Welcome to tech Stuff, a production from I Heart Radio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with I Heart Radio and I love all things tech. And this is the tech news for a Thursday, October seven, twenty twenty one. And before I get to the news, uh, I need to issue a correction because I totally bungled something in yesterday's episode. So if you've already listened to that one, there was you know, I was talking about space navigation in that episode, and I made a dumb mistake on my part, totally me and then I doubled down on it, which made it worse. But fortunately Twitter user Charlie Tango Bravo pointed this out to me. And the issue was I was describing the inverse square law, and what I said was that the intensity of a signal goes down by half upon the square of the distance. This was a complete misunderstanding on my part about the inverse square law. I mean, yes, the strength of a signal decreases over distance, but not that's not the relationship. Anyway. I could have avoided this entirely by just taking a little bit more time to make sure I understood the inverse square law before I included an explanation of it in my podcast. So again, this is all on me, and that stinks. I never want to get something wrong, and of course it's even worse than I could have avoided it if I had just been a little more careful, so my apologies to all of you for that. It also means that the example I gave was fundamentally wrong. I have recorded an updated segment that Tari is putting into yesterday's episode, so that doesn't solve the problem for everybody who's already listen to it, but it does mean that at least in in the future, should someone be going back and pulling up that episode, they won't have the wrong definition and explanation in there. And again thanks to Charlie Tango Bravo for the heads up. Uh and I I'll try to do better. I'm gonna make mistakes. I just hope they're not as embarrassing as that one. But let's get to the news. First up, A hacker pulled more than a hundred gigabytes of data down from Twitch, the video streaming service that Amazon owns and caters, primarily to gamers. That data included source code for the platform itself, so like the actual code that Twitch runs on. Uh. It included records showing how much top streamers were making due to the platform. So we're talking about, you know, like top performers making millions of dollars. Not all that information was you know, new necessarily, but it was all in one place. So a lot of people have been shocked by that. Also, stuff like user data, including potentially encrypted passwords. Now passwords being encrypted, that's a good thing. It that means that, you know, you can't just immediately read them. But however, with enough time and effort and a sufficiently powerful computer system, you can break encryption. It's just a question of how good was the encryption That will tell you how long it will typically take for you to break it. And for that reason, a lot of folks, including myself, are suggesting that anyone who has a Twitch account should go in and change their password. Hopefully you're not using the same password on Twitch as you are for other sites, because that could potentially mean that all of those accounts are now vulnerable to right, because if the hackers and all the people who are purchasing this information on the you know, digital black market. If they are all aware of the password you used and use it everywhere, well, now you've just you know, you've handed a skeleton key to people who just need to try it in all the different locks. While you're at it, while you're changing your password on Twitch, you should probably also go ahead and activate two factor authentication. That way, should someone ever get your password, they would still need your phone before they could access your account. So it's a good thing to have that active. Uh. It appears that the hacker was taking advantage of a vulnerability that was created when Amazon was doing some reconfiguration of Twitches servers. We've seen a couple of examples of server reconfigurations leading to big issues. In this case, it created an opportunity for a hacker to attack. In Facebook's case, it led to a situation where the internet essentially forgot that Facebook and all of its services existed for like six hours. So it really does tell us that you know, these processes, even when they are routine and mundane, you have to do them with a lot of care or else you can introduce some pretty big problems. Facebook founder Mark Zuckerberg attempted to downplay some statements that were made by the whistle blower and former Facebook employee Francis Hogan that she was making to the United States Senate. Zuckerberg said that the research Hoggan was citing had been taken completely out of context, and that it was painting a misleading portrait of what Facebook is, and he should know because he and other Facebook executives have made it kind of an art form to present, let's call it a highly curated image of Facebook, highlighting stuff that appears positive and then downplaying or even ignoring stuff that's negative, and meanwhile the entire time claiming that the company is operating in a transparent way. At one point, when The New York Times published an article that showed how Facebook was being selective to choose, you know, what kind of data to report and what data not to report, a Facebook spokesperson brushed it off and said, we're guilty of cleaning up our house a bit before we invited company. Okay, so here's the thing, though, Um, that's not what transparency means. Transparency doesn't mean let's just show you the pretty stuff. That's not transparency Facebook. Well, anyway, I suspect we're going to see a lot more scrutiny into the company in the weeks to come, and probably more examples of spin and damage control from the company as well. But I think tolerance for Facebook's shenanigans is at kind of a low point right now. I'm not saying it