Are Google and Facebook Surveilling Their Own Employees? (theguardian.com) 68

The Guardian just ran an article titled " 'They'll squash you like a bug': how Silicon Valley keeps a lid on leakers," which begins with the story of an employee confronted by Facebook's secretive "rat-catching" team: They had records of a screenshot he'd taken, links he had clicked or hovered over, and they strongly indicated they had accessed chats between him and the journalist, dating back to before he joined the company. "It's horrifying how much they know," he told the Guardian, on the condition of anonymity... "You get on their bad side and all of a sudden you are face to face with Mark Zuckerberg's secret police"... One European Facebook content moderator signed a contract, seen by the Guardian, which granted the company the right to monitor and record his social media activities, including his personal Facebook account, as well as emails, phone calls and internet use. He also agreed to random personal searches of his belongings including bags, briefcases and car while on company premises. Refusal to allow such searches would be treated as gross misconduct...

Some employees switch their phones off or hide them out of fear that their location is being tracked. One current Facebook employee who recently spoke to Wired asked the reporter to turn off his phone so the company would have a harder time tracking if it had been near the phones of anyone from Facebook. Two security researchers confirmed that this would be technically simple for Facebook to do if both people had the Facebook app on their phone and location services switched on. Even if location services aren't switched on, Facebook can infer someone's location from wifi access points.

The article cites a 2012 report that Microsoft read a French blogger's Hotmail account to identify a former employee who had leaked trade secrets. And it also reports that tech companies hire external agencies to surveil their employees. "One such firm, Pinkerton, counts Google and Facebook among its clients." Though Facebook and Google both deny this, "Among other services, Pinkerton offers to send investigators to coffee shops or restaurants near a company's campus to eavesdrop on employees' conversations...

Al Gidari, consulting director of privacy at the Stanford Center for Internet and Society, says that these tools "are common, widespread, intrusive and legal."

Google Open Sources Its Exoplanet-Hunting AI (vice.com) 14

dmoberhaus writes: Last December, NASA announced that two new exoplanets had been hiding in plain sight among data from the Kepler space telescope. These two new planets weren't discovered by a human, however. Instead, an exoplanet hunting neural network -- a type of machine learning algorithm loosely modeled after the human brain -- had discovered the planets by finding subtle patterns in the Kepler data that would've been nearly impossible for a human to see. Last Thursday, Christopher Shallue, the lead Google engineer behind the exoplanet AI, announced in a blog post that the company was making the algorithm open source. In other words, anyone can download the code and help hunt for exoplanets in Kepler data.
Google's research blog called the December discovery "a successful proof-of-concept for using machine learning to discover exoplanets, and more generally another example of using machine learning to make meaningful gains in a variety of scientific disciplines (e.g. healthcare, quantum chemistry, and fusion research)."

'Why YouTube's New Plan to Debunk Conspiracy Videos Won't Work' (vortex.com) 249

Slashdot reader Lauren Weinstein believes YouTube's plan to combat conspiracy videos with "information cues" is "likely doomed to be almost entirely ineffective." The kind of viewers who are going to believe these kinds of false conspiracy videos are almost certainly going to say that the associated Wikipedia articles are wrong, that they're planted lies... Not helping matters at all is that Wikipedia's reputation for accuracy -- never all that good -- has been plunging in recent years, sometimes resulting in embarrassing Knowledge Panel errors for Google in search results...

The key to avoiding the contamination...is to minimize their visibility in the YouTube/Google ecosystem in the first place... Not only should they be prevented from ever getting into the trending lists, they should be deranked, demonetized, and excised from the YouTube recommended video system. They should be immediately removed from YouTube entirely if they contain specific attacks against individuals or other violations of the YouTube Terms of Service and/or Community Guidelines. These actions must be taken as rapidly as possible with appropriate due diligence, before these videos are able to do even more damage to innocent parties.

Electronic Frontier Foundation

North Carolina Police Obtained Warrants Demanding All Google Users Near Four Crime Scenes (wral.com) 186

An anonymous reader quotes the public records reporter from North Carolina TV station WRAL: In at least four investigations last year -- cases of murder, sexual battery and even possible arson at the massive downtown fire in March 2017 -- Raleigh police used search warrants to demand Google accounts not of specific suspects, but from any mobile devices that veered too close to the scene of a crime, according to a WRAL News review of court records... The demands Raleigh police issued for Google data [in two homicide cases] described a 17-acre area that included both homes and businesses... The account IDs aren't limited to electronics running Android. The warrant includes any device running location-enabled Google apps, according to Raleigh Police Department spokeswoman Laura Hourigan...

