Tech News

Talks of AI algorithms causing harms including addiction, radicalization. political abuse and conspiracies, disgusting kids videos and the danger of AI propaganda are all around. Last month, YouTube announced an update regarding YouTube recommendations aiming to reduce the recommendations of videos that promote misinformation ( eg: conspiracy videos, false claims about historical events, flat earth videos, etc). In a historical move, Youtube changed its Artificial Intelligence algorithm instead of favoring another solution, which may have cost them fewer resources, time, and money. Last Friday, an ex-googler who helped build the YouTube algorithm, Guillaume Chaslot, appreciated this change in AI, calling it “a great victory” which will help thousands of viewers from falling down the rabbit hole of misinformation and false conspiracy theories. In a twitter thread, he presented his views as someone who has had experience working on Youtube’s AI. Recently, there has been a trend in Youtube promoting conspiracy videos such as ‘Flat Earth theories’. In a blog post, Guillaume Chaslot explains, “Flat Earth is not a ’small bug’. It reveals that there is a structural problem in Google’s AIs and they exploit weaknesses of the most vulnerable people, to make them believe the darnedest things.” Youtube realized this problem and has made amends to its algorithm. “It’s just another step in an ongoing process, but it reflects our commitment and sense of responsibility to improve the recommendations experience on YouTube. To be clear, this will only affect recommendations of what videos to watch, not whether a video is available on YouTube. As always, people can still access all videos that comply with our Community Guidelines”, states the YouTube team in a blog post. Chaslot appreciated this fact in his twitter thread saying that although Youtube had the option to ‘make people spend more time on round earth videos’, they chose the hard way by tweaking their AI algorithm. AI algorithms also often get biased by tiny groups of hyperactive users. As Chaslot notes, people who spend their lives on YouTube affect recommendations more. The content they watch gets more views, which leads to Youtubers noticing and creating more of it, making people spend even more time on that content. This is because YouTube optimizes for things you might watch, not things you might like. As a hacker news user observed, “The problem was that pathological/excessive users were overly skewing the recommendations algorithms. These users tend to watch things that might be unhealthy in various ways, which then tend to get over-promoted and lead to the creation of more content in that vein. Not a good cycle to encourage.” The new change in Youtube’s AI makes use of machine learning along with human evaluators and experts from all over the United States to train these machine learning systems responsible for generating recommendations. Evaluators are trained using public guidelines and offer their input on the quality of a video. Currently, the change is applied only to a small set of videos in the US as the machine learning systems are not very accurate currently. The new update will roll out in different countries once the systems become more efficient. However, there is another problem lurking around which is probably even bigger than conspiracy videos. This is the addiction to spending more and more time online. AI engines used in major social platforms, including but not limited to YouTube, Netflix, Facebook all want people to spend as much time as possible. A hacker news user commented, “This is just addiction peddling. Nothing more. I think we have no idea how much damage this is doing to us. It’s as if someone invented cocaine for the first time and we have no social norms or legal framework to confront it.” Nevertheless, Youtube updating it’s AI engine was taken generally positively by Netizens. As Chaslot, concluded on his Twitter thread, “YouTube's announcement is a great victory which will save thousands. It's only the beginning of a more humane technology. Technology that empowers all of us, instead of deceiving the most vulnerable.” Now it is on Youtube’s part how they will strike a balance between maintaining a platform for free speech and living up to their responsibility to users. Is the YouTube algorithm’s promoting of #AlternativeFacts like Flat Earth having a real-world impact? YouTube to reduce recommendations of ‘conspiracy theory’ videos that misinform users in the US. YouTube bans dangerous pranks and challenges Is YouTube’s AI Algorithm evil?

