Welcome to tech Stuff, a production from I Heart Radio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with I Heart Radio and held the Tech Area. It is time for the tech news for March twenty two, thousand and twenty two. It's Tuesday, and you know, most of the time I talk about how people practice bad security behaviors and etiquette online. That that's kind of a common thing to talk about in tech in general. Is just that people tend to be the weakest link in any security system, and way too many people are very bad at protecting themselves digitally. In fact, that's how fishing attacks are a thing, right That attack depends upon the targets not being cautious enough to avoid getting scammed, and some fishing it acts can be really sophisticated. But here's the thing, they don't have to be, right Like, even an unsophisticated phishing attack is going to find a few hits. The more sophisticated is the more likely it's going to get hits. But then the more time you're spending developing your attack. However, there are also people who actually use a bit more restraint they are a little more cautious, and then sometimes it turns out that they weren't getting scammed at all, and instead they find themselves locked out of their Facebook accounts. All right, So at the heart of the story is that Facebook has the Facebook Protect initiative, and and this project that's spearheaded by Facebook was really aiming to convince Facebook users whom the company had identified as being particularly vulnerable to attack, to enable extra security measures stuff like two factor authentication, to protect their accounts from being compromised. So we're talking about people who are you know, high profile individuals like activists or journalists or politicians. You know, people that could easily be targeted by bad actors. You know, the the folks who have ill intentions to use those accounts to spread misinformation or to otherwise cause harm. So Facebook said, you know, these are high value targets. We want to let them know. We want them to switch over to these enhanced security measures to protect them and everybody else from them getting compromised. So they send out an email saying that these users need to turn on the Facebook Protect feature or else they would get locked out of their accounts. Now, the email included a link to turn that feature on an active link inside an email. However, the email also came from an address that was called security at Facebook mail dot com. Now, I don't know about you, but if I had received this email, and I didn't, but if I had, I definitely would have second thoughts on clicking on any kind of link contained in a message coming from that address, because it sounds us right like. It does not sound like that. You would expect it to come from Facebook dot com, not Facebook mail dot com. So that immediately would raise red flags in my mind. I would think, oh, this is not legit, this is a phishing attack. So there were some other folks who felt the same way. Plus that email address probably ended up having messages get sent to junk folders in a lot of cases. So either people a lot of people didn't see the message, or they rightly suspected or not rightly, they understandably success suspected that the message was in fact a phishing attack. They did not activate these protect features, and then last week they found them selves locked out of their Facebook accounts, apparently for at least a subsection of those who got locked out. The steps they then received to take in order to regain access and to enable Facebook Protect didn't work, So that didn't happen to everybody who got locked out. You know, people were able to appeal to Facebook and then start going through the process to recover their accounts and to enable Facebook Protect. At least for a few that didn't work. So the company has issued a statement saying it's going to work with those particular users to address the problem. And just to be clear, I actually think Facebook was taking a good approach here. I think that this was merited. I think it's important to enable to factor authentication. In fact, I think everybody should be enabling to factor authentication for platforms like Facebook. But definitely if you're someone who could you know, more likely be targeted by hackers and other bad actors, you absolutely should enable that. So I think that Facebook was coming from a good place in this case. I just feel the method of carrying out the initiative was maybe not thought through enough. Meanwhile, Apple continues to be hit with fines from regulators in the Netherlands. If you've been listening to my tech News episodes recently, you are probably aware that Dutch regulators were demanding that Apple allow third party payment methods within apps on iOS devices, specifically within dating apps, although you could extrapolate that to be I mean other apps as well, but they were specifically talking about dating apps and that for dating apps that have in app purchases there should be alternatives to Apple's own payment system. Now, Apple has of course been resisting these kind of of moves all over the world. Right in the United States, there have been court cases that have targeted Apple for very similar reasons, with the company then appealing decisions. I mean, you know, courts have decided against Apple, and Apple has appealed those decisions and continues to argue that its own approach, which requires that all in app purchases go through Apple's own payment system, is actually there to protect users and isn't somehow anti competitive. Uh. The Dutch regulators disagreed, saying no, it absolutely is anti competitive, and in fact, Apple, when proposing changes, has has failed to satisfy the regulators. So far, Apple has been found guilty of failing to meet those standards for nine weeks in a row and has accrued forty five million euro worth of fines. Now, the regular leaders are actually only authorized to find a total of fifty million euro. That's that's the cap, so Apple has one more week to go before it maxes out the fine, assuming that company continues to fail to meet regulators demands. Um As an example of something that Apple did that did not satisfy the regulators, the company allowed for alternative payment systems on in app purchases for dating apps in the Netherlands. However, the company also demanded a twenty seven commission on all in app sales. So yes, you could, if you were an app developer, go with a third party payment system, but you would have to surrender of your your of each sale to Apple, and that would mean that using a third party payment processing system would end up being more expensive than just using Apple's own method, which is a move that the Dutch regulators identified as being anti competitive. As I'll get out and I happen to agree. If your policy that is supposed to allow for fair competition makes anyone who engages in that that approach how have to pay more than your method, then you're not really making it competitive, right, You're still using your your power, your leverage. Two, you know, push people into your own aisle, your own pathway. And even if they don't, if they do go with a third party you still