On March 16, 2017, a five-alarm fire ripped through the unfinished Metropolitan apartment building on West Jones Street... About two months later, Raleigh police obtained a search warrant for Google account IDs that showed up near the block of the Metropolitan between 7:30 and 10 p.m. the night of the fire... In addition to anonymized numerical identifiers, the warrant calls on Google to release time stamped location coordinates for every device that passed through the area. Detectives wrote that they'd narrow down that list and send it back to the company, demanding "contextual data points with points of travel outside of the geographical area" during an expanded timeframe. Another review would further cull the list, which police would use to request user names, birth dates and other identifying information of the phones' owners.

"Do people understand that in sharing that information with Google, they're also potentially sharing it with law enforcement?" asks a former Durham prosecutor who directs the North Carolina Open Government Coalition at Elon University. And Stephanie Lacambra, criminal defense staff attorney at the Electronic Frontier Foundation, also criticized the procedure. "To just say, 'Criminals commit crimes, and we know that most people have cell phones,' that should not be enough to get the geo-location on anyone that happened to be in the vicinity of a particular incident during a particular time." She believes that without probable cause the police department is "trying to use technology as a hack for their job... It does not have to be that we have to give up our privacy rights in order to participate in the digital revolution."

Nathan Freed Wessler, staff attorney with the ACLU's Speech, Privacy and Technology Project, put it succinctly. "At the end of the day, this tactic unavoidably risks getting information about totally innocent people."

Amazon Alexa's 'Brief Mode' Makes the Digital Assistant Way Less Chatty (cnet.com) 24

A new update is rolling out to Amazon Echo devices that gives users the option to make Alexa respond with a short, beeping sound rather than her customary "OK." Reddit users reported seeing the new feature this week. CNET reports: You access the Brief Mode in the Amazon Alexa app's Settings Menu under "Alexa Voice Responses." You can also ask your Alexa-enabled device to turn on the Brief Mode. Once the setting is enabled, you can ask Alexa to control devices to which she is connected and she will respond with beeps rather than "OK" to let you know that she received and completed the task. Don't want to completely quiet Alexa down? Amazon also rolled out a "Follow-Up Mode" last week that's designed to let you will let you talk to Alexa more naturally. That mode will let you make successive requests without needing to use Alexa's wake word between each command.

Amazon Is Hiring More Developers For Alexa Than Google Is Hiring For Everything (gadgetsnow.com) 79

An anonymous reader quotes a report from Gadgets Now: Amazon is hiring 1,147 people just for its Alexa business. To put this number in perspective, it has to be mentioned that this number is higher than what Google is hiring for technical and product roles across its Alphabet group of companies including YouTube and Waymo. According to a report published in Forbes, Amazon is hiring engineers, data scientists, developers, analysts, payment services professionals among others. The Forbes report cites information released by Citi Research in association with Jobs.com. It's clear that Amazon is betting big on the smartphone speaker market if the hiring numbers are to go by. It was the first major company to come with a smart speaker and has almost 70% market share in the U.S. Google has been making in-roads with Google Home devices but still has a lot of catching up to do. The Citi report further mentions that other notable areas where Amazon is hiring are devices, advertising and seller services. Amazon is looking at hiring a total of about 1,700 employees for other divisions.

'They'll Squash You Like a Bug': How Silicon Valley Keeps a Lid on Leakers (theguardian.com) 96

The public image of Silicon Valley's tech giants is all colourful bicycles, ping-pong tables, beanbags and free food, but behind the cartoonish facade is a ruthless code of secrecy. From a report: They rely on a combination of Kool-Aid, digital and physical surveillance, legal threats and restricted stock units to prevent and detect intellectual property theft and other criminal activity. However, those same tools are also used to catch employees and contractors who talk publicly, even if it's about their working conditions, misconduct or cultural challenges within the company. While Apple's culture of secrecy, which includes making employees sign project-specific NDAs and covering unlaunched products with black cloths, has been widely reported, companies such as Google and Facebook have long put the emphasis on internal transparency.

Zuckerberg hosts weekly meetings where he shares details of unreleased new products and strategies in front of thousands of employees. Even junior staff members and contractors can see what other teams are working on by looking at one of many of the groups on the company's internal version of Facebook. "When you first get to Facebook you are shocked at the level of transparency. You are trusted with a lot of stuff you don't need access to," said Evans, adding that during his induction he was warned not to look at ex-partners' Facebook accounts.