can't go lower. It might, but um, yeah, I think Facebook is kind of treading on thin ice at the moment. I think the government is of the United States in particular, is UH is kind of gearing up to to lay the smack down on Facebook, and the same is true in other parts of the world. By the way, all right, let's get back to hoggins testimony for a second. At one point, she talked about how Facebook's algorithms have exacerbated xenophobic rhetoric and made dangerous situations a whole lot worse in different parts of the world. One of the things you refer to was the coup in Myanmar, the military cue, and how face books algorithm pushed posts that turned the dial up with calls for things like ethnic violence within that country. And she also warned that the same thing is kind of unfolding now in Ethiopia. Researchers with the human rights organization Global witness back up that statement. They conducted a study in the mean Mar case. They actually looked to to a Facebook page that was a page dedicated to Myanmar's military, and that page didn't have any violations to Facebook's policies on it. They then liked that page to see what would happen next, and then Facebook started to suggest other pages that they might want to follow, and among those pages there were a bunch that had abusive content in them, stuff that was calling for like violence against specific ethnic minority groups. And even if you start from a place that doesn't violate Facebook's terms of service, it does not take long for stuff that is not playing by the rules to pop up, promoted by Facebook itself. I mean, you wouldn't necessarily even know it existed except for the fact that Facebook's algorithm is suggesting it to you. So this can quickly lead to a situation where a person sees frequent posts calling for violence or discrimination or promoting harmful and hateful ideologies, and it gets reinforced with every visit to Facebook. And now, I don't think anyone would go so far as to say that Facebook is the root cause of these problems. That is far too simplistic. It's just not reflective of the truth. But I think it's fair to say that Facebook is acting like an amplifier. It's taking a signal and boosting it. U S Senator Elizabeth Warren and House Representative Deborah Ross have introduced proposed legislation that they're calling the Ransom Disclosure Act, So they're calling for companies to have a legal obligation reveal when they have paid off a ransom as a result of a ransomware attack. Now, if you've been listening to my show for a while, you know I mean I I've beaten this dead horse so many times that I always say, never pay the ransom, because paying a ransom means you're sending the signal this criminal activity is profitable that encourages future attacks both against you and other entities. Plus, you can never guarantee that the attackers will actually return to you whatever it is that they have locked down, just in case. Ransomware is something you're not really familiar with. Typically, this involves hackers gaining access to a system and then they will encrypt large amounts of data and file folders and things like that in the system. So without a decryption key, without a way to reverse that process, all that data becomes unusable. It's it's it's gibberish, so you can't do anything with it. Um. Now, there are some different variations on this attack, but they all basically boiled down to a hacker trying to make critical systems or data inaccessible to the rightful owners. And then the hackers say, fork over the money, usually in the form of cryptocurrency, and then we'll hand you the decryption key so that you can get all your stuff back. So this bill, if passed into law, would require companies to disclose any ransom payment they made to hackers within forty eight hours of having made that payment, including how much they paid and in what format they paid it in. I imagine that if this bill does become law, it will discourage companies from trying to quietly handle these sorts of matters in the hopes that no one finds out about it, because if the government does find out that a company paid a ransom and that it did not comply with the rules, there's going to be some pretty serious consequences. Uh. Of course, this has not been passed into a law, it may never make it to a law, but is interesting to see the proposal over in Europe. A majority in the European Parliament voted on a band throughout the EU with regard to police using facial recognition surveillance to identify people who are not suspected of committing a crime. And as we've seen many times through lots of different studies, facial recognition technologies are incredibly prone to bias. Bias tends to disproportionately affect people in ethnic minority groups, and the European Parliament also released a statement that said, at least in part quote, to respect privacy and human dignity, m EPs ask for a permanent ban on the automated recognition of individuals in public spaces, noting that citizens should only be monitored when suspected of a crime. Parliament calls for the use of private facial recognition databases like the clear View AI system which is already in use, and predictive policing based on behavioral data to be forbidden end quote. And we've seen a growing concern around the world regarding how various authorities, particularly in law enforcement capacities, have been relying upon facial recognition technologies and how the technology can cause harm to innocent people. Even if everyone's using the tech correctly, the tech itself can just be wrong. So that's assuming if you're using it correctly. That's a big assumption. There are a lot of cases where people are just not using tech the right way. I'm sure you've encountered this just in general. Well, when you're talking about people in positions of authority who are using that to be part of a surveillance package on citizens, that becomes an incredibly dangerous situation, one that can lead to an