Jump to content

Search the Community

Showing results for tags 'google'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 890 results

  1. Google Begins Rolling Out Its Major Android Auto Redesign Google has started the official rollout of the Android Auto overhaul that the company announced earlier this year at the I/O 2019 event. At that point, the search giant said the refreshed Android Auto experience would go live in the summer, and albeit no specifics were provided, people familiar with the matter said the target was late June. By the looks of things, this information was accurate, as Google has now commenced the global rollout of the Android Auto redesign as part of version 4.4. However, it’s very important to note that the release takes place in stages and appears to be based on a server-side switch. In other words, not everyone is getting the overhauled Android Auto just by installing version 4.4, but users need to wait for Google to enable the update on its side.Not available for everyoneA discussion thread on redditindicates that the new AA is now available in the United Kingdom, albeit not everyone in the country seems to be getting it. There’s no clear pattern as to who receives the refreshed UI and who does not. I installed version 4.4.592344 on my Samsung Galaxy Note 9 but the overhauled AA experience isn’t yet available. Users who received the Android Auto redesign say they were asked to unplug and reconnect the phone to the car, with the new UI then showing up on their screens. The new AA version comes with a navigation bar whose functionality adapts to the running apps, and it can display buttons for controlling the media playback, navigation, and calls. The UI has been redesigned with a smaller status bar, and AA now features a notification center to display the call and message history. Source
  2. This just in: The Pixel Slate won't get a younger sibling, and Google's future self-made computers will revolve exclusively around the laptop form. Here's an interesting little nugget of info to chew on: Google's decided to step away from its self-made tablets and focus instead on the laptop form. To be clear, Google hadn't actually announced any tablet-specific products this year; the last such item that made its way to the market was the Pixel Slate in 2018. But, as I learned today, the company did have two smaller-sized tablets under development — and earlier this week, it decided to drop all work on those devices and make its roadmap revolve entirely around laptops instead. A couple of clarifying points here: First, none of this has any impact on Pixel phones. Pixel phones and Pixel computers are two different departments, and the roadmap in question is related exclusively to the latter. (The same applies to the various Google Home/Nest products. What we're talking about today has absolutely zero impact on any that stuff.) And second, when Google talks about a "tablet," it means a device that detaches completely from a keyboard base or doesn't even have a physical keyboard in the first place — not a swiveling two-in-one convertible like the Pixelbook. The Pixelbook, with its attached keyboard and 360-degree hinge, falls under Google's definition of "laptop." Blurred lines, baby. A Google spokesperson directly confirmed all of these details to me. The news was revealed at an internal company meeting on Wednesday, and Google is currently working to reassign employees who were focused on the abandoned projects onto other areas. Many of them, I'm told, have already shifted over to the laptop side of that same self-made hardware division. As for the cast-aside tablets, the only details we know for sure are that they were smaller in size, compared to Google's existing products, and that they were standalone slates without keyboards. They weren't even far enough along in their development to have names beyond the codenames used for internal reference. So ultimately, what we're saying here is that Google was working on some stuff that it hadn't discussed publicly, and it's now decided to move away from those projects. So, yeah: "Unannounced products won't be announced," in other words. Nothing too earth-shattering, I realize. It's noteworthy, though, mostly because of the history here — with reports earlier this year that Google was planning to pivot and "scale back" on its self-made hardware efforts — and because of what the move reveals to us about the future of the company's homemade computers. As for that future, a Google spokesperson tells me it's quite possible we'll see a new laptop-oriented Pixelbook product before the end of this year. The existing Pixel Slate will continue to be supported and to receive regular software updates all the way through June of 2024, meanwhile, as had initially been promised — nothing's changing there. And the Chrome OS team in general will continue to focus on both laptops and tablets with its software development, as regardless of Google's plans for its own self-made hardware, plenty of other manufacturers still create Chrome OS devices with all types of forms. The real news, again, is simply that Google is refocusing its own computer-making efforts to laptops — the nondetachable variety, with or without swiveling screens in place — and away from tablets for the foreseeable future. And now you know. Source