The Internet

Tumblr Has a Massive Creepshots Problem (vice.com) 121

After Reddit famously banned the creepshots sub-reddit, which shared non-consensual, revealing photos of women, Tumblr now has a slew of users pushing out similar photos across at least dozens of dedicated blogs, a Motherboard investigation has found. From the report: Simply typing 'creepshot' or related terms into Tumblr's built-in search function returns a steady stream of tagged posts, and Google queries easily reveal links to relevant Tumblr blogs. Motherboard found just under 70 Tumblr blogs focused on sharing creepshots, most with a bevy of content. In some cases, the Tumblrs also host 'upskirt' photos or videos, where a camera is deliberately, and stealthily, positioned to look up an unsuspecting person's skirt. Some of the subjects of these images, as well as many of the clothed creepshots, appear to be young, possibly teenagers.

"This is only the tip of the iceberg, there are probably hundreds of these accounts filming in high schools, college campuses, in malls, and on the streets. And Tumblr seems to not care at all about the problem," an anonymous tipster, who first alerted Motherboard to the issue, wrote in an email. One of the most popular creepshot Tumblrs has some 11,000 followers, and one of its posts has over 53,000 interactions linked to it, including reblogs, where the video or picture then appears on the user's own Tumblr, spreading the content further.


Yet Again, Google Tricked Into Serving Scam Amazon Ads (zdnet.com) 49

Zack Whittaker, reporting for ZDNet: For hours on Thursday, the top Google search result for "Amazon" was pointed to a scam site. The bad ad appeared at the very top of the search result for anyone searching for the internet retail giant -- even above the legitimate search result for Amazon.com. Anyone who clicked on the ad was sent to a page that tried to trick the user into calling a number for fear that their computer was infected with malware -- and not sent to Amazon.com as they would have hoped.

The page presents itself as an official Apple or Windows support page, depending on the type of computer you're visiting the page from. An analysis of the webpage's code showed that anyone trying to dismiss the popup box on the page would likely trigger the browser expanding to full-screen, giving the appearance of ransomware. A one-off event would be forgivable. But this isn't the first time this has happened. It's at least the second time in two years that Google has served up a malicious ad under Amazon's name.


Android Is Now as Safe as the Competition, Google Says (cnet.com) 112

In an interview with CNET, David Kleidermacher, Google's head of security for Android, Google Play and Chrome OS, said Android is now as safe as the competition. From the interview: That's a big claim, considering that Android's main competitor is Apple's iPhone. This bold idea permeates the annual Android Security Report that Google released Thursday. "Android security made a significant leap forward in 2017 and many of our protections now lead the industry," the report says on page one. Echoing the report, Kleidermacher told CNET that Android flaws have become harder for researchers to find and that the software now protects users from malicious software so well the problems that used to leave users exposed to bad actors aren't such a big problem anymore.

Android Wear Needs More Than a New Name To Fight Apple Watch (cnet.com) 87

Less than two months before Google I/O, Google has rebranded its Android Wear watch platform to "Wear OS." The recent name change is part of a move to have its watches stand apart from Android, but it could also indicate that Google's smartwatch strategy is about to shift. Google may release a completely new Wear OS focused on the Google Assistant or a Google-branded smartwatch. Scott Stein writes via CNET that Android Wear needs more than a new name to fight the Apple Watch: The Apple Watch took over the top spot in global wearable sales recently, according to IDC, despite the fact that it's only compatible with iPhones. Fitbit just announced the Versa, a promising casual smartwatch that will interface with any iPhone or Android and starts at just $200. The wearable market is growing. But where is Google in that picture? The Fossil Group, maker of many of the Android Wear watch products last year, reported some promising numbers: "In 2017, Fossil Group nearly doubled its wearables business to more than $300 million, including 20 percent of watch sales in Q4," said Greg McKelvey, Fossil's chief strategy and digital officer, as part of Google's Wear OS announcement. So it sounds like Android Wear -- sorry, Wear OS -- is still in the game. But the problem, for me, is that I've never found Android Wear watches to be particularly great. Google relaunched Android Wear over a year ago with new software and added fitness smarts, plus standalone phone functions. But Apple's watch strategy has advanced faster, with better hardware. The Apple Watch S3 can be a phone, now. So can Samsung's Gear S3, which runs on Tizen. Google, meanwhile, stopped adding cellular functions to watches after the lackluster LG Watch Sport last year.

