UK researchers are using Google's mobile location data collected from apps like Google Maps to help track and predict the spread of COVID-19 across Europe — - Data is anonymized and aggregated, can't track individuals — Effort is one of many to use mobile phone data to track virus
Zoom will require passwords to enter calls via Meeting ID and will turn on Waiting Rooms by default to prevent trolls from disrupting calls, starting April 5 — Zoom is making some drastic changes to prevent rampant abuse as trolls attack publicly shared video calls.
US federal law enforcement warns that invading Zoom meetings to broadcast “disruptive content” will result in fines or possible imprisonment — Hacking into a conference call seems like a fun prank — until you get arrested — Federal prosecutors are now warning pranksters …
Global online music streaming grew 32% YoY in 2019, reaching 358M total subs; Spotify led with 31% market share of paid subs, followed by Apple Music at 19% — - Spotify continues to be the market leader and recorded a 23% YoY growth in total revenue during CY 2019.
Hours after security researchers at Citizen Lab reported that some Zoom calls were routed through China, the video conferencing platform has offered an apology and a partial explanation.
To recap, Zoom has faced a barrage of headlines this week over its security policies and privacy practices, as hundreds of millions forced to work from home during the coronavirus pandemic still need to communicate with each other.
The latest findings landed earlier today when Citizen Lab researchers said that some calls made in North America were routed through China — as were the encryption keys used to secure those calls. But as was noted this week, Zoom isn’t end-to-end encrypted at all, despite the company’s earlier claims, meaning that Zoom controls the encryption keys and can therefore access the contents of its customers’ calls. Zoom said in an earlier blog post that it has “implemented robust and validated internal controls to prevent unauthorized access to any content that users share during meetings.” The same can’t be said for Chinese authorities, however, which could demand Zoom turn over any encryption keys on its servers in China to facilitate decryption of the contents of encrypted calls.
Zoom now says that during its efforts to ramp up its server capacity to accommodate the massive influx of users over the past few weeks, it “mistakenly” allowed two of its Chinese datacenters to accept calls as a backup in the event of network congestion.
From Zoom’s CEO Eric Yuan:
During normal operations, Zoom clients attempt to connect to a series of primary datacenters in or near a user’s region, and if those multiple connection attempts fail due to network congestion or other issues, clients will reach out to two secondary datacenters off of a list of several secondary datacenters as a potential backup bridge to the Zoom platform. In all instances, Zoom clients are provided with a list of datacenters appropriate to their region. This system is critical to Zoom’s trademark reliability, particularly during times of massive internet stress.”
In other words, North American calls are supposed to stay in North America, just as European calls are supposed to stay in Europe. This is what Zoom calls its datacenter “geofencing.” But when traffic spikes, the network shifts traffic to the nearest datacenter with the most available capacity.
China, however, is supposed to be an exception, largely due to privacy concerns among Western companies. But China’s own laws and regulations mandate that companies operating on the mainland must keep citizens’ data within its borders.
Zoom said in February that “rapidly added capacity” to its Chinese regions to handle demand was also put on an international whitelist of backup datacenters, which meant non-Chinese users were in some cases connected to Chinese servers when datacenters in other regions were unavailable.
Zoom said this happened in “extremely limited circumstances.” When reached, a Zoom spokesperson did not quantify the number of users affected.
Zoom said that it has now reversed that incorrect whitelisting. The company also said users on the company’s dedicated government plan were not affected by the accidental rerouting.
But some questions remain. The blog post only briefly addresses its encryption design. Citizen Lab criticized the company for “rolling its own” encryption — otherwise known as building its own encryption scheme. Experts have long rejected efforts by companies to build their own encryption, because it doesn’t undergo the same scrutiny and peer review as the decades-old encryption standards we all use today.
Zoom said in its defense that it can “do better” on its encryption scheme, which it says covers a “large range of use cases.” Zoom also said it was consulting with outside experts, but when asked a spokesperson declined to name any.
Bill Marczak, one of the Citizen Lab researchers that authored today’s report, told TechCrunch he was “cautiously optimistic” about Zoom’s response.
“The bigger issue here is that Zoom has apparently written their own scheme for encrypting and securing calls,” he said, and that “there are Zoom servers in Beijing that have access to the meeting encryption keys.”
“If you’re a well-resourced entity, obtaining a copy of the Internet traffic containing some particularly high-value encrypted Zoom call is perhaps not that hard,” said Marcak.