  3. It’s probably a bad idea to buy used connected devices because it can be difficult to determine who could still be connected to that device. A Wirecutter report has revealed that people who sold their Nest cameras could access images from the camera taken after a factory reset was done on the device. Wirecutter found that someone on the Facebook Wink Users Group posted about being able to see the current feed of a Nest camera he had sold. The person had connected the device to his Wink hub of smart-home tech when he owned the device. But even after he did a reset on the device and sold it, the feed was still coming into his account. The Wirecutter staff tested the issue out. They reported that they used a Nest camera that had been synced to a Wink hub. They removed the Nest camera from a Nest account, which counts as a “factory reset” on that device, according to Nest. After that, they could not see the stream. Then they created a new Nest account through a different mobile device, and were able to watch a new stream through the new account, showing the device had a new connection. But when they checked the Wink app, which Wirecutter had connected to the device originally, the staff could also see a stream of still images from the camera that should have been disconnected from that Wink hub through the factory reset. On Wednesday, Google told Business Insider it was investigating the issue. Now Google claims the matter has been resolved. “We were recently made aware of an issue affecting some Nest cameras connected to third-party partner services via Works with Nest,” a Google spokesperson told Gizmodo. “We’ve since rolled out a fix for this issue that will update automatically, so if you own a Nest camera, there’s no need to take any action.” Google did not answer Gizmodo’s question about how many Nest customers could have been affected by this issue. Source
  4. Brooklyn-based artist Jason Isolini has inserted over 42 immersive pieces of art into Google Maps’s Street View tool. Image: Google Maps Elaine Herzberg was killed on March 18, 2018 after being struck by an self-driving car that was being developed by Uber. The car detected her six seconds before the collision, but for reasons that are still unknown, the car did not apply the emergency brakes. Herzberg was 49 years old. If you go to the site of the crash on Google Maps—Mill Avenue and Washington Street in Temple, Arizona—you’ll notice that the location is registered as a bus station stop. But if you enter the map’s 360-degree "Street View" tool, you’re met with a chaotic, immersive mishmash of stock art and photography that appear to be encasing the viewer. A crumpled up "THANK YOU" plastic bag overlain with a computer arrow and the text "Click Forward to your Perk." "Users also bought" in a semi-transparent box. Uber patents. A gigantic can of corn. Image: Google Maps It’s a memorial to Herzberg and an experimental art piece that's hidden in plain sight in the largest mapping system in the world. Jason Isolini—a Brooklyn-based artist who has done work as a contracted photographer for Google Maps since 2017—inserted this art into Google Maps by uploading the 360-degree image file to Google Business View, a tool designed to give businesses a way to upload images and information to Google Maps. Anyone with a Gmail account can use Google Business View to insert a 360-degree image file into the Google Maps universe. As Google explains in a promotional video, a bar owner could use this feature to let potential customers see what the bar looks like inside before they visit it. As a Google contractor, Isolini worked as an intermediary between businesses and Google. At the request of businesses, he would capture 360-images inside business establishments and upload them to Google Maps. Now, Isolini is using the same method to create art on Google Maps. But instead of capturing true-to-live panorama images, he is uploading surreal collages that subvert the purpose of Google Maps: to be a tool that brings users from their current location to a business. In a phone call with Motherboard, Isolini said that he wanted to acknowledge the tragedy on Google Maps, which by intention, is a sanitized mapping system devoid of humanity or history. Hesitant to make something that directly used Herzberg’s images, life, and story, Isolini said that he created a visual parallel to the accident using ecommerce. “I made it about the sense of abandonment that maybe a user may feel, kind of like if you abandon your shopping cart online, then you