Linus Torvalds Slams CTS Labs Over AMD Vulnerability Report (zdnet.com) 115

Earlier this week, CTS Labs, a Tel Aviv-based cybersecurity startup claimed it has discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Linus Torvalds, Linux's creator doesn't buy it. ZDNet reports: Torvalds, in a Google+ discussion, wrote: "When was the last time you saw a security advisory that was basically 'if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?' Yeah." Or, as a commenter put it on the same thread, "I just found a flaw in all of the hardware space. No device is secure: if you have physical access to a device, you can just pick it up and walk away. Am I a security expert yet?" CTS Labs claimed in an interview they gave AMD less than a day because they didn't think AMD could fix the problem for "many, many months, or even a year" anyway. Why would they possibly do this? For Torvalds: "It looks more like stock manipulation than a security advisory to me."

These are real bugs though. Dan Guido, CEO of Trail of Bits, a security company with a proven track-record, tweeted: "Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works." But, Guido also admitted, "Yes, all the flaws require admin [privileges] but all are flaws, not expected functionality." It's that last part that ticks Torvalds off. The Linux creator agrees these are bugs, but all the hype annoys the heck out of him. Are there bugs? Yes. Do they matter in the real world? No. They require a system administrator to be almost criminally negligent to work. To Torvalds, inflammatory security reports are annoying distractions from getting real work done.


Digg Reader To Shut Down This Month -- Latest RSS Service To Bite the Dust (betanews.com) 105

Digg announced this week that it's shutting down Digg Reader, an app which allows users to follow RSS feeds from sites. From a report: Following the closure of Google Reader, RSS fans flocked to the likes of Feedly, The Old Reader, Digg Reader and Inoreader. Now Digg Reader has announced that it is to close, and users are being advised to export their feeds so they can be imported into an alternative service. Users do not have a great deal of time to grab their data and take it elsewhere. The RSS reader is due to close on March 26, meaning there's less than two weeks to go. No reason has been given for the closure, but presumably the venture either didn't prove as popular as expected, or it was rather more costly to run than anticipated.

How Amazon Became Corporate America's Nightmare (bloomberg.com) 241

Zorro shares a report from Bloomberg that details Amazon's rapid growth in the last three years: Amazon makes no sense. It's the most befuddling, illogically sprawling, and -- to a growing sea of competitors -- flat-out terrifying company in the world. It sells soap and produces televised soap operas. It sells complex computing horsepower to the U.S. government and will dispatch a courier to deliver cold medicine on Christmas Eve. It's the third-most-valuable company on Earth, with smaller annual profits than Southwest Airlines Co., which as of this writing ranks 426th. Chief Executive Officer Jeff Bezos is the world's richest person, his fortune built on labor conditions that critics say resemble a Dickens novel with robots, yet he has enough mainstream appeal to play himself in a Super Bowl commercial. Amazon was born in cyberspace, but it occupies warehouses, grocery stores, and other physical real estate equivalent to 90 Empire State Buildings, with a little left over. The company has grown so large and difficult to comprehend that it's worth taking stock of why and how it's left corporate America so thoroughly freaked out. Executives at the biggest U.S. companies mentioned Amazon thousands of times during investor calls last year, according to transcripts -- more than President Trump and almost as often as taxes. Other companies become verbs because of their products: to Google or to Xerox. Amazon became a verb because of the damage it can inflict on other companies. To be Amazoned means to have your business crushed because the company got into your industry. And fear of being Amazoned has become such a defining feature of commerce, it's easy to forget the phenomenon has arisen mostly in about three years.

Tesla Employees Say Automaker Is Churning Out a High Volume of Flawed Parts (cnbc.com) 149

Several current and former employees of Tesla said that the automaker is manufacturing a surprisingly high ratio of flawed parts and vehicles, leading to more rework and repairs than can be contained at its factory in Fremont, California. CNBC reports: One current Tesla engineer estimated that 40 percent of the parts made or received at its Fremont factory require rework. The need for reviews of parts coming off the line, and rework, has contributed to Model 3 delays, the engineer said. Another current employee from Tesla's Fremont factory said the company's defect rate is so high that it's hard to hit production targets. Inability to hit the numbers is in turn hurting employee morale. To deal with a backlog of flawed parts and vehicles, said these current and former employees, Tesla has brought in teams of technicians and engineers from its service centers and remanufacturing lines to help with rework and repairs on site in Fremont. They also said that sometimes the luxury EV maker has taken the unusual measure of sending flawed or damaged parts from Fremont to its remanufacturing facility in Lathrop, California, about 50 miles away, instead of fixing those parts "in-line." Tesla flatly denies that its remanufacturing teams engage in rework. "Our remanufacturing team does not 'rework' cars," a spokesperson said. The company said the employees might be conflating rework and remanufacturing. It also said every vehicle is subjected to rigorous quality control involving more than 500 inspections and tests. The report from CNBC has caused Tesla's stock to tumble today. You can read Tesla's full statement about the CNBC report here.