authoritarian police state, uh and a lot of human rights being violated in the process. So I think this is an important point and something that I'm seeing pop up in other places around the world. Well, we have a few more stories to go through, but before we get to any of those, let's take a quick break. BlackBerry, which is a name I've not heard in a long time, A long time anyway. BlackBerry has a research team that reports that it discovered a Chinese state sponsored hacker group that was using three different fishing schemes, all targeting companies and individuals in India. The BlackBerry researchers say that it looks like the hackers were operating both as spies, so conducting espionage on behalf of the Chinese government and also pursuing quote financially motivated operations end quote. So you know, tricking people out of money and stealing and also spying on behalf of an authoritarian government. You know the usual. The name of this hacker group is APT forty one, and they lured in targets by sending out messages claiming to be related to official matters like you know, taxes or COVID nineteen measures. These are common tactics, right. You You set the bait by picking something that is likely to get a reaction from your target, something that that they would be concerned about. If you send them a message saying, hey, you know, we found some money that we owe you in taxes because you overpaid, a lot of people are gonna think, oh awesome and just open that up, right, very common tactic, or sometimes they pray on fear. Right, They say, it looks like you underpaid and if you don't pay this fee, then you're going to end up facing jail time and you're scaring them into a opening up the the attachment, which typically has some form of malware on it, or it lures you into sharing information you really shouldn't. The researchers showed that these hackers weren't being particularly careful about disguising the fact that a single group was behind the different fishing schemes. They were kind of using some of the same assets across the three different types of attacks. And they also said, like, there's not a whole lot they can do in these cases because you know, it's a it's an organization that's within China. It's you know, kind of you know, untouchable. So the best thing to do, you know, you can start to try and block IP addresses and stuff, but there are ways around that. So the best thing to do is to raise awareness in as many people as possible to try and decrease the number of positive attacks. If you can make it to the point where hackers just aren't getting that many hits, you can get it to a point where where the return on investment is so low that there's no point and even bothering. Uh, it's unlikely to ever reach that point, but it's a good gold strike for In past episodes, I've talked about the Pegasus software that's you know kind of it's really malware. It's software that uses a zero click attack through iOS and I Message. In particular, Apple includes I Message by default in all iPhones. You cannot uninstall it, at least not under normal conditions, and I Message will automatically accept any messages sent from other iOS devices that have sent a message to that phone's specific phone number. So really you just need your Targets phone number, and you need an iOS device that has the Pegasus software on it, and you can send an attack that effectively turns your Targets phone into a spying device. It can give you access to stuff like that phone's camera and microphone. Essentially you can operate the phone as if you were in direct possession of it. It's a powerful malware tool. This product comes from an Israeli company called n s O Group, and they say that the purpose to the malware is to give governmental authorities their customers a tool to infiltrate, you know, like criminal and terrorist organizations. You use this when you're doing like a sting operation. But you know, it doesn't really matter what the company says the tool was intended to do. It actually matters how people really use the tool. So the whole thing was to set up the fact that a UK judge has said that Sheik Mohammed bin Rashid al Maktoum, the ruler of Dubai, used Pegasus to infect the phone belonging to his ex wife, the Princess Hya bin al Hussein. And I should also add that he targeted, according to the judge, her entire legal team. And this was all during a very acrimonious custody battle between the Sheik and the princess over there their two children. Um So the UK Judge Andrew McFarlane factored this into his ruling on that case. Now, that whole judgment was done a year ago, but it was held in private. It was it was under lock and key for a full year before being published this year. The chik has subsequently denied the allegations and also argued that the court didn't actually have the authority to share that kind of information anyway, and also heads of foreign state or exempt from inquiries into the legality of their actions. That doesn't really say to me, hey, I totally didn't do that thing you accused me of doing. And the story actually gets worse from there, but it also gets away from the tech angle. So I'll just say there's a lot more to it. But it's another example of how a tool could be, you know, made to do one specific thing and maybe that that effort was sincere. But if people start turning it to another use, that's still that's still a bad thing, right, Like you still have to look at the company that's making the tool and say, hey, you are propagating a piece of malware that is causing an enormous amount of harm, And it doesn't really matter what your intent was anyway. Have you ever found yourself waiting into a flame war on Twitter? Maybe you got your dander up and you jumped into a hotly contested thread before you really thought it over. Maybe you even did it by accident. You were just replying to someone cheekily and then it blew up in your face, and maybe you regretted it afterwards. Maybe you've got