get instead of of every and app transaction. It's pretty ridiculous. Well, if Apple's proposals failed to satisfy the regulators, in the future of the company will be hit with the max fifty million euro fine and the stage will be set for a lawsuit that will pit Apple against the regulatory body in the Netherlands. And considering that's kind of what Apple is doing in other parts of the world, it might well be that that was Apple's plan all along. I don't know. I don't work at Apple, but you know, from the outside, that's kind of what it looks like switching over to Google. The company reached a settlement agreement with six former employees who claimed that they were the targets of retaliation after they attempted to lead employee organization efforts at Google. Specifically, three of the employees had organized against Google's projects with the U S Customs and Border Protection Agency, you know, like circulating UH surveys and documents to other employees to kind of gauge resistance to Google's agreement to work with US Customs and Border Protection. And they say that they were subsequently fired in retaliation for leading those efforts. Details of the settlement remain private, so we don't know how much money is changing hands here. Google, like many companies we've talked about in recent months, has been accused numerous times of trying to discourage employees from organizing in various ways. But as we have seen recently, there's a general movement, particularly here in the United States, that is building around unionization and organization and employee empowerment. Uh, it's possible that Google will end up just encouraging more employee organization efforts in the future. Um Typically that seems to be what happens is that the harder they clamped down, the more people want to resist. And on another Google story, the U S Department of Justice alleges that Google makes it a practice to train employees on using legal counsel as a shield against sharing business communications. So essentially, what the d o J is saying here is that when Google wants to make sure that certain internal communications remain confidential and within company control, they tag that with a request for legal advice. So even documents that would not need any kind of legal advice at all, at least according to the allegations, would get this tag on them, and by getting that tag and sending the communications onto legal counsel makes the communication a legal matter and the subject of attorney client privilege, and as such, uh, they could be withheld from discovery. I mean, it's attorney client privilege. It's not something that gets shared beyond those two parties. So the d o J is saying this isn't a legitimate use of legal consultation, that in many cases legal counsel never responded to any request for advice because there was never a an actual earnest request, that it was really just a way to kind of sidestep any investigative abilities. So the d o J says that Google has been relying on this method since at least two thousand fifteen, and the d o J is seeking to sanction Google and compel the company to share quote all withheld or redacted emails where no attorney responded to the purported request for legal advice end quote. Now, Google, for its part, denies the allegation that it improperly relied on legal counsel. So we'll have to see where this goes next. We've got several more stories to go before we get there. Let's take a quick break. Washington, d C aka the District of Columbia is suing the food delivery service grub Hub, claiming that the company engages in deceptive trade practices in violation of the District of Columbia's Consumer Protection Procedures Act. Now, the d C Attorney General has said that grub Hub was adding in a ton of hidden fees and also listening, you know, numerous restaurants that didn't actually have a contract agreement with Grubhub. So, in other words, grubhub was advertising that it had access to restaurants that it had not made any kind of contract with. That could lead to incidents where business rejects an online order because it never created that relationship, which obviously has an adverse effect on the customer. I have used a food delivery service a few times during the pandemic, a few being a drastic understatement, and I've encountered similar things, and I don't I don't know if it's an honest mistake or if it's similar to what is going on in the District of Columbia. According to the Attorney General. Grub Hub also, according to the accusations, pumped up the prices for restaurant items, So in other words, you would be spending more to buy that burrito through grub Hub than you would if you just went to the restaurant just for the base price, um. And that's before you factor in all the other fees that grubhub throws in, like the delivery fees and service fees and whatnot. So the base burrito cost alone would be higher than you would find in the restaurant. And I'm pretty sure that's true across nearly all third party delivery services. I've definitely, at least, you know, in my own experience, I've observed this is the case where I know the price of a thing at a restaurant and I look at it on delivery services, and it's typically at least a couple of bucks more expensive there. And there are a lot of other parts to this lawsuit, to including an accusation that grub hub has created websites that, at least on the surface, appear to belong to specific restaurants, but in fact they redirect customers to grub Hub's own services, and that further, these sites can leave people with the implication that there's no other way to get a delivery ordered from that specific restaurant, when that might not be the case. There may be cases where restaurants have their own delivery services or they rely upon some independent group and that you can order directly from them, but according to the lawsuit, Grubhub's approach is to try and and uh overshadow those so that people go through Grubhub instead. We've seen similar complaints raised against Google's order online option in search results, and there's no question that the delivery industry has adopted some let's call them questionable business practices, but it remains to be seen if they go far enough to be considered illegal. The identity authentication company oct To announced that it might have experienced a data breach, which is a big old yaalza. So Octa is a business that provides authentication services to other businesses, big ones like T Mobile UH. Companies outsource authentication to Octa and then rely on Octa to verify that, say, an employee is who they claim to be before they are allowed to access whatever they're trying to access. So a lot of companies might use like their own VPN or virtual private network for internal systems, and a company like Octa can act as sort of like a bouncer. You know, it's making sure that the people who are trying to access those internal systems actually have the credentials saying they can do it, or rather you know, authenticating that those credentials are in fact legit. So, according to OCTA's CEO, the company had identified an intrusion attempt back in January, but contained the situation. He said that it did not