have email blasts coming back at you,” Isolini said. “So it’s like a trajectory that a marketing company or commercial company doesn’t want you go through. I started to think about that as Elaine Herzberg’s trajectory, as she walks through the median that had a brick area. There was a crosswalk miles away from where she was, but obviously it was a place where people cross the street.” Since August 2017, Isolini has made 42 "contributions" to the Google Maps landscape and they've accumulated just shy of 200,000 views. In some of his earlier works, Isolini inserted collages of photos—like street signs, monopoly pieces, laundry detergent bottles—into spaces around Brooklyn. More recently, in addition to his memorial at the site of the accident at Mill Avenue and Washington Street, he’s superimposed his work onto 360-degree views of art buildings like the Simon Lee Gallery and inserted a images of abandonment and destruction over the entrance to the Apple Store on Fifth Avenue in Manhattan. A cigarette, a broken glass screen, USB ports on a slab of stone, leading to nowhere. Image: Google Maps “I think it was really a big experiment when I started doing it—it was colliding images in a panoramic stitching software and seeing what happened,” Isolini said. “Now it’s like this 360 playground that I imagined. I really imagined this as how we could actually interact with the internet. How the internet could feel new again.” In June 2018, Isolini published a dystopian look at an aerial Amazon Fulfillment center based on a patent which went public in 2016. The art floats unassumingly in Google Maps above an intersection in Midtown, Manhattan. There's Amazon Fire TV Sticks, hot dogs, ketchup packets, and hamburgers flying out of the sky among drones and empty boxes. It looks like a mix of Cloudy With A Chance of Meatballs and your worst nightmare. “USA Today was talking about how the Amazon Fulfillment center would fly over stadiums and deliver refreshments and food,” Isolini said. “And this is just hilarious. Every outlet, I’ve heard multiple times. The first thing people wanna do is receive food.” In his phone call with Motherboard, Isolini frequently described his piece as “interventions.” He explained that since ubiquitous Google Map street views have collapsed the distinction between private and public space, his work could be seen as performance art, a type of art where the defining trait is intervening with people’s experience in a public space. “It’s really interesting, [as a Google Contractor] you’re sort of going into people’s spaces and really making them completely visible online in a way that’s so past the point of their private spaces,” Isolini said. “You’re exploiting it. But some people want that. They want to be visible. And obviously, these garner a ton of views for businesses, so they can be really positive.” Google Maps would not be possible without the work of contract laborers like Isolini, who capture 360-degree panoramas, upload them, and make them public. But by the same token, this means that little bits of humanity will inevitably leak into the sanitized tool that Google originally had in mind. Source
  5. Jaguar is a mouse. He lives at Harvard’s Rowland Institute, where, from time to time, he plays video games on a rig that looks like it belongs in A Clockwork Orange. Metal bars position him inside a small platform in front of a metal lever; his mission is to find a virtual box’s edges by feel. To do this, he reaches with his right paw to grab the joystick, which can rotate 360 degrees, and maneuvers it until he feels feedback from the machine. When he reaches the right target area—say, an edge of the box—a tube rewards him with a dribble of sugar water. To track Jaguar’s brain activity, researchers have genetically altered him so his neurons emit fluorescent light when they fire. This light is visible through a glass plate fused to part of his skull with dental cement. A microscope affixed above the plate records images of his brain lighting up as he plays. “Within one session, you can teach them new rules and literally watch thousands of neurons learn this process and see how they change,” says Mackenzie Mathis, the neuroscientist leading the experiments. In decades past, Mathis’s insights would have served only to advance what we know about mice and brain function. Today, however, she’s one of a growing number of specialized animal researchers assisting in the development of artificial intelligence software and brain-computer interfaces. She wants to discover how mice learn, in part because it could inform how we teach computers to learn. Watching mice react to unexpected situations in video games, for instance, could someday let her pass on similar skills to robots. Other neuroscientists are studying zebra finches’ songcraft. Some are becoming expert in the electrical conductivity of sheep skulls. Still more are opting for the classics of high school