all these different replies and retweets and stuff, and maybe just going on Twitter now is stressful and upsetting. Well, now Twitter is rolling out a feature to folks using the Android and iOS Twitter apps that could help prevent this from happening. The apps will now occasionally show prompts when it looks like you might be engaging in a Twitter thread that appears to be quote unquote intense. One example they gave was a prompt that reads, let's look out for each other and the mess our values make Twitter better. And then they includes some reminders to maybe convince you to act like, you know, a compassionate human being. Like it says that, you know, chances are the person who's on the other end of that Twitter handle is a person that ignores the fact that there's like a rampant bot problem on Twitter, but you know, you get it. And it also says, hey, you know, we shouldn't ignore facts. Facts are important. Facts are facts, and even if they're inconvenient to our own perspective, we cannot just dismiss a fact. Uh. It also says, yeah, having different perspectives is a good thing, you know, Like you can get people who have different perspectives having a conversation, and new ideas can develop and people can be opened up to other points of view, which is sometimes true. Essentially, what Twitter is trying to do is to remind us not to go nuclear on the platform, and I think that is good advice. But I also think this is important for Twitter because social media, your platforms can really come under fire if it looks like they're facilitating stuff like hate speech and misinformation. Apple has established a new policy that app developers will need to follow starting January thirty one next year. Uh at least any app developers who release apps that require users to create an account of some sort. Apple wants all of those kinds of apps to include an option to delete user accounts if the user wants to do that. Uh So, like if you just delete an app off your phone, that doesn't delete your account, The account is still sitting there on the servers of whatever developer I created the app for you, and it's still holding all that data, So you might want to close an account out entirely. Apple wants that to be built into the apps themselves, so that you're not just saying I'm not just using this app anymore. You know, you're saying I don't want to have an account anymore. The Verge has pointed out that Apple's policy has some wiggle room in it. For example, there's nothing thing that would stop a company from routing any sort of cancelation request to a customer service agent who then tries their best to talk you out of canceling your account, which reminds me of every experience I've ever had while trying to cancel cable service. But I think that generally speaking, this is a good move. It's not going to solve every problem, of course, but it at least gives users a chance to make a cleaner break when they decide they no longer want to rely on a specific service. Speaking of Apple, I've talked before about how a US judge has ruled that Apple must allow developers who want to use a different in app purchase option besides Apple's official one to be able to do so. That's what the judges said. They said that these developers, if they want to sell stuff within their apps, you know, like a video game app, offering things like character skins, that they are not required to go through Apple's own system to do that. That Apple should not require that to be the case. This is at the heart of how Apple makes a ton of revenue through the app store. It's not by creating apps, but rather by taking a chunk out of you know, taking a cut of up to like out of these in app purchases. And a Dutch antitrust authority has made a similar judgment against Apple. The authority has said that the rules that Apple had in place are anti competitive and that Apple must allow developers to offer their own in app purchasing options if they want to. So it looks like there's a growing movement to push back against Apple's policies. South Korea made a similar ruling, which affects not just Apple but also Google because Google does the same thing. So we're starting to see more countries say, you know, you can't do this. It's anti competitive and it's harmful to developers who you know, are really reliant upon those in app purchases to generate the revenue they need to stay in business. Finally, someone managed to get access to the Facebook profile page for the U S n V ship the U S S Kid. The person has used that Facebook profile to stream game sessions of Age of Empires, a real time strategy computer game. Vice dot com reports that whomever is responsible is h might be good at guessing the Navy's passwords, but they are not a good Age of Empires player, according to Vice, and I checked the profile just before I started recording this episode, and at least when I checked it, it looked like the Navy had not re established ownership of the page. But then again, nothing has been posted to that page since October four. However, all those gaming sessions were still up on the profile at the time of this recording, which suggests to me that the Navy has not regained control of that page yet, which makes me wonder what's going on. I would think that Facebook would respond to that. Maybe the Navy just has Maybe there's just too much going on right, maybe they just haven't sent the request yet. Well that's the news for Thursday, October seven, two twenty one. And yes, I did just have to look at a calendar because I had already forgotten what day it was. If you have suggestions for topics I should cover in future episodes of tech Stuff, please reach out to me. The best way to do that is on Twitter. The handle for the show is text Stuff H s W and I'll talk to you again really soon. Text Stuff is an I Heart Radio production. For more podcasts from My Heart Radio, visit the I Heart Radio app, Apple Podcasts, or wherever you listen to your favorite shows.