result in a massive breach. But meanwhile, a hacker group called laps US where the last s there's it's l A P S U S dollar sign because of course it is. That group has claimed to be responsible for the attack and did so in an effort to access the systems of an Octa client, So, in other words, not to necessarily compromise Octa itself, but in order to get at one of the clients that Octa services. According to laps us, uh, the hackers are aren't part of some cyber war group. They're not like a state sponsored hacker group. They're just in it for the money, so, you know, honest crooks. In Israel, the Israeli National Cyber Directorate issued a report that says sixties six thousand closed circuit television systems in the country aren't very secure and could be hacked relatively easily. In fact, hacked is being too generous based upon what's going on here. Hacked is is suggesting a level of effort that you really don't even need to consider. Uh. And you know, there there are a lot of drawbacks to living in a surveillance state, um, which you could argue, you know, Israel could kind of qualify for that. There are a lot of places in Europe, they have a lot of CCTV systems. So one complaint you might have of living in a surveillance state is that big brother is watching you. But another is that you aren't sure who is watching you, but you're pretty darn sure you're being watched. And that's the case here right. So according to the directorate, the problem stems from a dead simple solution. Uh. The systems all come with like default login and passwords so that you can you know, administrate the system. And apparently tons of people who install these systems never bothered to go in and change the default loggin it. So maybe you've heard security experts advocate that you know, you change your standard logging and password for your home network, for your you know, your router, for example, and that's a very good idea because there are a lot of equipment manufacturers, not as many now as there used to be, but still happens. But there are manufacturers that rely on a relatively small number of default passwords. So if a hacker knows this, and a hacker has a dictionary list of all the known default passwords, they can attempt to gain administrative level access to your network pretty quickly, like if you haven't changed it, then it's just you know, a brute force attack can be pretty darn fast if if it's a fairly small list of possible passwords. So that same issue is in play with these CCTV systems in Israel, and those are meant to provide physical security, so clearly they're failing in their purpose. If the people who are using them haven't changed those passwords, you cannot be certain that system is secure. If someone can access it just by using a default password right there, that that's no security at all. It could lead to an Ocean's eleven kind of high situation where thieves compromise the security system by typing in a default password and then disabling or otherwise interfering with the system while they rob a place blind and in the movies that could be really fun and exciting, but in the real world it is totally not plus. I mean, folks could compromise systems for a much more violent and tragic reasons, and that would be truly terrible. So the reason why the director even made this pronouncement of the fact that there are tens of thousands of potentially vulnerable systems in Israel, it's because they had actually been receiving reports from CCTV owners that they had been hacked. So clearly a big problem, and obviously the solution to that problem is not that difficult. It just involves law ugging in as an administrator and then changing the password information to something that's a strong log in, you know as a strong password, something that is not going to come up in a dictionary attack, and that's going to discourage more than of all hacker attempts, Like there is no such thing as a hack proof system that does not exist. But the more difficult you make it for someone from outside to access your system, the fewer people are actually gonna go through the trouble of seeing it through all the way, especially if you're in a target rich environment where you might say, oh, well, they changed the password, but the place next door didn't, so let's just target them instead. I mean, that's that's kind of the where Israel is seeing itself right now. Tesla opened its first European Giga factory today. Elon Musk was on hand in Germany for the event and the company delivered thirty model y SUVs two customers in the region as part of the celebration. Tesla had a bit of an uphill battle getting this giga factory online. Uh. It faced numerous questions about the environmental impact of the facility, something that some people might find ironic. I mean, it's all about developing electric vehicles, which at least you know, in in use, should be uh more environmentally friendly than internal combustion engines, But you still have to build out the facilities to make them, and that itself can have a tremendous environmental impact. Musk and his team sort of dismissed the environmental concerns, saying that they would be using up very little water in the region. Um And The Verge has an article about this that has a bit that actually made me laugh out loud when I read it, namely that in order to build the giga factory in Germany. Tesla first had to clear a forest. However, the article states Musk and company said that was fine because the forest was or wasn't natural, quote unquote wasn't natural. It wasn't a natural forest. Now. I don't know if Musk said that or if that's just how John Porter, who wrote the article put it in their article, but that wording made me laugh, that it wasn't a natural forest. Now, the meaning behind that was that the this forest was planted by humans for the purposes of supplying raw materials to a cardboard manufacturing facility. So that's what they mean by it's not a natural forest. It wasn't a pre existing forest. It was a group of trees that had been planted by people expressly for the purposes of industry. Still, the idea of Tesla clearing out an unnatural forest seems right for a sci fi horror movie to me anyway. It will take some time for the Giga factory to scale up to full production, and Musk projected that the facility will produce at most thirty thousand vehicles for the first half of this year. The goal is to get it up to producing as many as half a million vehicles per year once it is going at full blast. We have a couple more stories to cover before we get to those, let's take another quick break. In an effort to hold companies accountable for their impact on climate change, the US Securities and Exchange Commission has proposed new rules that would require publicly traded companies, as companies that have their stock traded on some stock market, they will have to, as part of their filings with the SEC, disclose their greenhouse gas emissions each year um that includes indirect greenhouse gas emissions. And to me, this makes total sense because the US has a goal to cut emissions by more than half by but in order for you to know whether or not you hit that goal, you first have to know how much