biology: fruit flies, whose neural setup is relatively simple to behold, or worms, who wring considerable juice from their few neurons. Over the past few years, technology companies have been raiding universities to hire away such people. Apple, Facebook, Google, and Twitter all hired doctoral candidates from one of Mathis’s recent fellowship programs, she says. “The Ph.D. students would have jobs before they got their degrees.” Animals have long played important roles in advancing corporate science, of course, particularly for medical treatments. But the leap required to translate insights from the zebra finch’s sound-processing anatomy into Siri’s voice-recognition software—or mouse gaming into a future when Amazon.com Inc. runs all-android warehouses—is of an entirely different order. With whole new industries at stake, the race to unlock the secrets of the animal mind is getting weird. In 1958, Cornell neurobiologist Frank Rosenblatt unveiled the perceptron, one of the earliest attempts to mimic inside a computer the architecture of a brain. Its processing elements, which he called neurons, coordinated to figure out, say, whether a particular photo depicted a man or a woman—a primitive stab at image recognition. The lingo used to describe the perceptron stuck, and Facebook, Google, and other companies continue to describe their vast AI computing systems as “neural nets” with millions of neurons working in unison. The shorthand vastly exaggerates the overlap between the realms of computation and cognition even today. It’s tough to replicate something you don’t really understand. The true workings of the brain—for instance, how a group of neurons stores a memory—remain elusive to neuroscience, so the neurons’ digital counterparts can’t help but be flawed imitations. They’re rudimentary processing engines trained to perform reams of statistical calculations and identify patterns, with the imprimatur of a biological name. Still, with the technology industry chasing what’s known as artificial general intelligence, or AGI, the walls between the two realms have grown more porous. The implicit goal is a functionally sentient machine that can figure out things by itself, instead of relying on humans to train it, and that independently wants things. To the relief of some ethicists, we’re a long way from AGI, but many computer scientists and neuroscientists are betting that brains will show us the way. Separately, several companies are battling to build brain-computer interfaces that could help prostheses behave like natural limbs or allow people to download knowledge into their minds. Elon Musk’s Neuralink Corp. is one such company; another is Kernel, run by tech multimillionaire Bryan Johnson. Neuroscientists are advising these startups on everything including how to blast information through skulls and make sure electrodes don’t cause infections in test subjects. The scientific principles common to both endeavors are evident at Mathis’s Harvard lab. “Here’s our mouse palace,” she says, opening the door to a room filled with dozens of mice in plastic cages. The animals scamper around, cocking their heads and twitching their whiskers as they inspect visitors. Their clean quarters emit only a mild whiff of rodent. A red light fills the habitat to make sure the creatures, nocturnal by nature, stay awake during the day, ready to contribute to science. That science includes the virtual-box game and a much harder one that looks like a primitive form of Mario Kart. For the latter, a mouse straddles two custom, motorized circular plates, its paws nestled into grooves on either side. A screen displays a green pathway with a blue rectangle at the end. As the mouse begins to run in place, trying to approach the blue rectangle, it must steer carefully to stay on the virtual pathway. Like humans, the mice take on a glassy-eyed cast as they play. The sessions last about a half-hour before they lose interest. The microscopes peering into their brains record an incredible amount of information. “We can cover most all of their sensory, motor cortex, and decision-making areas at the same time,” Mathis says. The researchers sometimes change the games’ rules and controls—for instance, by making joystick pulls result in zigzag motions instead of straight ones—then look for differences in how the neurons light up. Mathis has also been working to shut off subsets of neurons, such as the nodes associated with learning, to check how the remaining ones react. One early insight: When it comes to decoding motion, the sensory cortex seems to play a larger role, alongside the motor cortex, than previously thought. “These neurons are doing a lot more than engaging in one specific thing,” she says. One of her primary motivations is to learn more about how animals rapidly adjust to changes in their physical environment. When you pick up an object of unknown weight, for example, your brain and body quickly compute