“The huge shift to platforms like Zoom during the COVID-19 pandemic makes platforms like Zoom attractive targets for many different types of intelligence agencies, not just China,” he said. “Fortunately, the company has (so far) hit all the right notes in responding to this new wave of scrutiny from security researchers, and have committed themselves to make improvements in their app.”
Zoom’s blog post gets points for transparency. But the company is still facing pressure from New York’s attorney general and from two class-action lawsuits. Just today, several lawmakers demanded to know what it’s doing to protect users’ privacy.
Will Zoom’s mea culpas be enough?
Facebook’s WhatsApp is in the midst of a lawsuit against Israeli mobile surveillance outfit NSO Group. But before complaining about the company’s methods, Facebook seems to have wanted to use them for its own purposes, according to testimony from NSO founder Shalev Hulio.
Last year brought news of an exploit that could be used to install one of NSO’s spyware packages, Pegasus, on devices using WhatsApp. The latter sued the former over it, saying that over a hundred human rights activists, journalists and others were targeted using the method.
Last year also saw Facebook finally shut down Onavo, the VPN app it purchased in 2013 and developed into a backdoor method of collecting all manner of data about its users — but not as much as they’d have liked, according to Hulio. In a document filed with the court yesterday he states that Facebook in 2017 asked NSO Group for help collecting data on iOS devices resistant to the usual tricks:
In October 2017, NSO was approached by two Facebook representatives who asked to purchase the right to use certain capabilities of Pegasus, the same NSO software discussed in Plaintiffs’ Complaint.
The Facebook representatives stated that Facebook was concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices. The Facebook representatives also stated that Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and were willing to pay for the ability to monitor Onavo Protect users. Facebook proposed to pay NSO a monthly fee for each Onavo Protect user.
NSO declined, as it claims to only provide its software to governments for law enforcement purposes. But there is a certain irony to Facebook wanting to employ against its users the very software it would later decry being employed against its users. (WhatsApp maintains some independence from its parent company but these events come well after the purchase by and organizational integration into Facebook.)
A Facebook representative did not dispute that representatives from the company approached NSO Group at the time, but said the testimony was an attempt to “distract from the facts” and contained “inaccurate representations about both their spyware and a discussion with people who work at Facebook.” We can presumably expect a fuller rebuttal in the company’s own filings soon.
Facebook and WhatsApp are, quite correctly, concerned that effective, secret intrusion methods like those developed and sold by NSO Group are dangerous in the wrong hands — as demonstrated by the targeting of activists and journalists, and potentially even Jeff Bezos. But however reasonable Facebook’s concerns are, the company’s status as the world’s most notorious collector and peddler of private information makes its righteous stance hard to take seriously.
The recent COVID-19 pandemic has ceased life to exist the way we know it. Most of you reading this are under lockdown. Self-isolation really is the only way to flatten the curve. The Digit editorial team too has been working out of our respective homes, and with the press closed, this is the fruit of our labour. Presented in an all new digital format right on Digit Geek.
The cover story of the month is about surviving the lockdown, the geek’s way. Life may look to have come to a standstill but this can also be a good time to brush up on some new skills. Ensure you keep the mind’s windows open and keep learning new things. Keep your kids occupied with fun activities and learn how you can help the elderlies by ensuring access to beneficial services and apps.
These are difficult times, but somethings remain like it was.
Our test center was abuzz with 5G smartphones, a comeback from Onida, and a bunch of audio gear. Meanwhile, the SKOAR! issue is about all the games you can play during lockdown, including the adrenaline pumping FPS, Doom Eternal. Now’s the best time to pick up the slack on that backlog of games you’ve been sitting on. Or just get into gaming in general. This month’s FastTrack is on becoming a command line ninja. We cover the basics, and then some more, while Digit dmystify deals with something that’s been on our minds recently. What happens when we reach the line end of the line?
We wouldn’t have left you without your dose of Digit, FastTrack, dmystify and SKOAR! in this lockdown now, would we?
Read the April issue of Digit online at https://ift.tt/2yqk7Ch. Simply head over to the site, clock on My-Account or the little human in the top-right corner. Once you are logged in, head over to https://ift.tt/2X4hkck and enjoy your April issue along with the e-DVD.
https://ift.tt/39B86XD
Jennifer Elias / CNBC : A look at Google's pressure-filled 2024 under Sundar Pichai, notching some AI wins with new Gemini models and...