you're emitted, right, Like, you've got to know the amount of greenhouse gas emissions in order to judge whether or not you actually cut back by half or really because it's more than half. You can't say that one way or another if you have no metrics, Right, You've got to have the metrics in place in order for any kind of policy that that is meant to achieve this goal to make any sense. So the rules would also require companies to submit to third party consultants to verify their numbers, so they couldn't just slap a number on their SEC filing and have that be that. It has to be verified by an outside party, one that's not affiliated with the company itself. Uh, there are some steps between now and when these rules might actually become official, and they might not like that's there's no guarantee here. So, for one thing, part of the SEC process is to publish rules on its website, and at that point, the general public has sixty days where they can comment on those rules, so that includes people who support or people who criticize the rules, and it even supporters might have suggestions for ways to make the rules more effective or more fair or or whatever. So that process is there for sixty days, and after that the SEC takes those comments into consideration. They might go back to the drawing board and draft a new version of the rules in light of the comments received, and then it would go on to a final vote. And of course we would likely see opposition to the rule from the business sector and those who represent it like lobbyists and certain politicians. So in other words, like even if this does come to pass, it's likely that we'll see various parties challenge it in a court of law arguing whether or not it is you know, a legal set of rules. So again, no guarantee that this will become official or stay official. UM. I honestly think it's a good first step because I feel like we really do have to make some serious moves in order to mitigate climate change. I mean, it's there's no way to stop climate change at this point, and that that ship sailed a long time ago, but we can still mitigate it. We can still limit the extent of climate change, and by extension, we can limit the damage that climate change is going to do. I think everybody has a responsibility to play a part in that, honestly, And I say that as someone like I don't have kids. I do have a couple of nieces who I adore, But I really think that, you know, older generations owe it to younger generations to make these kinds of changes in an effort so that the planet that the younger generations, you know, when they take adulthood and they're taking leadership roles, that they have something, they have something, they're there. So I know I'm on a soapbox. I'll get off my soapbox, But I think this SEC ruling is a good one. I think it's important to hold companies accountable. You can't just expect that they're going to do the right thing just cause. There has to be this kind of of system in place in order to make sure people and companies are doing their part. Otherwise, um, we're playing a very dangerous game. Finally, NASA says that we now know of more than five thousand planets beyond our own Solar system. Now, obviously there have to be billions of planets out there. After all, there are billions and billions, as Carl Sagan would say, of stars, like they're billions of them. Uh, and at least some of those stars. A good number of those stars are likely to have one or more planets orbiting them, So by extension, there must be billions of planets out there. However, knowing the statistical probability and then actually having evidence of a planet orbiting a star, those are two very different things. So while we should expect to identify countless more exo planets in the years to come, it's pretty cool to reflect on the idea that we have so far identified more than five thousand exo planets. We have discovered more than five thousand outs at our own solar system. That is incredible to me. Now, there's no telling how many of those might inhabit the Goldilocks zone around their respective stars. Uh. It's so called the Goldilocks zone because it's not too far and not too close to a star. Uh. It's the zone where we would say a planet could inhabit and partly support life as we know it here on Earth. Right, the temperature wouldn't be too hot or too cold to allow say, liquid water to be on the planet. Doesn't mean that liquid water is on the planet, just means that, you know, if it were closer than we would know, all the water would boil off it, or further away, all the water would freeze. So it's in that just right zone. And then on top of that, even if we did magically know how many of those five thousand planets were definitively within their Goldilocks zone, we wouldn't necessarily know if any of those could or do support life. But it is really neat to think about some other cool facts about the planets that scientists have discovered. More than a third of those five thousand planets are the size of Neptune or Uranus. Both of those are about four times larger than the Earth, so they're much bigger than Earth. Is that kind of makes sense that when you think about it, Yeah, of course it's going to be easier for us to detect planets that are larger. Right, small our planets are gonna be a lot harder to detect. Um a little less than a third of the discovered planets are between the size of Earth and Neptune and are considered to be rocky planets. So in other words, that's the kind of planet where we might expect to find life if the conditions were just right, like if it were in that Goldie Lug zone. And again doesn't necessarily mean it even if there's water on the planet, doesn't necessarily mean there's life there. But there's the potential, which is super neat. I think it's just a matter of time before we eventually detect life on some other planet. I don't think it's going to be like super advanced life necessarily, but you know, life in some fashion, whether it's you know, multicellular or not. I think eventually that's just a guarantee that we will find it, assuming that we're still around, we will find it. Um, I don't think we're gonna be discovering any e t s out there like nothing intelligent, least not anytime soon. We've been listening for a while, although there are a lot of arguments to be made about that that kind of can explain why we haven't picked up any evidence of that so far. But I'll have to dedicate a full episode to that in the future. Maybe I'll get some of the guys from Stuff they Don't Want You to Know to come onto the show and talk about it from a technical perspective. Uh, because I like them a lot and it would be a lot of fun to have them on and talk about aliens and stuff. Anyway, that's it for today's episode. If you have suggestions for topics I should cover in future episodes of tech Stuff, please reach out to me and let me know what those are. The best way to do that is over on Twitter. The handle for the show is tech Stuff hs W and I'll talk to you again really soon. Tech Stuff is an I Heart Radio production. For more podcasts from my Heart Radio, visit the i Heart Radio app Apple Podcasts or wherever you listen to your favorite shows.