what kind of force is needed to deal with it. Robots can’t currently do that, but one infused with the neuronal learning patterns of a mouse potentially could. Mice are an unusually strong candidate to help bridge the gap, Mathis says. Their brains are complex enough to demonstrate high-level decision-making but simple enough for the researchers to deduce the connections given enough time. We’ve only relatively recently developed computers powerful enough to capture, process, and analyze the volume of data produced by a subset of the average mouse brain’s roughly 75 million neurons. And it’s only within the last couple of years that AI software has advanced far enough to automate much of the research. Mathis and her husband, Alex Mathis, a fellow neuroscientist, have developed open source software called DeepLabCut to track their subjects’ movements. The application uses image recognition to follow a mouse’s tiny digits as it plays a game and track its reaction to the sugar-water reward. Scientists used to do this type of work manually, jotting down every sip of water in their notebooks. The software now performs in minutes tasks that once required weeks’ or months’ worth of attentive human labor. “There’s a paper on primates from 2015 where they track quite a few body parts, like knuckles and limbs and one arm, and the monkey has different tasks, like reaching for things and holding them,” Alex says. “The first author of the paper wrote me and said his Ph.D. could have been two years shorter.” More than 200 research centers now use DeepLabCut to follow all manner of animals. This type of software development and analysis attracts tech companies to neuroscientists just as strongly as their insights about animal cognition. The modern brain researcher has to know how to code and work with incredible volumes of information, much as an AI staffer at Google would to improve an advertising algorithm or the lane-merging abilities of a self-driving car. Animal-centric neuroscientists are also accustomed to working with unconventional ideas. “You tend to get creative people that are a little bit cowboy,” Mackenzie says. “People who are willing to bet their career on trying to study a black box.” Tim Otchy doesn’t do mice. He’s a bird man. A research assistant professor at Boston University, Otchy sports a tattoo of a zebra finch on his right forearm. It shows the short, squat bird with a bright orange beak sitting on a branch and gazing pensively at the sky. “I do really like birds,” he says, sitting in an office filled with books—The Cellular Slime Molds, Nonlinear Dynamics and Chaos, and Principles of Brain Evolution, to name a few. While Otchy was majoring in mechanical engineering at the Georgia Institute of Technology in the late 1990s, he also worked for a company that specialized in automating factory systems. His job was to teach robots to identify things, whether gadgets or auto parts, and sort them as they came down a conveyor belt. “It was just astounding to me how difficult it was,” he says. “These were tasks that children do.” His frustrations left him determined to uncover the inner workings of perception, decision-making, and learning. He left the factory line and, eventually, made his way to neuroscience and the zebra finch. Songbirds such as the zebra finch have an unusual skill set. Whereas most creatures know instinctively how to make noises, songbirds learn to imitate what they hear, then vary the tunes, demonstrating some semantic understanding of their songs. Decades of research have pinpointed the structure in the finch’s brain, what’s known as the song nucleus, responsible for this behavior. Studying this area has led to rich insights into how neural circuits function, in turn informing other research around how humans move, feel, and emote. Figuring out how the birds imitate one another could help explain how we do the same thing, which could prove important in, say, teaching language skills to a machine. Otchy works with about 300 birds at a BU aviary. For one experiment, a researcher will outfit a zebra finch with a backpack containing batteries that power a host of electronics attached to its skull. The bird is then placed in a sound booth about the size of a microwave, where it sings for days while Otchy and his team peer into its brain via mechanisms similar to the ones Mathis uses for her mice. As researchers have learned more about the zebra finch’s sound processing centers, they’ve sought to answer increasingly precise questions about its brain. “We don’t know how the information of how to ride a bicycle, or fly a helicopter, or speak Japanese, is stored in the brain,” Otchy says. “One day, we will have that knowledge.” He came to run this research center, the Gardner Lab, after its namesake, Tim Gardner, took a leave of absence to work at Neuralink, which seeks to augment the human brain with a superfast computer processor. The departure created