The European Commission's proposal to revise the Copyright Directive also called as “copyright reform”, saw some success when last week majority of the EU member states agreed to have further negotiations to reach an agreement on the finalized version. The plenary sessions are scheduled to start from 11th Feb. After all these negotiations, the law is most likely to be passed in March or April this year. Last month, the negotiations were stopped because some of the countries were not able to agree on whether small companies should also be subject to these rules. Andrus Ansip, EU digital chief believes that this week’s talk could reach to a decision. He tweeted: https://twitter.com/Ansip_EU/status/1093985175179010048 What is this copyright reform about? Back in 2016, the European Commission proposed a legislative to revamp the EU copyright rules based on the current internet scenario. This legislative package by EC included a new directive on Copyright in the Digital Single Market. Under this directive, there are two articles which have seen great criticism from European and American parties for introducing compulsory “copyright filters”: Article 11 and Article 13. Article 11, also known as the “link tax”, allows article and news publishers to license their work and be paid for the online distribution of their work by news aggregators. This article, according to EC, aims to protect press publications and reduce the value gap between the profits made by the internet platforms and the actual content creators. Article 13 requires content sharing platforms such as YouTube to take appropriate measures for checking the content uploaded on their platforms to prevent any unauthorized publishing of copyrighted content. How the public is reacting to copyright reform? Majority of the public think that imposing copyright filters and licenses will simply not work in helping the content creators, and rather result in a major loss for them. In the past, we have seen several examples backing this statement. When Belgium news publishers demanded money from Google, it unreferenced their content. The newspaper has to give up because they ended up losing a lot of traffic. One of the Hacker News users, explaining the consequences of this copyright reform, said, “Search engines could just wipe any publisher that insists on being paid from the results. When publishers realize people no longer find their physical newspaper subscription site, I think they would soon reconsider supporting this legislation.” In November last year, The Guardian reported that Google may shut down Google News in Europe if the “link tax” is implemented. The vice president of Google News, Richard Gingras said that when in 2014 the Spanish government tried to charge a link tax on Google, the company responded by shutting down Google News in the country. It also removed Spanish newspapers from the service internationally. Going by the current description of Article 11, it will limit news aggregators from showing snippets of articles, which means before clicking on the news readers will only see URLs, very short fragments of headlines, but no preview images. Google checked whether this will have any impact on the traffic and found out that this could surely result in a “substantial traffic loss to news publishers.” Sharing the result of the experiment, Kent Walker, Google‘s SVP of Global Affairs, said, “Even a moderate version of the experiment (where we showed the publication title, URL, and video thumbnails) led to a 45 percent reduction in traffic to news publishers. Our experiment demonstrated that many users turned instead to non-news sites, social media platforms, and online video sites — another unintended consequence of legislation that aims to support high-quality journalism.” The critics of Article 13 think that employing different measures to check the upload of copyrighted content will create an extra burden for small platforms and could eventually lead to creating “censorship machines”. This essentially means that these platforms will be held accountable in case of any copyright infringement in the content shared by its users. Read the full story at The Reuters. Google hints shutting down Google News over EU’s implementation of Article 11 or the “link tax” German OpenStreetMap protest against “Article 13” EU copyright reform making their map unusable YouTube’s CBO speaks out against Article 13 of EU’s controversial copyright law

At FOSDEM 2019, Java language architect Brian Goetz talks about the future of Java in the next few years. Let’s take a look at the highlights of his talk. Java has been around more than 20 years and has been declared dead by critics numerous times. They have kept the language alive by staying relevant to problems and hardware. The faster release cycle allows the Java team to work on good small features. It also helps laying the groundwork for future releases. Preview features help in risk reduction by gathering feedback. There are various projects in the works that will allow Java to adapt to higher expectations of the developers, bring value types, generic specialization, and better interoperability with native code. Switch and pattern matching He goes over the new switch statements in Java 12 with an example. The new expression switch simplifies the code a lot, by allowing not just lesser typing but also makes the code less error prone. Switch expressions is a part of a larger concept called pattern matching. It combines a test, a conditional extraction and a binding into one operation. The code looks cleaner with pattern matching as it eliminates redundant boilerplate. Project Valhalla The goal of this project is to reboot the way JVM lays out data in memory. The hardware has changed drastically in the last three decades. The cost of memory fetch versus arithmetic has increased hundreds of times. Memory efficiency is lost in between this increased cost. Alternatives like stuffing data into arrays under a single header makes the code worse. This project introduces value types that ‘codes like a class, works like an int’. Project Valhalla has been running for the past 5 years and has different phases. The current prototype is called LW1 and has the VM underpinnings validated. The next prototype called LW2 out next year should be good for experimentation. Project metropolis is also in the early stages. It's about replacing the C2 compiler with the Graal compiler. The Java team is working on a lot of features across various categories such as language productivity features, fundamental VM performance features, native interop, concurrency models etc,. They are starting to be better formed now after years of work through various projects. The bi-yearly releases help test more features than before and the limited LTS releases would help the core developers to work with better focus. Project Valhalla seems promising and could possible make Java much more memory efficient. To see code demo and explanation with QnA, you can watch the talk. 7 things Java programmers need to watch for in 2019 Netflix adopts Spring Boot as its core Java framework IntelliJ IDEA 2018.3 is out with support for Java 12, accessibility improvements, GitHub pull requests, and more

