program, more than 3,000 customers have expressed interest in enrolling, with more than 1,500 customers officially in the program.” With an average of two Powerwalls per customer, the VPP most likely already has a 13 MW load capacity. PG&E says that if all eligible Powerwall owners join, the VPP would have the available megawatts equivalent to “the energy generated by a small power plant.” Tesla Powerwall owners can join through the Tesla app and receive $2 per kWh that they send back to the grid during emergency events. “Enabling Powerwall customers to support the grid and their community is a necessary and important part of accelerating the transition to sustainable energy,” said Drew Baglino, senior vice president of Powertrain and Energy Engineering at Tesla. “We seek to partner with utilities and regulators everywhere to unlock the full potential of storage to bring more renewable, resilient, and less costly electricity to everyone.”

Read more of this story at Slashdot.

Bungie Is Now Officially Part of Sony

Bungie, the developer of Destiny 2, is now officially a part of Sony. The Verge reports: The PlayStation maker had announced its intent to acquire the gaming studio in January, and now, that acquisition is complete. At the initial announcement, Sony said (pdf) the deal was worth $3.6 billion, but in an SEC filing on Friday, it said the deal was worth “approximately” $3.7 billion. Though it’s now under the Sony umbrella, Bungie will “continue to independently publish and creatively develop our games,” Bungie CEO Pete Parsons said in a blog post from the original announcement of the acquisition. And future games in development won’t be PlayStation exclusives, Bungie’s Joe Blackburn and Justin Truman said.

But Sony does plan to lean on Bungie for its “world-class expertise in multi-platform development and live game services,” which “will help us deliver on our vision of expanding PlayStation to hundreds of millions of gamers,” Sony Interactive Entertainment president and CEO Jim Ryan said in January. Sony views live service games as a critical part of PlayStation’s future, as it plans to launch more than 10 new live service games by March 2026.

Read more of this story at Slashdot.

TikTok’s Head of Cybersecurity Is Stepping Down Amid Rising Privacy Concerns

TikTok’s chief security officer is leaving the role in September amid renewed calls from members of the government to look into the social media app’s ties to China. Insider reports: A TikTok spokesperson told the Wall Street Journal that the decision to replace Roland Cloutier as Chief Security Officer is unrelated to any data-privacy concerns. TikTok, which is currently the fastest growing social media company, has often faced scrutiny for being owned by the Chinese company ByteDance. Last month, Buzzfeed News reported that US user data had been repeatedly accessed by TikTok employees in China based on leaked audio from internal company meetings. […]

CEO Shou Zi Chew sent a note to TikTok employees about Cloutier’s exit as chief security officer, writing that “part of our evolving approach has been to minimize concerns about the security of user data in the U.S., including the creation of a new department to manage U.S. user data for TikTok. This is an important investment in our data protection practices, and it also changes the scope of the Global CSO role.” Cloutier will officially step down from his role as Chief Security Officer in September and transition to an advisory role at TikTok.

Read more of this story at Slashdot.

Some Beijing Travelers Asked To Wear COVID Monitoring Bracelets

Some Beijing residents returning from domestic travel were asked by local authorities to wear COVID-19 monitoring bracelets, prompting widespread criticism on Chinese social media by users concerned about excessive government surveillance. Reuters reports: According to posts published on Wednesday evening and Thursday morning on microblogging platform Weibo, some Beijing residents returning to the capital were asked by their neighborhood committees to wear an electronic bracelet throughout the mandatory home quarantine period. Chinese cities require those arriving from parts of China where COVID cases were found to quarantine. Authorities fit doors with movement sensors to monitor their movements but until now have not widely discussed the use of electronic bracelets.

The bracelets monitor users’ temperature and upload the data onto a phone app they had to download, the posts said. “This bracelet can connect to the Internet, it can definitely record my whereabouts, it is basically the same as electronic fetters and handcuffs, I won’t wear this,” Weibo user Dahongmao wrote on Wednesday evening, declining to comment further when contacted by Reuters. This post and others that shared pictures of the bracelets were removed by Thursday afternoon, as well as a related hashtag that had garnered over 30 million views, generating an animated discussion on the platform.

A community worker at Tiantongyuan, Beijing’s northern suburb, confirmed to state-backed news outlet Eastday that the measure was in effect in the neighbourhood, though she called the practice “excessive.” A Weibo post and a video published on the official account of Eastday.com was removed by Thursday afternoon. Weibo user Dahongmao wrote on Thursday afternoon his neighbourhood committee had already collected the bracelets, telling him that “there were too many complaints.”

Read more of this story at Slashdot.