Welcome to tech Stuff, a production from I Heart Radio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with I Heart Radio and I love all things tech. And this is the tech news for a Thursday, October seven, twenty twenty one. And before I get to the news, uh, I need to issue a correction because I totally bungled something in yesterday's episode. So if you've already listened to that one, there was you know, I was talking about space navigation in that episode, and I made a dumb mistake on my part, totally me and then I doubled down on it, which made it worse. But fortunately Twitter user Charlie Tango Bravo pointed this out to me. And the issue was I was describing the inverse square law, and what I said was that the intensity of a signal goes down by half upon the square of the distance. This was a complete misunderstanding on my part about the inverse square law. I mean, yes, the strength of a signal decreases over distance, but not that's not the relationship. Anyway. I could have avoided this entirely by just taking a little bit more time to make sure I understood the inverse square law before I included an explanation of it in my podcast. So again, this is all on me, and that stinks. I never want to get something wrong, and of course it's even worse than I could have avoided it if I had just been a little more careful, so my apologies to all of you for that. It also means that the example I gave was fundamentally wrong. I have recorded an updated segment that Tari is putting into yesterday's episode, so that doesn't solve the problem for everybody who's already listen to it, but it does mean that at least in in the future, should someone be going back and pulling up that episode, they won't have the wrong definition and explanation in there. And again thanks to Charlie Tango Bravo for the heads up. Uh and I I'll try to do better. I'm gonna make mistakes. I just hope they're not as embarrassing as that one. But let's get to the news. First up, A hacker pulled more than a hundred gigabytes of data down from Twitch, the video streaming service that Amazon owns and caters, primarily to gamers. That data included source code for the platform itself, so like the actual code that Twitch runs on. Uh. It included records showing how much top streamers were making due to the platform. So we're talking about, you know, like top performers making millions of dollars. Not all that information was you know, new necessarily, but it was all in one place. So a lot of people have been shocked by that. Also, stuff like user data, including potentially encrypted passwords. Now passwords being encrypted, that's a good thing. It that means that, you know, you can't just immediately read them. But however, with enough time and effort and a sufficiently powerful computer system, you can break encryption. It's just a question of how good was the encryption That will tell you how long it will typically take for you to break it. And for that reason, a lot of folks, including myself, are suggesting that anyone who has a Twitch account should go in and change their password. Hopefully you're not using the same password on Twitch as you are for other sites, because that could potentially mean that all of those accounts are now vulnerable to right, because if the hackers and all the people who are purchasing this information on the you know, digital black market. If they are all aware of the password you used and use it everywhere, well, now you've just you know, you've handed a skeleton key to people who just need to try it in all the different locks. While you're at it, while you're changing your password on Twitch, you should probably also go ahead and activate two factor authentication. That way, should someone ever get your password, they would still need your phone before they could access your account. So it's a good thing to have that active. Uh. It appears that the hacker was taking advantage of a vulnerability that was created when Amazon was doing some reconfiguration of Twitches servers. We've seen a couple of examples of server reconfigurations leading to big issues. In this case, it created an opportunity for a hacker to attack. In Facebook's case, it led to a situation where the internet essentially forgot that Facebook and all of its services existed for like six hours. So it really does tell us that you know, these processes, even when they are routine and mundane, you have to do them with a lot of care or else you can introduce some pretty big problems. Facebook founder Mark Zuckerberg attempted to downplay some statements that were made by the whistle blower and former Facebook employee Francis Hogan that she was making to the United States Senate. Zuckerberg said that the research Hoggan was citing had been taken completely out of context, and that it was painting a misleading portrait of what Facebook is, and he should know because he and other Facebook executives have made it kind of an art form to present, let's call it a highly curated image of Facebook, highlighting stuff that appears positive and then downplaying or even ignoring stuff that's negative, and meanwhile the entire time claiming that the company is operating in a transparent way. At one point, when The New York Times published an article that showed how Facebook was being selective to choose, you know, what kind of data to report and what data not to report, a Facebook spokesperson brushed it off and said, we're guilty of cleaning up our house a bit before we invited company. Okay, so here's the thing, though, Um, that's not what transparency means. Transparency doesn't mean let's just show you the pretty stuff. That's not transparency Facebook. Well, anyway, I suspect we're going to see a lot more scrutiny into the company in the weeks to come, and probably more examples of spin and damage control from the company as well. But I think tolerance for Facebook's shenanigans is at kind of a low point right now. I'm not saying it