Tensions over Amazon’s HQ2 deal have been on a rise in New York ever since Amazon decided to bring 25,000 jobs to a new campus in New York City. Why? Because according to The Guardian: “Amazon is bad. It is monopolistic. It works its blue-collar and white-collar employees to the bone, prompting frequent exposés of its awful working conditions. New York City is a union town; Amazon is an anti-union company. Its owner should have his immoral hoard of wealth forcibly expropriated by the state before his power grows so great that all of society is warped by it. Jeff Bezos’s money should immediately be put to use helping the public; instead, he cackles from inside his cartoonishly large mansion as cities and states desperately compete to shower his company with the maximum amount of public subsidies, in order to secure a glorified satellite office.” Last week, after the Washington Post’s article revealed that Amazon could possibly back out of this deal due to political factors, tensions have surfaced among the political masses in New York. However, two people with direct knowledge of the matter acknowledged that the post had “gone too far and Amazon had no plans to back out”. New York Times reports that  Gov. Andrew M. Cuomo says, that the project’s political opponents were being unreasonable by not supporting the deal and that the situation is “absurd”. Increasing the pressure on political opponents to accept the idea, the governor has warned that if Amazon did pull out of the deal, the political opponents will face the wrath of voters as tens of thousands of jobs would be at stake. Cuomo said at a news conference on Long Island, "For the state Senate to oppose Amazon was governmental malpractice, And if they stop Amazon from coming to New York, they're going to have the people of New York state to explain it to. It is irresponsible to allow political opposition to overcome sound government policy." New York Times reports that according to two people familiar with the deal, Amazon executives have grown increasingly frustrated that the company has not received a positive response in New York as it has received in Virginia and Nashville. Amazon is also riled up because of the selection of an Amazon opponent to a state board with the potential power to make or break the deal. Brad Lander, NYC council member posted his views about Amazon in a thread on Twitter. He called their alleged decision to back out as ‘threats’ and has stated in very plain words that Amazon doesn't play by NYC’s rules, pay their taxes in full, are not good neighbors, and do not play their part in our democracy. He calls out their business model as “evading taxes from the start”. He further says that “They want to hold all the cards & make all the rules… and destroy democracy”. His thread gives sufficient examples to support his claim against Amazon. Taking a stab at the Governor, he says that “It is not surprising Cuomo is happy to subordinate our democracy to their corporate power and would take part in Amazon’s efforts to bully opponents into silence.” Citizens have depicted contradictory views on these statements- some in support of Amazon’s deal and some against it. https://twitter.com/PhilipSundstro3/status/1094455450882445312 https://twitter.com/WillieMitts/status/1094457824292290560 It would be interesting to see the outcome of this public and political backlash on Amazon’s deal in NYC. You can head over to CNBC for more insights on this news. Amazon admits that facial recognition technology needs to be regulated As anti-trust for big tech gains tractions in EU and US, India tightens the noose on e-commerce rules: Amazon can either be a marketplace or a seller, not both Biometric Information Privacy Act: It is now illegal for Amazon, Facebook or Apple to collect your biometric data without consent in Illinois

Last month, the state of Illinois passed a Biometric privacy bill where a person can claim damages when their fingerprint is used without consent. Now, Cisco and Microsoft propose ideas for biometric privacy. The Cisco proposal states: ‘Ensure interoperability between different privacy protection regimes.’ This could threaten GDPR. ‘Avoid fracturing of legal obligations for data privacy through a uniform federal law that aligns with the emerging global consensus.’ This means gelling multiple levels of law systems, like state national into one, so a violation would go through only one level of a lawsuit. ‘Reassure customers that enforcement of privacy rights will be robust without costly and unnecessary litigation.’ Litigation is expensive, for individuals and more so for corporates, this can make it less expensive for the corporations. Microsoft is lobbying for a federal bill on facial recognition in Washington, according to a Bloomberg report. Bradd Smith, President at Microsoft, told Bloomberg: “Opening up the software for third-party testing is one of the key parts of the bill”. If the Washington bill is passed, it will affect companies like Amazon, Microsoft and any other companies that use personal data with a consumer base above 100,000. Meanwhile, Amazon has not made any comments on the bill as it’s still being modified. Cisco and Microsoft supporting federal privacy bills would sound like good news, but it’s not. If a new federal privacy bill is supported by a company, it would be designed to provide leeway to the company on how the rules regarding data collection and usage are set. According to a New York Times report from August last year, “In recent months, Facebook, Google, IBM, Microsoft and others have aggressively lobbied officials in the Trump administration and elsewhere to start outlining a federal privacy law, according to administration officials and the companies. The law would have a dual purpose, they said: It would overrule the California law and instead put into place a kinder set of rules that would give the companies wide leeway over how personal digital information was handled.” The Illinois Biometric Information Privacy Act is a good way forward for the consumers and should set an example of respecting user privacy. This may seem too strict but maybe that’s what is needed at this point. Biometric Information Privacy Act: It is now illegal for Amazon, Facebook or Apple to collect your biometric data without consent in Illinois ACLU files lawsuit against 11 federal criminal and immigration enforcement agencies for disclosure of information on government hacking The district of Columbia files a lawsuit against Facebook for the Cambridge Analytica scandal