Microsoft Moves To New Windows Development Cycle

Microsoft is shifting to a new engineering schedule for Windows which will see the company return to a more traditional three-year release cycle for major versions of the Windows client, while simultaneously increasing the output of new features shipping to the current version of Windows on the market. Zac Bowden writes via Windows Central: The news comes just a year after the company announced it was moving to a yearly release cadence for new versions of Windows. According to my sources, Microsoft now intends to ship “major” versions of the Windows client every three years, with the next release currently scheduled for 2024, three years after Windows 11 shipped in 2021. This means that the originally planned 2023 client release of Windows (codenamed Sun Valley 3) has been scrapped, but that’s not the end of the story. I’m told that with the move to this new development schedule, Microsoft is also planning to increase the output of new features rolling out to users on the latest version of Windows.

Starting with Windows 11 version 22H2 (Sun Valley 2), Microsoft is kicking off a new “Moments” engineering effort which is designed to allow the company to rollout new features and experiences at key points throughout the year, outside of major OS releases. I hear the company intends to ship new features to the in-market version of Windows every few months, up to four times a year, starting in 2023. Microsoft has already tested this system with the rollout of the Taskbar weather button on Windows 11 earlier this year. That same approach will be used for these Moments, where the company will group together a handful of new features that have been in testing with Insiders and roll them out to everyone on top the latest shipping release of Windows. Many of the features that were planned for the now-scrapped Sun Valley 3 client release will ship as part of one of these Moments on top of Sun Valley 2, instead of in a dedicated new release of the Windows client in the fall of 2023.

Read more of this story at Slashdot.

Base Model MacBook Air With M2 Chip Has Slower SSD Speeds In Benchmarks

According to The Verge’s review of the new MacBook Air with the M2 chip, the $1,199 base model equipped with 256GB of storage has a single NAND chip, which will lead to slower SSD speeds in benchmark testing. MacRumors reports: The dilemma arises from the fact that Apple switched to using a single 256GB flash storage chip instead of two 128GB chips in the base models of the new MacBook Air and 13-inch MacBook Pro. Configurations equipped with 512GB of storage or more are equipped with multiple NAND chips, allowing for faster speeds in parallel. In a statement issued to The Verge, Apple said that while benchmarks of the new MacBook Air and 13-inch MacBook Pro with 256GB of storage “may show a difference” compared to previous-generation models, real-world performance is “even faster”:

“Thanks to the performance increases of M2, the new MacBook Air and the 13-inch MacBook Pro are incredibly fast, even compared to Mac laptops with the powerful M1 chip. These new systems use a new higher density NAND that delivers 256GB storage using a single chip. While benchmarks of the 256GB SSD may show a difference compared to the previous generation, the performance of these M2 based systems for real world activities are even faster.” It’s unclear if Apple’s statement refers explicitly to real-world SSD performance or overall system performance.

Read more of this story at Slashdot.

Weed Killer Glyphosate Found In Most Americans’ Urine

An anonymous reader quotes a report from U.S. News & World Report: More than 80% of Americans have a widely used herbicide lurking in their urine, a new government study suggests. The chemical, known as glyphosate, is “probably carcinogenic to humans,” the World Health Organization’s International Agency for Research on Cancer has said. Glyphosate is the active ingredient in Roundup, a well-known weed killer. The U.S. National Nutrition Examination Survey found the herbicide in 1,885 of 2,310 urine samples that were representative of the U.S. population. Nearly a third of the samples came from children ages 6 to 18.

Traces of the herbicide have previously been found in kids’ cereals, baby formula, organic beer and wine, hummus and chickpeas. In 2020, the EPA determined that the chemical was not a serious health risk and “not likely” to cause cancer in humans. However, a federal appeals court ordered the EPA to reexamine those findings last month, CBS News reported. In 2019, a second U.S. jury ruled Bayer’s Roundup weed killer was the cause of a man’s cancer. It was only the second of some 11,200 Roundup lawsuits to go to trial in the United States. Another California man was awarded $78 million (originally $289 million) in the first lawsuit alleging a glyphosate link to cancer.

A study published around the same time as those rulings found that glyphosate “destroys specialized gut bacteria in bees, leaving them more susceptible to infection and death from harmful bacteria.”

Further reading: ‘It’s a Non-Party Political Issue’: Banning the Weedkiller Glyphosate (The Guardian)

Read more of this story at Slashdot.

Lenovo Patches UEFI Code Execution Vulnerability Affecting More Than 70 Laptop Models

Lenovo has released a security advisory to inform customers that more than 70 of its laptops are affected by a UEFI/BIOS vulnerability that can lead to arbitrary code execution. SecurityWeek reports: Researchers at cybersecurity firm ESET discovered a total of three buffer overflow vulnerabilities that can allow an attacker with local privileges to affected Lenovo devices to execute arbitrary code. However, Lenovo says only one of the vulnerabilities (CVE-2022-1892) impacts all devices, while the other two impact only a handful of laptops. “The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features,” ESET explained. “These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable. An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call,” it added.

Lenovo has also informed customers about Retbleed, a new speculative execution attack impacting devices with Intel and AMD processors. The company has also issued an advisory for a couple of vulnerabilities affecting many products that use the XClarity Controller server management engine. These flaws can allow authenticated users to cause a DoS condition or make unauthorized connections to internal services.

Read more of this story at Slashdot.