can't go lower. It might, but um, yeah, I think Facebook is kind of treading on thin ice at the moment. I think the government is of the United States in particular, is UH is kind of gearing up to to lay the smack down on Facebook, and the same is true in other parts of the world. By the way, all right, let's get back to hoggins testimony for a second. At one point, she talked about how Facebook's algorithms have exacerbated xenophobic rhetoric and made dangerous situations a whole lot worse in different parts of the world. One of the things you refer to was the coup in Myanmar, the military cue, and how face books algorithm pushed posts that turned the dial up with calls for things like ethnic violence within that country. And she also warned that the same thing is kind of unfolding now in Ethiopia. Researchers with the human rights organization Global witness back up that statement. They conducted a study in the mean Mar case. They actually looked to to a Facebook page that was a page dedicated to Myanmar's military, and that page didn't have any violations to Facebook's policies on it. They then liked that page to see what would happen next, and then Facebook started to suggest other pages that they might want to follow, and among those pages there were a bunch that had abusive content in them, stuff that was calling for like violence against specific ethnic minority groups. And even if you start from a place that doesn't violate Facebook's terms of service, it does not take long for stuff that is not playing by the rules to pop up, promoted by Facebook itself. I mean, you wouldn't necessarily even know it existed except for the fact that Facebook's algorithm is suggesting it to you. So this can quickly lead to a situation where a person sees frequent posts calling for violence or discrimination or promoting harmful and hateful ideologies, and it gets reinforced with every visit to Facebook. And now, I don't think anyone would go so far as to say that Facebook is the root cause of these problems. That is far too simplistic. It's just not reflective of the truth. But I think it's fair to say that Facebook is acting like an amplifier. It's taking a signal and boosting it. U S Senator Elizabeth Warren and House Representative Deborah Ross have introduced proposed legislation that they're calling the Ransom Disclosure Act, So they're calling for companies to have a legal obligation reveal when they have paid off a ransom as a result of a ransomware attack. Now, if you've been listening to my show for a while, you know I mean I I've beaten this dead horse so many times that I always say, never pay the ransom, because paying a ransom means you're sending the signal this criminal activity is profitable that encourages future attacks both against you and other entities. Plus, you can never guarantee that the attackers will actually return to you whatever it is that they have locked down, just in case. Ransomware is something you're not really familiar with. Typically, this involves hackers gaining access to a system and then they will encrypt large amounts of data and file folders and things like that in the system. So without a decryption key, without a way to reverse that process, all that data becomes unusable. It's it's it's gibberish, so you can't do anything with it. Um. Now, there are some different variations on this attack, but they all basically boiled down to a hacker trying to make critical systems or data inaccessible to the rightful owners. And then the hackers say, fork over the money, usually in the form of cryptocurrency, and then we'll hand you the decryption key so that you can get all your stuff back. So this bill, if passed into law, would require companies to disclose any ransom payment they made to hackers within forty eight hours of having made that payment, including how much they paid and in what format they paid it in. I imagine that if this bill does become law, it will discourage companies from trying to quietly handle these sorts of matters in the hopes that no one finds out about it, because if the government does find out that a company paid a ransom and that it did not comply with the rules, there's going to be some pretty serious consequences. Uh. Of course, this has not been passed into a law, it may never make it to a law, but is interesting to see the proposal over in Europe. A majority in the European Parliament voted on a band throughout the EU with regard to police using facial recognition surveillance to identify people who are not suspected of committing a crime. And as we've seen many times through lots of different studies, facial recognition technologies are incredibly prone to bias. Bias tends to disproportionately affect people in ethnic minority groups, and the European Parliament also released a statement that said, at least in part quote, to respect privacy and human dignity, m EPs ask for a permanent ban on the automated recognition of individuals in public spaces, noting that citizens should only be monitored when suspected of a crime. Parliament calls for the use of private facial recognition databases like the clear View AI system which is already in use, and predictive policing based on behavioral data to be forbidden end quote. And we've seen a growing concern around the world regarding how various authorities, particularly in law enforcement capacities, have been relying upon facial recognition technologies and how the technology can cause harm to innocent people. Even if everyone's using the tech correctly, the tech itself can just be wrong. So that's assuming if you're using it correctly. That's a big assumption. There are a lot of cases where people are just not using tech the right way. I'm sure you've encountered this just in general. Well, when you're talking about people in positions of authority who are using that to be part of a surveillance package on citizens, that becomes an incredibly dangerous situation, one that can lead to an