considerable buzz among neuroscientists and among students excited by Musk’s vision. (Gardner, who didn’t respond to requests for comment, is moving the lab to the University of Oregon; he’ll stay on at Neuralink part time.) “It’s a fantasy at this point, but I find the idea that we could, one day in the distant future, really write information directly into the brain … amazing,” Otchy says. “I would love to be able to contribute in even a small way to figuring out how.” Birdsong researchers are among the hottest hires in a wide range of AI fields. After his dissertation at the University of California at Berkeley and a stint at Apple Inc., Channing Moore joined Google’s sound-understanding group, where he creates sound-recognition systems as sophisticated as the company’s image-recognition software, capable of distinguishing a siren from a crying baby. At Intel Corp., another Berkeley Ph.D., Tyler Lee, is drawing on his zebra finch research to improve voice processing—the type of technology that ends up in voice-command software such as Siri. “We’re trying to ask very similar questions,” he says. “How can I take auditory input, process it in a way that I can understand what a person is saying, what is the noise they’re in, what’s the environment they’re in?” Berkeley professor Frederic Theunissen, who runs the lab where Moore and Lee studied, says many potential applications arise from the focused research he oversees. “It’s a special set of skills you gain if you’re interested in automatic speech recognition, voice recognition, and so forth,” Theunissen says. Voiceprint-based security systems for phones and other devices are one example. Another is noise reduction in phone calls and videos. That application came out of Moore’s work with the noise-resistant birds. The neurons of the zebra finch are capable of isolating another finch’s song from the surrounding cacophony. Academics have been trying to declare it the age of neuroscience since the Reagan era, but in the early years of this century, the prospects for a young neuroscience graduate were low, and so were their numbers. Fifteen years ago, American universities counted fewer than 1,500 neuroscience undergrads and handed out fewer than 400 doctorates, according to the U.S. Department of Education. And even with such modest numbers, schools didn’t have enough full-time work or grant money to go around. When Drew Robson graduated from Princeton with a math degree in 2005, his undergrad counselor gave him a memorable piece of advice: Whatever you do, don’t pursue neuroscience. Robson ignored it and went on to found the Rowland Institute’s RoLi Lab with Jennifer Li, his partner and Princeton sweetheart. They’ve seen the field grow to the point that U.S. schools now award about 5,000 neuroscience bachelor’s degrees and 600 doctorates a year. “We’ve had this explosion of tools in the last 10 years,” Robson says. Team RoLi studies zebra fish, members of the minnow family whose bodies are transparent when they’re young, which allows researchers to observe their neurons without skull-plate surgeries and dental glue. A special mobile microscope Robson and Li developed helps them record which neurons are active while the fish swim. To capture different facets of zebra fish behavior, they might vary the current—leading an animal to turn away or swim harder in the same direction. “That’s many orders of magnitude more data,” Li says. “If you were to use biology, you can essentially cheat and look at what the solution should be without having to reinvent the wheel.” Robson says he wouldn’t mind trying to help Tesla solve those kinds of problems someday. The fluid borders between public and private enterprise in neuroscience have opened the question of who’ll control prospective mergers between humans and machines. The universities that long performed the most ambitious research are now rivaled by tech companies with access to larger computers and datasets. A fresh Ph.D. can expect to earn about $50,000 a year at a typical university, whereas private companies are offering well into six figures and a vastly higher ceiling beyond. Chris Fry, another zebra fincher, was earning $10.3 million a year as senior vice president for engineering at Twitter within a decade and a half of leaving Theunissen’s lab. “There is a massive exodus of talent from academia right now,” says Mackenzie Mathis, the mouse researcher. “It’s a choice to stay in academia.” Beyond the pay, many neuroscientists are drawn to the private sector because it tends to give them a chance to do more exciting, even weirder work—not to mention a break from writing grant applications. Yet decamping for Silicon Valley can also mean cutting off promising lines of research or leaving colleagues adrift. When Gardner went to work for Neuralink, one of his Ph.D. students switched schools, only to see his next eminent adviser take a leave of absence to work on his own startup. Li