David Wong, Security Consultant, at NCC Group, a global expert in cyber security and risk mitigation, revealed details about the new cryptographic attack, last week, that can break the encrypted TLS traffic. Wong collaborated with other security researchers and found out that out of the nine different TLS implementations against cache attacks, seven were found to be vulnerable, namely, OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS. TLS or Transport Layer Security refers to a cryptographic protocol that offers end-to-end communications security over networks. It is widely used for internet communications and online transactions. TLS (except TLS 1.3) makes use of RSA as a key exchange algorithm, which determines how the client and server will authenticate during the handshake to negotiate a shared secret. The client encrypts a shared secret under the server's RSA public key, the server then receives it and decrypts it. The latest attack isn’t entirely new; it is simply another variation of the original Bleichenbacher oracle attack that was able to decrypt an RSA encrypted message using the Public-Key Cryptography Standards (PKCS) #1 function. This new attack uses a side-channel leak via cache access timings of TLS implementations to break these RSA key exchanges of TLS implementations. It affects all versions of TLS (including TLS 1.3) as well as QUIC and makes use of the state-of-the-art cache attack techniques such as Flush+Reload, Prime+Probe, Branch-Prediction, etc. Attacking TLS 1.3 and downgrading to TLS 1.2 Since TLS 1.3 does not offer an RSA key exchange, researchers started with downgrading to an older version of TLS (TLS 1.2) for the exploitation of the attack. To downgrade a client’s connection attempt, a spoofed TLS 1.2 handshake technique is used. The server’s RSA certificate was presented in a ServerCertificate message and then the handshake was put to an end with a ‘ServerHelloDone’ message. However, if at this point, the server does not have a trusted certificate that allows RSA key exchanges or the client refuses to support RSA key exchanges or older versions than TLS 1.2, the attack halts. Otherwise, the client will make use of the RSA public key contained in the certificate to encrypt the TLS premaster secret. It will then send it in a ClientKeyExchange message and ends its part of the handshake using a ChangeCipherSpec and a Finished message. It is at this time, the attack is performed to decrypt the RSA encrypted premaster secret. The last Finished message being sent should contain an authentication tag (with HMAC) of the whole transcript and should be encrypted with the transport keys derived from the premaster secret.                                                    NCC Group Now, even if some clients might have zero handshake timeouts, most serious applications such as browsers can give up on the connection attempt if the response takes too much time to arrive. So, there are several techniques that can slow down the handshake such as sending the ChangeCipherSpec message to reset the client’s timer and sending TLS warning alerts to reset the handshake timer. After the decryption attack terminates, the expected Finished message is sent to the client and a handshake is finalized. This downgrade attack is able to bypass multiple downgrade mitigations, namely, one server-side and two client-side. TLS 1.3 servers that negotiate older versions of TLS must also advertise this information to their peers. TLS 1.3 clients that negotiate an older version of TLS must check for these values and abort the handshake if found. On the other hand, a TLS 1.3 client that goes back to an older version of TLS must advertise this information in their subsequent client hellos. Furthermore, a client should also include the version used by the client hello inside the encrypted premaster secret. “As it stands, RSA is the only known downgrade attack on TLS 1.3, which we are the first to successfully exploit in this research”, states Wong. The researchers also state that it is time for RSA PKCS#1 v1.5 to be deprecated and replaced by more modern schemes like OAEP (Optimal asymmetric encryption padding) and ECEIS (Elliptic Curve Integrated Encryption Scheme) for asymmetric encryption or Elliptic Curve Diffie-Hellman in case of key exchanges. For more information, check out the official NCC Group blog. Zimperium zLabs discloses a new critical vulnerability in multiple high-privileged Android services to Google A kernel vulnerability in Apple devices gives access to remote code execution FreeRTOS affected by 13 vulnerabilities in its TCP/IP stack

AT&T, T-Mobile, and Sprint sold their customers’ real-time location data to a bounty hunter, as reported by Motherboard in January. As per the reports, Motherboard was even able to purchase the real-time location of a T-Mobile phone from a bounty hunter source on the black market for $300. Telecom companies responded that this abuse was a fringe case. However, in reality, around 250 bounty hunters and related businesses had access to AT&T, T-Mobile, and Sprint customer location data. As per the documents by CerCareOne, a location data seller that operated until 2017, one of the bail bond firms was using the phone location service more than 18,000 times, and others were using it thousands or tens of thousands of times. These documents include the list of companies that had access to the data and also the phone numbers that were pinged by those companies. According to the documents, the location requests stretch from 2012 up to 2017, with some of the phones being located multiple times over minutes, hours, and days. CerCareOne sold cell phone tower data and also highly sensitive and accurate GPS data to bounty hunters. This data was so precise that users could easily locate someone’s location inside a building. CerCareOne operated in secrecy for almost 5 years by making its customers agree to “keep the existence of CerCareOne.com confidential,” according to terms of use document obtained by Motherboard. The company allowed bounty hunters, bail bondsmen, and bail agents to find the real-time location of mobile phones and it would sometimes charge up to $1,100 per phone location. Oregon Senator Ron Wyden said in an emailed statement after presented with Motherboard’s findings, “This scandal keeps getting worse. Carriers assured customers location tracking abuses were isolated incidents. Now it appears that hundreds of people could track our phones, and they were doing it for years before anyone at the wireless companies took action. That’s more than an oversight hat’s flagrant, willful disregard for the safety and security of Americans.” In an email to Motherboard, Eva Galperin, director of cybersecurity at campaign group the Electronic Frontier Foundation said, “The scale of this abuse is outrageous.” The target phones received no text message warning that they were being tracked. Previously telecom companies and location aggregators have told Motherboard that they require clients to obtain consent from people they wish to track. A Sprint spokesperson wrote in an email, “We contractually require location aggregators to obtain prior written consent from Sprint 60 days before the use of any sub-aggregator, and we received no such request related to CerCareOne,” 15 senators called on the FCC and Federal Trade Commission for investigating as to how consumers location data ended up in the hands of bounty hunters. An FCC spokesperson told Motherboard in an email, “We are investigating carriers’ handling of location information, and we can’t comment on what facts we have uncovered in the middle of an active investigation.” Senator Mark Warner, presented with Motherboard’s new findings, said in a statement that “we have a systemic problem across the digital economy, where consumers remain totally in the dark about how their data is collected, sold or shared, and commercialized.” To know more, check out Motherboard’s post. Internal memo reveals NASA suffered a data breach compromising employees social security numbers U.S. Senator introduces a bill that levies jail time and hefty fines for companies violating data breaches Former Senior VP’s take on the Mariott data breach; NYT reports suspects Chinese hacking ties