Google Opens Maps To Bring the Real World Into Games (engadget.com) 48

Video games may soon look a lot more like the real world. If you've enjoyed the thrill of driving through GTA V and spying out Los Angeles landmarks, then that's a sentiment you're probably going to start feeling a lot more often while you play video games. From a report: The search firm is both opening its Maps platform's real-time data and offering new software toolkits that will help developers build games based on that data. The software includes both a kit to translate map info to the Unity game engine as well as another to help make games using that location data. The combination turns buildings and other landmarks into customizable 3D objects, and lets you manipulate those objects to fit your game world. It can replace every real hotel into an adventurer's inn, for instance, or add arbitrary points of interest for the sake of checkpoints.

Google Will Prioritize Stories for Paying News Subscribers (bloomberg.com) 36

Google users who subscribe to newspapers will find articles from those publications appearing higher in their search results, part of the tech giant's efforts to help media companies find and retain paying readers, Bloomberg reports, citing people familiar with the matter. From the report: The Alphabet unit will also begin sharing search data that show who's most likely to buy a subscription, said the people, who asked to be anonymous because they weren't authorized to speak publicly. Google executives plan to disclose specific details at an event in New York on March 20, according to the people. Google declined to comment. The moves could help publishers better target potential digital subscribers and keep the ones they've already got by highlighting stories from the outlets they're paying for. The initiative marks the latest olive branch from Silicon Valley in its evolving relationship with media companies.

Google Will Ban All Cryptocurrency-related Advertising (cnbc.com) 108

Google is cracking down on cryptocurrency-related advertising. From a report: The company is updating its financial services-related ad policies to ban any advertising about cryptocurrency-related content, including initial coin offerings (ICOs), wallets, and trading advice, Google's director of sustainable ads, Scott Spencer, told CNBC. That means that even companies with legitimate cryptocurrency offerings won't be allowed to serve ads through any of Google's ad products, which place advertising on its own sites as well as third-party websites. This update will go into effect in June 2018, according to a company post. "We don't have a crystal ball to know where the future is going to go with cryptocurrencies, but we've seen enough consumer harm or potential for consumer harm that it's an area that we want to approach with extreme caution," Scott said.

Google's New 'Plus Codes' Are An Open Source, Global Alternative To Street Addresses (9to5google.com) 183

Google has developed a "simple and consistent addressing system that works across India and globally." Called "Plus Codes," the location-based digital addressing system is designed for people with addresses that are not easily located through conventional descriptors like street names or house numbers. That's half of the world's urban population, according to a World Bank estimate. 9to5Google reports: Notably, this open source solution composed of 10 characters works globally and can be incorporated by other products and platforms for free, with a developer page available here. It works offline and on print when overlaid as a grid on existing maps. Places that are close together share similar plus codes, while the system is identifiable by the "+" symbol in every address. "This system is based on dividing the geographical surface of the Earth into tiny 'tiled areas,' attributing a unique code to each of them," reports Google. "This code simply comprises a '6-character + City' format that can be generated, shared and searched by anyone -- all that's needed is Google Maps on a smartphone."

The first four characters are the area code, describing a region of roughly 100 x 100 kilometers. The last six characters are the local code, describing the neighborhood and the building, an area of roughly 14 x 14 meters -- about the size of one half of a basketball court. The area code is not needed when navigating within a town, while another optional character can be appended to provide additional accuracy down to a 3 x 3 meter region. Users of Google Maps in India will be able to easily find the plus code for any area in the app, while the mapping service along with Search will support the entry of the new coordinate system. Plus codes for any location can also be found with this tool.


Mozilla Working On In-Page Popup Blocker For Firefox (androidpolice.com) 53

Firefox is working on a blocker for annoying in-page alerts that often ask you to input your email address to receive a newsletter from the site. "The feature is still in the planning stages, but Mozilla is asking users for any examples of sites with annoying pop-ups," reports Android Police. "Mozilla wants to make Firefox automatically detect and dismiss the popups." From the report: If you know of sites that use in-page popups (whether it be newsletter signups, surveys, or something else), you can fill out the survey here. There are also Firefox and Chrome extensions that make the process easier. I'll be interested to see how Mozilla pulls this off, it will no doubt be difficult to detect the difference between helpful and not-helpful popups.

Slashdot Top Deals