authoritarian police state, uh and a lot of human rights being violated in the process. So I think this is an important point and something that I'm seeing pop up in other places around the world. Well, we have a few more stories to go through, but before we get to any of those, let's take a quick break. BlackBerry, which is a name I've not heard in a long time, A long time anyway. BlackBerry has a research team that reports that it discovered a Chinese state sponsored hacker group that was using three different fishing schemes, all targeting companies and individuals in India. The BlackBerry researchers say that it looks like the hackers were operating both as spies, so conducting espionage on behalf of the Chinese government and also pursuing quote financially motivated operations end quote. So you know, tricking people out of money and stealing and also spying on behalf of an authoritarian government. You know the usual. The name of this hacker group is APT forty one, and they lured in targets by sending out messages claiming to be related to official matters like you know, taxes or COVID nineteen measures. These are common tactics, right. You You set the bait by picking something that is likely to get a reaction from your target, something that that they would be concerned about. If you send them a message saying, hey, you know, we found some money that we owe you in taxes because you overpaid, a lot of people are gonna think, oh awesome and just open that up, right, very common tactic, or sometimes they pray on fear. Right, They say, it looks like you underpaid and if you don't pay this fee, then you're going to end up facing jail time and you're scaring them into a opening up the the attachment, which typically has some form of malware on it, or it lures you into sharing information you really shouldn't. The researchers showed that these hackers weren't being particularly careful about disguising the fact that a single group was behind the different fishing schemes. They were kind of using some of the same assets across the three different types of attacks. And they also said, like, there's not a whole lot they can do in these cases because you know, it's a it's an organization that's within China. It's you know, kind of you know, untouchable. So the best thing to do, you know, you can start to try and block IP addresses and stuff, but there are ways around that. So the best thing to do is to raise awareness in as many people as possible to try and decrease the number of positive attacks. If you can make it to the point where hackers just aren't getting that many hits, you can get it to a point where where the return on investment is so low that there's no point and even bothering. Uh, it's unlikely to ever reach that point, but it's a good gold strike for In past episodes, I've talked about the Pegasus software that's you know kind of it's really malware. It's software that uses a zero click attack through iOS and I Message. In particular, Apple includes I Message by default in all iPhones. You cannot uninstall it, at least not under normal conditions, and I Message will automatically accept any messages sent from other iOS devices that have sent a message to that phone's specific phone number. So really you just need your Targets phone number, and you need an iOS device that has the Pegasus software on it, and you can send an attack that effectively turns your Targets phone into a spying device. It can give you access to stuff like that phone's camera and microphone. Essentially you can operate the phone as if you were in direct possession of it. It's a powerful malware tool. This product comes from an Israeli company called n s O Group, and they say that the purpose to the malware is to give governmental authorities their customers a tool to infiltrate, you know, like criminal and terrorist organizations. You use this when you're doing like a sting operation. But you know, it doesn't really matter what the company says the tool was intended to do. It actually matters how people really use the tool. So the whole thing was to set up the fact that a UK judge has said that Sheik Mohammed bin Rashid al Maktoum, the ruler of Dubai, used Pegasus to infect the phone belonging to his ex wife, the Princess Hya bin al Hussein. And I should also add that he targeted, according to the judge, her entire legal team. And this was all during a very acrimonious custody battle between the Sheik and the princess over there their two children. Um So the UK Judge Andrew McFarlane factored this into his ruling on that case. Now, that whole judgment was done a year ago, but it was held in private. It was it was under lock and key for a full year before being published this year. The chik has subsequently denied the allegations and also argued that the court didn't actually have the authority to share that kind of information anyway, and also heads of foreign state or exempt from inquiries into the legality of their actions. That doesn't really say to me, hey, I totally didn't do that thing you accused me of doing. And the story actually gets worse from there, but it also gets away from the tech angle. So I'll just say there's a lot more to it. But it's another example of how a tool could be, you know, made to do one specific thing and maybe that that effort was sincere. But if people start turning it to another use, that's still that's still a bad thing, right, Like you still have to look at the company that's making the tool and say, hey, you are propagating a piece of malware that is causing an enormous amount of harm, And it doesn't really matter what your intent was anyway. Have you ever found yourself waiting into a flame war on Twitter? Maybe you got your dander up and you jumped into a hotly contested thread before you really thought it over. Maybe you even did it by accident. You were just replying to someone cheekily and then it blew up in your face, and maybe you regretted it afterwards. Maybe you've got