Last week, the team at ParaSail, released a new version of the parallel programming language, ParaSail 8.0 (ParaSail stands for Parallel Specification and Implementation Language). This programming language is designed for supporting the development of inherently safe and parallel applications that can be mapped to multicore, heterogeneous, or distributed architectures. It provides support for both implicit and explicit parallelism. All the ParaSail expressions are defined to have parallel evaluation semantics. What’s new in ParaSail 8.0 Debugger This release comes with an interactive debugger that is automatically invoked when the interpreter encounters a precondition, assertion, or postcondition that fails at run-time.  This release comes with fully analyzed pre- and postconditions that are checked at run-time. ParaSail LLVM-based Compiler This release comes with a translator that translates PSVM (ParaSail virtual machine) instructions to LLVM (Low-Level Virtual Machine) instructions, and from there to object code. Language design principles According to the new design principles, the language should be easy to read. The readability should be emphasized over symbols and should be similar to existing languages, mathematics, or logic. As the programs are usually scanned backward, so ending indicators should be as informative as starting indicators for composite constructs. For example, “end loop” or “end class Stack” rather than simply “end” or “}”. Parallelism should be built into the language so that resulting programs can easily take advantage of as many cores as are available on the host computer. Features that are error-prone or that can complicate the testing or proof process should be eliminated. Language-defined types and user-defined types should use the same syntax and have the same capabilities. All the modules should be generic templates or equivalent. The language should be safe and the compiler should detect all potential race conditions as well as all potential runtime errors. Enhanced ParaSail syntax In this release, the back-quote character followed by a parenthesized expression may now appear within a string literal. Also, the value of the expression is interpolated into the middle of the string, in place of the back-quoted expression. Reserved words A list of words is now reserved in ParaSail. Few words from this list are, abs, abstract, all, and, block, case, class, concurrent, const, continue, each, else, elsif, end, exit, extends. Object reference Now a reference to an existing object can be declared using the following syntax: object_reference_declaration ::= ’ref’ [ var_or_const ] identifier [’:’ type_specifier ] ’=>’ object_name ’;’ Deprecations ParaSail has removed a few of the features for ensuring safe parallelism: The global variables have been removed so that operations may only access variables passed as parameters. The parameter aliasing has been eliminated so that two parameters passed to the same operation don’t refer to the same object if one of the parameters is updatable within the operation. Pointers have been removed so that optional and expandable objects and generalized indexing can provide an approach that allows safe parallelization. Run-time exception handling has been eliminated so that it is possible for strong compile-time checking of preconditions and establish support for parallel event-handling. The global garbage-collected heap has been removed so that  automatic storage management is provided. Explicit threads, lock/unlock, or signal/wait has been eliminated so that parallel activities are identified automatically by the compiler. Many users are not much happy with this news. Some  are unhappy with the CSS and are asking the team to fix it. One of the comments on HackerNews reads, “Please fix the CSS: I have to scroll horizontally every single line. I stopped at the first one. Tested with Firefox and Chrome on Android. Firefox reader mode doesn't work on that site.” Another user commented, “I was able to read it on my Android device in Chrome by using landscape mode. Until I scrolled down a little. Then a huge static navigation popup appeared taking up 40% of the screen!” Few others think that Fortran is better than ParaSail as it lets developers to name the loops. Some others are excited about pre/post conditions. One of the users commented, “Having built in pre/post conditions is pretty nice.” Read more about this news on ParaSail’s official website. Racket 7.2, a descendent of Scheme and Lisp, is now out! Typescript 3.3 is finally released! Announcing Julia v1.1 with better exception handling and other improvements

Online privacy abuse, these days, is under a check with different legislation passed for user data safety. Last week, Democratic Senator, Ron Wyden introduced a new bill that would allow Federal Trade Commission the authority to establish privacy and cybersecurity standards. Additionally, the bill levies a jail time, and a billion dollar fine on the biggest tech companies if their companies steal and sell user data, or allow a massive data breach to occur at their company. Read Also: A brief list of drafts bills in US legislation for protecting consumer data privacy In an interview with The Oregonian/OregonLive, Wyden said, “The point is the Federal Trade Commission on privacy issues thus far has basically been toothless. I am trying to recreate this agency for the digital era.” Provisions provided by the bill A ‘Do Not Track’ option The bill would establish a ‘do not track’ option for people using online services. In lieu of allowing their search history, social media favorites and online activity to be sold to advertisers, people could opt to pay an unspecified fee to preserve their privacy. An annual report to be submitted by big companies The bill would allow the FTC to establish privacy and cybersecurity standards and require big companies to report annually on their privacy practices. Penalty if false information is submitted Penalize large companies that submit false information in their annual privacy report. Penalties could amount to 4 percent of annual revenue – a number that could run in the billions of dollars for the biggest social media companies. Executives could face jail time up to 20 years. Assessment of algorithms The bill stated that big companies would be required to provide assess their algorithms for accuracy, fairness, bias, and discrimination. According to The Oregonian/OregonLive, Wyden “introduced the bill last fall and it has made little headway in the intervening months. But he’s hoping persistent consumer outrage about privacy violations could give it additional traction, coupled with support from within the tech industry itself.” “What we are essentially advocating is what the big financial services firms have to do under Sarbanes-Oxley,” Wyden said. David Hoffman, Intel’s associate general counsel and global privacy officer, said, “The bill is a tremendous step towards effective comprehensive U.S. privacy legislation. Providing more authority and resources to the US Federal Trade Commission is a critical foundation for robust privacy protection.” Ring of Fire’s Farron Cousins explains why this bill is necessary, in their YouTube video. https://www.youtube.com/watch?v=WhB7_4sxff8 Lawmakers introduce new Consumer privacy bill and Malicious Deep Fake Prohibition Act to support consumer privacy and battle deepfakes The Collections #2-5 leak of 2.2 billion email addresses might have your information, German news site, Heise reports Australia’s Assistance and Access (A&A) bill, popularly known as the anti-encryption law, opposed by many including the tech community