Welcome to tech Stuff, a production from I Heart Radio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with I Heart Radio and held the Tech Area. It is time for the tech news for March twenty two, thousand and twenty two. It's Tuesday, and you know, most of the time I talk about how people practice bad security behaviors and etiquette online. That that's kind of a common thing to talk about in tech in general. Is just that people tend to be the weakest link in any security system, and way too many people are very bad at protecting themselves digitally. In fact, that's how fishing attacks are a thing, right That attack depends upon the targets not being cautious enough to avoid getting scammed, and some fishing it acts can be really sophisticated. But here's the thing, they don't have to be, right Like, even an unsophisticated phishing attack is going to find a few hits. The more sophisticated is the more likely it's going to get hits. But then the more time you're spending developing your attack. However, there are also people who actually use a bit more restraint they are a little more cautious, and then sometimes it turns out that they weren't getting scammed at all, and instead they find themselves locked out of their Facebook accounts. All right, So at the heart of the story is that Facebook has the Facebook Protect initiative, and and this project that's spearheaded by Facebook was really aiming to convince Facebook users whom the company had identified as being particularly vulnerable to attack, to enable extra security measures stuff like two factor authentication, to protect their accounts from being compromised. So we're talking about people who are you know, high profile individuals like activists or journalists or politicians. You know, people that could easily be targeted by bad actors. You know, the the folks who have ill intentions to use those accounts to spread misinformation or to otherwise cause harm. So Facebook said, you know, these are high value targets. We want to let them know. We want them to switch over to these enhanced security measures to protect them and everybody else from them getting compromised. So they send out an email saying that these users need to turn on the Facebook Protect feature or else they would get locked out of their accounts. Now, the email included a link to turn that feature on an active link inside an email. However, the email also came from an address that was called security at Facebook mail dot com. Now, I don't know about you, but if I had received this email, and I didn't, but if I had, I definitely would have second thoughts on clicking on any kind of link contained in a message coming from that address, because it sounds us right like. It does not sound like that. You would expect it to come from Facebook dot com, not Facebook mail dot com. So that immediately would raise red flags in my mind. I would think, oh, this is not legit, this is a phishing attack. So there were some other folks who felt the same way. Plus that email address probably ended up having messages get sent to junk folders in a lot of cases. So either people a lot of people didn't see the message, or they rightly suspected or not rightly, they understandably success suspected that the message was in fact a phishing attack. They did not activate these protect features, and then last week they found them selves locked out of their Facebook accounts, apparently for at least a subsection of those who got locked out. The steps they then received to take in order to regain access and to enable Facebook Protect didn't work, So that didn't happen to everybody who got locked out. You know, people were able to appeal to Facebook and then start going through the process to recover their accounts and to enable Facebook Protect. At least for a few that didn't work. So the company has issued a statement saying it's going to work with those particular users to address the problem. And just to be clear, I actually think Facebook was taking a good approach here. I think that this was merited. I think it's important to enable to factor authentication. In fact, I think everybody should be enabling to factor authentication for platforms like Facebook. But definitely if you're someone who could you know, more likely be targeted by hackers and other bad actors, you absolutely should enable that. So I think that Facebook was coming from a good place in this case. I just feel the method of carrying out the initiative was maybe not thought through enough. Meanwhile, Apple continues to be hit with fines from regulators in the Netherlands. If you've been listening to my tech News episodes recently, you are probably aware that Dutch regulators were demanding that Apple allow third party payment methods within apps on iOS devices, specifically within dating apps, although you could extrapolate that to be I mean other apps as well, but they were specifically talking about dating apps and that for dating apps that have in app purchases there should be alternatives to Apple's own payment system. Now, Apple has of course been resisting these kind of of moves all over the world. Right in the United States, there have been court cases that have targeted Apple for very similar reasons, with the company then appealing decisions. I mean, you know, courts have decided against Apple, and Apple has appealed those decisions and continues to argue that its own approach, which requires that all in app purchases go through Apple's own payment system, is actually there to protect users and isn't somehow anti competitive. Uh. The Dutch regulators disagreed, saying no, it absolutely is anti competitive, and in fact, Apple, when proposing changes, has has failed to satisfy the regulators. So far, Apple has been found guilty of failing to meet those standards for nine weeks in a row and has accrued forty five million euro worth of fines. Now, the regular leaders are actually only authorized to find a total of fifty million euro. That's that's the cap, so Apple has one more week to go before it maxes out the fine, assuming that company continues to fail to meet regulators demands. Um As an example of something that Apple did that did not satisfy the regulators, the company allowed for alternative payment systems on in app purchases for dating apps in the Netherlands. However, the company also demanded a twenty seven commission on all in app sales. So yes, you could, if you were an app developer, go with a third party payment system, but you would have to surrender of your your of each sale to Apple, and that would mean that using a third party payment processing system would end up being more expensive than just using Apple's own method, which is a move that the Dutch regulators identified as being anti competitive. As I'll get out and I happen to agree. If your policy that is supposed to allow for fair competition makes anyone who engages in that that approach how have to pay more than your method, then you're not really making it competitive, right, You're still using your your power, your leverage. Two, you know, push people into your own aisle, your own pathway. And even if they don't, if they do go with a third party you still