all these different replies and retweets and stuff, and maybe just going on Twitter now is stressful and upsetting. Well, now Twitter is rolling out a feature to folks using the Android and iOS Twitter apps that could help prevent this from happening. The apps will now occasionally show prompts when it looks like you might be engaging in a Twitter thread that appears to be quote unquote intense. One example they gave was a prompt that reads, let's look out for each other and the mess our values make Twitter better. And then they includes some reminders to maybe convince you to act like, you know, a compassionate human being. Like it says that, you know, chances are the person who's on the other end of that Twitter handle is a person that ignores the fact that there's like a rampant bot problem on Twitter, but you know, you get it. And it also says, hey, you know, we shouldn't ignore facts. Facts are important. Facts are facts, and even if they're inconvenient to our own perspective, we cannot just dismiss a fact. Uh. It also says, yeah, having different perspectives is a good thing, you know, Like you can get people who have different perspectives having a conversation, and new ideas can develop and people can be opened up to other points of view, which is sometimes true. Essentially, what Twitter is trying to do is to remind us not to go nuclear on the platform, and I think that is good advice. But I also think this is important for Twitter because social media, your platforms can really come under fire if it looks like they're facilitating stuff like hate speech and misinformation. Apple has established a new policy that app developers will need to follow starting January thirty one next year. Uh at least any app developers who release apps that require users to create an account of some sort. Apple wants all of those kinds of apps to include an option to delete user accounts if the user wants to do that. Uh So, like if you just delete an app off your phone, that doesn't delete your account, The account is still sitting there on the servers of whatever developer I created the app for you, and it's still holding all that data, So you might want to close an account out entirely. Apple wants that to be built into the apps themselves, so that you're not just saying I'm not just using this app anymore. You know, you're saying I don't want to have an account anymore. The Verge has pointed out that Apple's policy has some wiggle room in it. For example, there's nothing thing that would stop a company from routing any sort of cancelation request to a customer service agent who then tries their best to talk you out of canceling your account, which reminds me of every experience I've ever had while trying to cancel cable service. But I think that generally speaking, this is a good move. It's not going to solve every problem, of course, but it at least gives users a chance to make a cleaner break when they decide they no longer want to rely on a specific service. Speaking of Apple, I've talked before about how a US judge has ruled that Apple must allow developers who want to use a different in app purchase option besides Apple's official one to be able to do so. That's what the judges said. They said that these developers, if they want to sell stuff within their apps, you know, like a video game app, offering things like character skins, that they are not required to go through Apple's own system to do that. That Apple should not require that to be the case. This is at the heart of how Apple makes a ton of revenue through the app store. It's not by creating apps, but rather by taking a chunk out of you know, taking a cut of up to like out of these in app purchases. And a Dutch antitrust authority has made a similar judgment against Apple. The authority has said that the rules that Apple had in place are anti competitive and that Apple must allow developers to offer their own in app purchasing options if they want to. So it looks like there's a growing movement to push back against Apple's policies. South Korea made a similar ruling, which affects not just Apple but also Google because Google does the same thing. So we're starting to see more countries say, you know, you can't do this. It's anti competitive and it's harmful to developers who you know, are really reliant upon those in app purchases to generate the revenue they need to stay in business. Finally, someone managed to get access to the Facebook profile page for the U S n V ship the U S S Kid. The person has used that Facebook profile to stream game sessions of Age of Empires, a real time strategy computer game. Vice dot com reports that whomever is responsible is h might be good at guessing the Navy's passwords, but they are not a good Age of Empires player, according to Vice, and I checked the profile just before I started recording this episode, and at least when I checked it, it looked like the Navy had not re established ownership of the page. But then again, nothing has been posted to that page since October four. However, all those gaming sessions were still up on the profile at the time of this recording, which suggests to me that the Navy has not regained control of that page yet, which makes me wonder what's going on. I would think that Facebook would respond to that. Maybe the Navy just has Maybe there's just too much going on right, maybe they just haven't sent the request yet. Well that's the news for Thursday, October seven, two twenty one. And yes, I did just have to look at a calendar because I had already forgotten what day it was. If you have suggestions for topics I should cover in future episodes of tech Stuff, please reach out to me. The best way to do that is on Twitter. The handle for the show is text Stuff H s W and I'll talk to you again really soon. Text Stuff is an I Heart Radio production. For more podcasts from My Heart Radio, visit the I Heart Radio app, Apple Podcasts, or wherever you listen to your favorite shows.