Brave, the open source privacy- focussed browser, has allegedly introduced a ‘backdoor’ to remotely inject headers in HTTP requests that may track users, say users on HackerNews. Users on Twitter and HackerNews have expressed their concerns over the new update on custom HTTP headers added by the Brave team: https://twitter.com/WithinRafael/status/1094712882867011585 Source: HackerNews A user on Reddit has explained this move as “not tracking anything, they just send the word "Brave" to the website whenever you visit certain partners of theirs. So for instance visiting coinbase.com sends an "X-Brave-Partner" custom header to coinbase.com.” Brendan Eich, from the Brave team, has replied back to this allegation saying that the ‘Update is not a "backdoor" in any event and is a custom header instead.’  He says the update is about custom HTTP headers that Brave sends to its partners, with fixed header values. There is no tracking hazard in the new update. He further stresses on the fact that Brave blocks 3rd party cookies and storage and 3rd party fingerprinting along with HSTS supercookies; thus assuring users on preserving their privacy. “I find it silly to assume we will "heel turn" so obviously and track our users. C'mon! We defined our model so we can't cheat without losing lead users who would see through it. That requires seeing clearly things like the difference between tracking and script blocking or custom header sending, though.” Users have also posted on Hacker News that the Brave browser Tracking Protection feature does not block tracking scripts from hostnames associated with Facebook and Twitter. The tracking_protection_service.h file contains a comment informing that a tracking protection white_list variable was created as a "Temporary hack which matches both browser-laptop and Android code". Bleepingcomputer also reports that this whitelist variable is associated with code in the tracking_protection_service.cc file that adds various Facebook and Twitter hostnames to the whitelist variable so that they are not blocked by Brave's Tracking Protection feature. In response to this comment, Brave says that the issue that was opened on September 8th, 2018 and developers decided to whitelist tracking scripts from Facebook and Twitter because blocking them would “affect the functionality of many sites” including Facebook logins. You can head over to Brendan’s Reddit thread for more insights on this update. Brave introduces Brave Ads that share 70% revenue with users for viewing ads Chromium-based Brave browser shows 22% faster page load time than its Muon-based counterpart Otter Browser’s first stable release, v1.0.01 is out

Serverless applications began gaining popularity when Amazon launched AWS Lambda back in the year 2014. Since then, we are becoming more familiar with Serverless Computing as it is exponentially growing in use and reference among the vendors who are entering the markets with their own solutions. The reason behind the hype of serverless computing is it requires no infrastructure management which is a modern approach for the enterprise to lessen up the workload. What is Serverless Computing? It is a special kind of software architecture which executes the application logic in an environment without visible processes, operating systems, servers, and virtual machines. Serverless Computing is also responsible for provisioning and managing the infrastructure entirely by the service provider. Serverless defines a cloud service that abstracts the details of the cloud-based processor from its user; this does not mean servers are no longer needed, but they are not user-specified or controlled. Serverless computing refers to serverless architecture which relates to the applications that depend on a third-party service (BaaS) and container (FaaS). Image Source: Tatvasoft The top serverless computing providers like Amazon, Microsoft, Google and IBM provide serverless computing like FaaS to companies like NetFlix, Coca-cola, Codepen and many more. FaaS Function as a Service is a mode of cloud computing architecture where developers write business logic functions or java development code which are executed by the cloud providers. In this, the developers can upload loads of functionality into the cloud that can be independently executed. The cloud service provider manages everything from execution to scaling it automatically. Key components of FaaS: Events - Something that triggers the execution of the function is regarded as an event. For instance: Uploading a file or publishing a message. Functions - It is regarded as an independent unit of deployment. For instance: Processing a file or performing a scheduled task. Resources - Components used by the function is defined as resources. For instance: File system services or database services. BaaS Backend as a Service allows developers to write and maintain only the frontend of the application and enable them by using the backend service without building and maintaining them. The BaaS service providers offer in-built pre-written software activities like user authentication, database management, remote updating, cloud storage and much more. The developers do not have to manage servers or virtual machines to keep their applications running which helps them to build and launch applications more quickly. Image courtesy - Gallantra Use-Cases of Serverless Computing Batch jobs scheduled tasks: Schedules the jobs that require intense parallel computation, IO or network access. Business logic: The orchestration of microservice workloads that execute a series of steps for applying your ideas. Chatbots: Helps to scale at peak demand times automatically. Continuous Integration pipeline: It has the ability to remove the need for pre-provisioned hosts. Captures Database change: Auditing or ensuring modifications in order to meet quality standards. HTTP REST APIs and Web apps: Sends traditional request and gives a response to the workloads. Mobile Backends: Can build on the REST API backend workload above the BaaS APIs. Multimedia processing: To execute a transformational process in response to a file upload by implementing the functions. IoT sensor input messages: Receives signals and scale in response. Stream processing at scale: To process data within a potentially infinite stream of messages. Should you use Serverless Computing? Merits Fully managed services - you do not have to worry about the execution process. Supports event triggered approach - sets the priorities as per the requirements. Offers Scalability - automatically handles load balancing. Only pay for Execution time - you need to pay just for what you used. Quick development and deployment - helps to run infinite test cases without worrying about other components. Cut-down time-to-market - you can look at your refined product in hours after creating it. Demerits Third-party dependency - developers have to depend on cloud service providers completely. Lacking Operational tools - need to depend on providers for debugging and monitoring devices. High Complexity - takes more time and it is difficult to manage more functions. Functions cannot stay for a longer period - only suitable for applications having shorter processes. Limited mapping to database indexes - challenging to configure nodes and indexes. Stateless Functions - resources cannot exist within a function after the function stops to exit. Serverless computing can be seen as the future for the next generation of cloud-native and is a new approach to write and deploy applications that allow developers to focus only on the code. This approach helps to reduce the time to market along with the operational costs and system complexity. Third-party services like AWS Lambda has eliminated the requirement to set up and configure physical servers or virtual machines. It is always best to take an expert's advice that holds years of experience in software development with modern technologies. Author Bio: Working as a manager in a Software outsourcing company Tatvasoft.com, Vikash Kumar has a keen interest in blogging and likes to share useful articles on Computing. Vikash has also published his bylines on major publication like Kd nuggets, Entrepreneur, SAP and many more. Google Cloud Firestore, the serverless, NoSQL document database, is now generally available Kelsey Hightower on Serverless and Security on Kubernetes at KubeCon + CloudNativeCon Introducing GitLab Serverless to deploy cloud-agnostic serverless functions and applications