get instead of of every and app transaction. It's pretty ridiculous. Well, if Apple's proposals failed to satisfy the regulators, in the future of the company will be hit with the max fifty million euro fine and the stage will be set for a lawsuit that will pit Apple against the regulatory body in the Netherlands. And considering that's kind of what Apple is doing in other parts of the world, it might well be that that was Apple's plan all along. I don't know. I don't work at Apple, but you know, from the outside, that's kind of what it looks like switching over to Google. The company reached a settlement agreement with six former employees who claimed that they were the targets of retaliation after they attempted to lead employee organization efforts at Google. Specifically, three of the employees had organized against Google's projects with the U S Customs and Border Protection Agency, you know, like circulating UH surveys and documents to other employees to kind of gauge resistance to Google's agreement to work with US Customs and Border Protection. And they say that they were subsequently fired in retaliation for leading those efforts. Details of the settlement remain private, so we don't know how much money is changing hands here. Google, like many companies we've talked about in recent months, has been accused numerous times of trying to discourage employees from organizing in various ways. But as we have seen recently, there's a general movement, particularly here in the United States, that is building around unionization and organization and employee empowerment. Uh, it's possible that Google will end up just encouraging more employee organization efforts in the future. Um Typically that seems to be what happens is that the harder they clamped down, the more people want to resist. And on another Google story, the U S Department of Justice alleges that Google makes it a practice to train employees on using legal counsel as a shield against sharing business communications. So essentially, what the d o J is saying here is that when Google wants to make sure that certain internal communications remain confidential and within company control, they tag that with a request for legal advice. So even documents that would not need any kind of legal advice at all, at least according to the allegations, would get this tag on them, and by getting that tag and sending the communications onto legal counsel makes the communication a legal matter and the subject of attorney client privilege, and as such, uh, they could be withheld from discovery. I mean, it's attorney client privilege. It's not something that gets shared beyond those two parties. So the d o J is saying this isn't a legitimate use of legal consultation, that in many cases legal counsel never responded to any request for advice because there was never a an actual earnest request, that it was really just a way to kind of sidestep any investigative abilities. So the d o J says that Google has been relying on this method since at least two thousand fifteen, and the d o J is seeking to sanction Google and compel the company to share quote all withheld or redacted emails where no attorney responded to the purported request for legal advice end quote. Now, Google, for its part, denies the allegation that it improperly relied on legal counsel. So we'll have to see where this goes next. We've got several more stories to go before we get there. Let's take a quick break. Washington, d C aka the District of Columbia is suing the food delivery service grub Hub, claiming that the company engages in deceptive trade practices in violation of the District of Columbia's Consumer Protection Procedures Act. Now, the d C Attorney General has said that grub Hub was adding in a ton of hidden fees and also listening, you know, numerous restaurants that didn't actually have a contract agreement with Grubhub. So, in other words, grubhub was advertising that it had access to restaurants that it had not made any kind of contract with. That could lead to incidents where business rejects an online order because it never created that relationship, which obviously has an adverse effect on the customer. I have used a food delivery service a few times during the pandemic, a few being a drastic understatement, and I've encountered similar things, and I don't I don't know if it's an honest mistake or if it's similar to what is going on in the District of Columbia. According to the Attorney General. Grub Hub also, according to the accusations, pumped up the prices for restaurant items, So in other words, you would be spending more to buy that burrito through grub Hub than you would if you just went to the restaurant just for the base price, um. And that's before you factor in all the other fees that grubhub throws in, like the delivery fees and service fees and whatnot. So the base burrito cost alone would be higher than you would find in the restaurant. And I'm pretty sure that's true across nearly all third party delivery services. I've definitely, at least, you know, in my own experience, I've observed this is the case where I know the price of a thing at a restaurant and I look at it on delivery services, and it's typically at least a couple of bucks more expensive there. And there are a lot of other parts to this lawsuit, to including an accusation that grub hub has created websites that, at least on the surface, appear to belong to specific restaurants, but in fact they redirect customers to grub Hub's own services, and that further, these sites can leave people with the implication that there's no other way to get a delivery ordered from that specific restaurant, when that might not be the case. There may be cases where restaurants have their own delivery services or they rely upon some independent group and that you can order directly from them, but according to the lawsuit, Grubhub's approach is to try and and uh overshadow those so that people go through Grubhub instead. We've seen similar complaints raised against Google's order online option in search results, and there's no question that the delivery industry has adopted some let's call them questionable business practices, but it remains to be seen if they go far enough to be considered illegal. The identity authentication company oct To announced that it might have experienced a data breach, which is a big old yaalza. So Octa is a business that provides authentication services to other businesses, big ones like T Mobile UH. Companies outsource authentication to Octa and then rely on Octa to verify that, say, an employee is who they claim to be before they are allowed to access whatever they're trying to access. So a lot of companies might use like their own VPN or virtual private network for internal systems, and a company like Octa can act as sort of like a bouncer. You know, it's making sure that the people who are trying to access those internal systems actually have the credentials saying they can do it, or rather you know, authenticating that those credentials are in fact legit. So, according to OCTA's CEO, the company had identified an intrusion attempt back in January, but contained the situation. He said that it did not