The need to regulate facial recognition technology has been a matter of debate for the last year. Since news that Amazon had sold its facial recognition product Rekognition to a number of law enforcement agencies in the U.S. in the first half of 2018, criticism of the technology has been constant. It has arguably become the focal point for the ongoing discussion about the relationship between tech and government. Despite months of criticism and scrutiny - from inside and outside the company - Amazon's leadership has said it, too, believes that facial recognition technology needs to be regulated. In a blog post published yesterday, Michael Punke, VP of Public Policy at AWS (and author of The Revenant, trivia fans), clarified Amazon's position on the use and abuse of Rekognition. He also offered some guidelines that he argued should be followed when using facial recognition technologies to protect against misuse. Michael Punke defends Rekognition Punke initially takes issue with some of the tests done by the likes of ACLU, which found that the tool matched 28 members of Congress with mugshots. Tests like this are misleading, Punke claims, because "the service was not used properly... When we’ve re-created their tests using the service correctly, we’ve shown that facial recognition is actually a very valuable tool for improving accuracy and removing bias when compared to manual, human processes." Punke also highlights that where Rekognition has been used by law enforcement agencies, Amazon has not "received a single report of misuse." Nevertheless, he goes on to mphasise that Amazon does indeed accept the need for regulation. This suggests that in spite of its apparent success, there has been an ongoing conversation on the topic inside AWS. Managing public perception was likely an important factor here. "We’ve talked to customers, researchers, academics, policymakers, and others to understand how to best balance the benefits of facial recognition with the potential risks," he writes. Out of these guidelines, Punke explains, Amazon has developed its own set of guidelines for how Rekognition should be used. Amazon's proposed guidelines for facial recognition technology Punke - and by extension Amazon - argues that, first and foremost, facial recognition technology must be used in accordance with the law. He stresses that this includes any civil rights legislation designed to protect vulnerable and minority groups. "Our customers are responsible for following the law in how they use the technology," he writes. He also points out that that Amazon already has a policy forbidding the illegal use of its products - the AWS Acceptable Use policy. This does, of course, only go so far. Punke seems well aware of this, however, writing that Amazon "have and will continue to offer our support to policymakers and legislators in identifying areas to develop guidance or legislation to clarify the proper application of those laws." Human checks and transparency Beyond this basic point, there are a number of other guidelines specified by Punke. These are mainly to do with human checks and transparency. Punke writes that when facial recognition technology is used by law enforcement agencies, human oversight is required to act as a check on the algorithm. This is particularly important when the use of facial recognition technology could violate an individual's civil liberties. Put simply, the deployment of any facial recognition technology requires human judgement at every stage. However, Punke does provide a caveat to this, saying that a 99% confidence threshold should be met in cases where facial recognition could violate someone's civil liberties. However, he stresses that the technology should only ever be one component within a given investigation. It shouldn't be the "sole determinant" in an investigation. Finally, Punke stresses the importance of transparency. This means two things: law enforcement agencies being transparent in how they actually use facial recognition technology, and physical public notices when facial recognition technology could be used in a surveillance context. What does it all mean? In truth, Punke's blog post doesn't really mean that much. The bulk of it is, after all, about actions Amazon is already taking, and conversations it claims are ongoing. But it does tell us that Amazon can see trouble is brewing and that it wants to control the narrative when it comes to facial recognition technology. "New technology should not be banned or condemned because of its potential misuse," Punke argues - a point which sounds reasonable but fails to properly engage with the reality that potential misuse outweighs usefulness, especially in the hands of government and law enforcement.

The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, passed on December 6, 2018, has been put into action recently by the Australian intelligence and law enforcement agencies. However, a few industry groups, academics and civil liberties campaigners opposed by saying that the AA legislation makes Australians less safe by stripping away foundational concepts of privacy and may have a significantly detrimental impact on Australian tech companies. In spite of this opposition, the legislation is not only active but the intelligence agencies actively using its provisions and several notices too have been issued under this new law. With the AA act, the legislation’s aim is to allow intelligence agencies and some law enforcement to pry open encrypted messages in particular cases, especially where it concerned national security. The government has consistently argued the legislation makes Australians safer. “The legislation is being actively used by law enforcement and security agencies in a number of investigations to keep Australia safe”, a government spokesperson reported. “The legislation in no way compromises the security of any Australians’ digital communications”, he added. The Parliamentary Joint Committee on Intelligence and Security (PJCIS) is currently reviewing the provisions of the legislation and the report for the same will be released in April. According to InnovationAus, “A collective of academics and industry groups, including the Communications Alliance, the Australian Information Industry Association (AIIA), and the Information Technology Professionals Association (ITPA), have recently made a joint submission to the PJCIS recommending a raft of changes.” This group has criticized how the powers under the Act are unnecessarily broad and vague and have called for the need to introduce greater judicial oversight, particularly around the issuing of notices by agencies. Vanessa Teague, an associate professor in cryptography at the University of Melbourne, said, “Without that specific [technical] proposal, we just can’t have a rational and grounded discussion about what those unintended consequences is going to be because they depend on what the proposal is.” During the same panel discussion, Suelette Dreyfus, executive director of Blueprint for Free Speech described the introduction of the Act as a “zero-sum game between the privacy of individuals and the powers of the state”. Dreyfus said, “This coalition has been built and is being fortified and strengthened. It’s not only civil society within Australia or technical experts in Australia, it’s internationally as well with international academic experts and leading NGOs in the technical and legal space in places like Washington and London.” “[These people are] are liaising with us and working with us because they are very concerned that what happens in Australia will spread like a bad case of the measles to the digital privacy rights overseas”, she added. To know more about the AA Act in detail, visit the Australian government’s official website. Australia’s Assistance and Access (A&A) bill, popularly known as the anti-encryption law, opposed by many including the tech community Australia passes a rushed anti-encryption bill “to make Australians safe”; experts find “dangerous loopholes” that compromise online privacy and safety Australia’s ACCC publishes a preliminary report recommending Google Facebook be regulated and monitored for discriminatory and anti-competitive behavior  

Yesterday, Wells Fargo, an American multinational financial services company, suffered a major outage of their online and mobile banking operations and the services went completely offline. Following this, the company posted a tweet at 9:28 a.m. ET, apologizing to its customers for this issue with their online banking and mobile app. https://twitter.com/Ask_WellsFargo/status/1093516743304069120 Jackie Knolhoff, a Wells Fargo spokeswoman, said that the system issues were "due to a power shutdown at one of our facilities, initiated after smoke was detected following routine maintenance." https://twitter.com/WellsFargo/status/1093566291112353793 This is the second time in a week the company experienced such a similar outage. A similar disruption occurred last Friday, which lasted for five-and-a-half hours. According to a user comment on HackerNews, “They had all their mission-critical infrastructure in a single data center. How many billions of dollars do they make per year? And they can't afford even a tiny bit of redundancy? If I were a customer, I'd use this as a sign that this company is not technically competent enough to manage my money”. It is yet unknown how many of the bank’s customers were affected but Twitter complaints have been registered across the U.S. The customers are frustrated and are demanding for an inconvenience fee from the company. One of the customers tweeted, “Wells Fargo is responsible for this and they should cover any late fees generated by their failure.” To know more on this, read Wells Fargo’s Twitter thread. Microsoft Cloud services’ DNS outage results in deleting several Microsoft Azure database records Outage in the Microsoft 365 and Gmail made users unable to log into their accounts How Dropbox uses automated data center operations to reduce server outage and downtime  

Yesterday, Apple announced the release of iOS 12.1.4 to fix Apple’s Group FaceTime video bug discovered during the end of last month. Apple immediately disabled this bug that allowed callers to eavesdrop on people before they could even pick up their phone. Apple also plans to reward the 14-year-old Grant Thompson and his mother for first reporting the bug. Apple is “compensating the Thompson family for discovering the vulnerability and providing an additional gift to fund Grant Thompson’s tuition”, the Verge reports. As reported by TechCrunch, an Apple spokesperson told them in a statement, “In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime.” Source: The Verge “To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS”, Apple reports. To know more about this news in detail, head over to The Verge. Apple reinstates Facebook and Google Developer Certificates, restores the ability to run internal iOS apps Apple revoked Facebook developer certificates due to misuse of Apple’s Enterprise Developer Program; Google also disabled its iOS research app Apple disables Group FaceTime till it fixes a security flaw that gave access to microphone and camera of users, even before picking up the call