result in a massive breach. But meanwhile, a hacker group called laps US where the last s there's it's l A P S U S dollar sign because of course it is. That group has claimed to be responsible for the attack and did so in an effort to access the systems of an Octa client, So, in other words, not to necessarily compromise Octa itself, but in order to get at one of the clients that Octa services. According to laps us, uh, the hackers are aren't part of some cyber war group. They're not like a state sponsored hacker group. They're just in it for the money, so, you know, honest crooks. In Israel, the Israeli National Cyber Directorate issued a report that says sixties six thousand closed circuit television systems in the country aren't very secure and could be hacked relatively easily. In fact, hacked is being too generous based upon what's going on here. Hacked is is suggesting a level of effort that you really don't even need to consider. Uh. And you know, there there are a lot of drawbacks to living in a surveillance state, um, which you could argue, you know, Israel could kind of qualify for that. There are a lot of places in Europe, they have a lot of CCTV systems. So one complaint you might have of living in a surveillance state is that big brother is watching you. But another is that you aren't sure who is watching you, but you're pretty darn sure you're being watched. And that's the case here right. So according to the directorate, the problem stems from a dead simple solution. Uh. The systems all come with like default login and passwords so that you can you know, administrate the system. And apparently tons of people who install these systems never bothered to go in and change the default loggin it. So maybe you've heard security experts advocate that you know, you change your standard logging and password for your home network, for your you know, your router, for example, and that's a very good idea because there are a lot of equipment manufacturers, not as many now as there used to be, but still happens. But there are manufacturers that rely on a relatively small number of default passwords. So if a hacker knows this, and a hacker has a dictionary list of all the known default passwords, they can attempt to gain administrative level access to your network pretty quickly, like if you haven't changed it, then it's just you know, a brute force attack can be pretty darn fast if if it's a fairly small list of possible passwords. So that same issue is in play with these CCTV systems in Israel, and those are meant to provide physical security, so clearly they're failing in their purpose. If the people who are using them haven't changed those passwords, you cannot be certain that system is secure. If someone can access it just by using a default password right there, that that's no security at all. It could lead to an Ocean's eleven kind of high situation where thieves compromise the security system by typing in a default password and then disabling or otherwise interfering with the system while they rob a place blind and in the movies that could be really fun and exciting, but in the real world it is totally not plus. I mean, folks could compromise systems for a much more violent and tragic reasons, and that would be truly terrible. So the reason why the director even made this pronouncement of the fact that there are tens of thousands of potentially vulnerable systems in Israel, it's because they had actually been receiving reports from CCTV owners that they had been hacked. So clearly a big problem, and obviously the solution to that problem is not that difficult. It just involves law ugging in as an administrator and then changing the password information to something that's a strong log in, you know as a strong password, something that is not going to come up in a dictionary attack, and that's going to discourage more than of all hacker attempts, Like there is no such thing as a hack proof system that does not exist. But the more difficult you make it for someone from outside to access your system, the fewer people are actually gonna go through the trouble of seeing it through all the way, especially if you're in a target rich environment where you might say, oh, well, they changed the password, but the place next door didn't, so let's just target them instead. I mean, that's that's kind of the where Israel is seeing itself right now. Tesla opened its first European Giga factory today. Elon Musk was on hand in Germany for the event and the company delivered thirty model y SUVs two customers in the region as part of the celebration. Tesla had a bit of an uphill battle getting this giga factory online. Uh. It faced numerous questions about the environmental impact of the facility, something that some people might find ironic. I mean, it's all about developing electric vehicles, which at least you know, in in use, should be uh more environmentally friendly than internal combustion engines, But you still have to build out the facilities to make them, and that itself can have a tremendous environmental impact. Musk and his team sort of dismissed the environmental concerns, saying that they would be using up very little water in the region. Um And The Verge has an article about this that has a bit that actually made me laugh out loud when I read it, namely that in order to build the giga factory in Germany. Tesla first had to clear a forest. However, the article states Musk and company said that was fine because the forest was or wasn't natural, quote unquote wasn't natural. It wasn't a natural forest. Now. I don't know if Musk said that or if that's just how John Porter, who wrote the article put it in their article, but that wording made me laugh, that it wasn't a natural forest. Now, the meaning behind that was that the this forest was planted by humans for the purposes of supplying raw materials to a cardboard manufacturing facility. So that's what they mean by it's not a natural forest. It wasn't a pre existing forest. It was a group of trees that had been planted by people expressly for the purposes of industry. Still, the idea of Tesla clearing out an unnatural forest seems right for a sci fi horror movie to me anyway. It will take some time for the Giga factory to scale up to full production, and Musk projected that the facility will produce at most thirty thousand vehicles for the first half of this year. The goal is to get it up to producing as many as half a million vehicles per year once it is going at full blast. We have a couple more stories to cover before we get to those, let's take another quick break. In an effort to hold companies accountable for their impact on climate change, the US Securities and Exchange Commission has proposed new rules that would require publicly traded companies, as companies that have their stock traded on some stock market, they will have to, as part of their filings with the SEC, disclose their greenhouse gas emissions each year um that includes indirect greenhouse gas emissions. And to me, this makes total sense because the US has a goal to cut emissions by more than half by but in order for you to know whether or not you hit that goal, you first have to know how much you're emitted, right, Like, you've got to know the amount of greenhouse gas emissions in order to judge whether or not you actually cut back by half or really because it's more than half. You can't say that one way or another if you have no metrics, Right, You've got to have the metrics in place in order for any kind of policy that that is meant to achieve this goal to make any sense. So the rules would also require companies to submit to third party consultants to verify their numbers, so they couldn't just slap a number on their SEC filing and have that be that. It has to be verified by an outside party, one that's not affiliated with the company itself. Uh, there are some steps between now and when these rules might actually become official, and they might not like that's there's no guarantee here. So, for one thing, part of the SEC process is to publish rules on its website, and at that point, the general public has sixty days where they can comment on those rules, so that includes people who support or people who criticize the rules, and it even supporters might have suggestions for ways to make the rules more effective or more fair or or whatever. So that process is there for sixty days, and after that the SEC takes those comments into consideration. They might go back to the drawing board and draft a new version of the rules in light of the comments received, and then it would go on to a final vote. And of course we would likely see opposition to the rule from the business sector and those who represent it like lobbyists and certain politicians. So in other words, like even if this does come to pass, it's likely that we'll see various parties challenge it in a court of law arguing whether or not it is you know, a legal set of rules. So again, no guarantee that this will become official or stay official. UM. I honestly think it's a good first step because I feel like we really do have to make some serious moves in order to mitigate climate change. I mean, it's there's no way to stop climate change at this point, and that that ship sailed a long time ago, but we can still mitigate it. We can still limit the extent of climate change, and by extension, we can limit the damage that climate change is going to do. I think everybody has a responsibility to play a part in that, honestly, And I say that as someone like I don't have kids. I do have a couple of nieces who I adore, But I really think that, you know, older generations owe it to younger generations to make these kinds of changes in an effort so that the planet that the younger generations, you know, when they take adulthood and they're taking leadership roles, that they have something, they have something, they're there. So I know I'm on a soapbox. I'll get off my soapbox, But I think this SEC ruling is a good one. I think it's important to hold companies accountable. You can't just expect that they're going to do the right thing just cause. There has to be this kind of of system in place in order to make sure people and companies are doing their part. Otherwise, um, we're playing a very dangerous game. Finally, NASA says that we now know of more than five thousand planets beyond our own Solar system. Now, obviously there have to be billions of planets out there. After all, there are billions and billions, as Carl Sagan would say, of stars, like they're billions of them. Uh, and at least some of those stars. A good number of those stars are likely to have one or more planets orbiting them, So by extension, there must be billions of planets out there. However, knowing the statistical probability and then actually having evidence of a planet orbiting a star, those are two very different things. So while we should expect to identify countless more exo planets in the years to come, it's pretty cool to reflect on the idea that we have so far identified more than five thousand exo planets. We have discovered more than five thousand outs at our own solar system. That is incredible to me. Now, there's no telling how many of those might inhabit the Goldilocks zone around their respective stars. Uh. It's so called the Goldilocks zone because it's not too far and not too close to a star. Uh. It's the zone where we would say a planet could inhabit and partly support life as we know it here on Earth. Right, the temperature wouldn't be too hot or too cold to allow say, liquid water to be on the planet. Doesn't mean that liquid water is on the planet, just means that, you know, if it were closer than we would know, all the water would boil off it, or further away, all the water would freeze. So it's in that just right zone. And then on top of that, even if we did magically know how many of those five thousand planets were definitively within their Goldilocks zone, we wouldn't necessarily know if any of those could or do support life. But it is really neat to think about some other cool facts about the planets that scientists have discovered. More than a third of those five thousand planets are the size of Neptune or Uranus. Both of those are about four times larger than the Earth, so they're much bigger than Earth. Is that kind of makes sense that when you think about it, Yeah, of course it's going to be easier for us to detect planets that are larger. Right, small our planets are gonna be a lot harder to detect. Um a little less than a third of the discovered planets are between the size of Earth and Neptune and are considered to be rocky planets. So in other words, that's the kind of planet where we might expect to find life if the conditions were just right, like if it were in that Goldie Lug zone. And again doesn't necessarily mean it even if there's water on the planet, doesn't necessarily mean there's life there. But there's the potential, which is super neat. I think it's just a matter of time before we eventually detect life on some other planet. I don't think it's going to be like super advanced life necessarily, but you know, life in some fashion, whether it's you know, multicellular or not. I think eventually that's just a guarantee that we will find it, assuming that we're still around, we will find it. Um, I don't think we're gonna be discovering any e t s out there like nothing intelligent, least not anytime soon. We've been listening for a while, although there are a lot of arguments to be made about that that kind of can explain why we haven't picked up any evidence of that so far. But I'll have to dedicate a full episode to that in the future. Maybe I'll get some of the guys from Stuff they Don't Want You to Know to come onto the show and talk about it from a technical perspective. Uh, because I like them a lot and it would be a lot of fun to have them on and talk about aliens and stuff. Anyway, that's it for today's episode. If you have suggestions for topics I should cover in future episodes of tech Stuff, please reach out to me and let me know what those are. The best way to do that is over on Twitter. The handle for the show is tech Stuff hs W and I'll talk to you again really soon. Tech Stuff is an I Heart Radio production. For more podcasts from my Heart Radio, visit the i Heart Radio app Apple Podcasts or wherever you listen to your favorite shows.