and Robson are heading to the government-funded Max Planck Institute for Biological Cybernetics in Tübingen, Germany, and starting in September. The fish couple stay on the public side because they like the freedom and flexibility of what Robson calls the “playground setting.” Yes, the animal experiments can do unnatural things to harmless, helpless creatures. They can also encourage a humanizing perspective—something we might want to see AI exhibit. Four years ago, before they’d finished their trackable microscope, Li and Robson were using an adhesive gelatin to keep young zebra fish swimming in place for a couple of hours, to measure how their neurons lit up. One morning the two arrived at the lab to find a big surprise: A larva they’d left swimming was still going 18 hours later, far beyond what they’d expected. “This animal was a champion,” Robson says. “Perfect,” Li adds. “His behavior was perfect.” Because of the rigors of the experiment, the researchers couldn’t save their hero for posterity, but they did the next best thing: Li and Robson installed his mom in a special aquarium as their pet. They named her Fred, after Amy Acker’s whip-smart character from the TV show Angel. Robson and Li say the development of AI and brain-computer interfaces is going to force humans to become more humane. After all, if one of our goals is to imbue thinking machines with our own morals, we’ll have to grapple more than we’re used to with what morality is. Questions like: Who deserves the power of enhanced thought? Should a self-driving car choose to save a passenger over a pedestrian? And how smart do machines have to get before they’re considered part of that equation? “That’s a fundamentally very moral question—how do you value life?” says Li, who studied philosophy as an undergrad. “It forces us to be rigorous in what our morality really boils down to,” Robson says. “You have to commit to something.” Source
  6. Another day, another shareholder suit. This time it’s Google in the spotlight. Shareholders have tabled a resolution which, if passed, would demand Google put the brakes on its controversial search engine efforts in China. The program, internally dubbed “Dragonfly,” is said to be a censorship-friendly search engine with the capability to hide results at the behest of Beijing, which administers one of the most restrictive internets in the world. The project remains largely secret, amid an internal upheaval and political pressure from the Trump administration to scrap the effort, but was later acknowledged by Google chief Sundar Pichai, describing China as an “important” market. The resolution, set to be voted on at the company’s annual shareholder meeting Wednesday, would instruct Google to conduct and publish a human rights impact assessment examining the impacts of a censored Google search engine in China. Open Mic, a non-profit representing shareholders worth $3 billion in Google assets, said Google should examine the human rights impact during Dragonfly’s development and not after. “The Chinese government already employs invasive, data-driven surveillance to track its citizens,” said Joshua Brockwell, an investment communications director at Azzad Asset Management, which supports the resolution. “The potential for it to weaponize data from Google searches could allow the government to expand its human rights abuses, including mass detentions of the Uighur minority.” Among recent crackdowns, China has come under international pressure in the past year for targeting Uighur Muslims and holding more than a million in detention. Google opposes the resolution, saying in its proxy statement: “Google has been open about its desire to increase its ability to serve users in China and other countries. We have considered a variety of options for how to offer services in China in a way that is consistent with our mission and have gradually expanded our offerings to consumers in China, including Google Translate.” A spokesperson for Google told TechCrunch it had “nothing more to add” beyond its proxy statement. It’s unclear how the vote will go, given the pressure on Google to evaluate the introduction of search into China. In context, the shareholder in the top 10 with the least amount of shares still has $3.9 billion in stock. Source
  7. SAN FRANCISCO (Reuters) - Shareholder activists want Google parent Alphabet Inc to break itself up before regulators force the world’s biggest internet ad seller to split into different pieces. SumOfUs, a U.S.-based group that aims to curb the growing power of corporations, is set to make that proposal at Alphabet’s annual shareholder meeting on Wednesday at an auditorium at the company’s offices in Sunnyvale, California. “Officials in the US & EU continue to be concerned about Alphabet’s market power in view of restrictions on monopolies,” the proposal reads. “We believe that shareholders could receive greater value from a voluntary strategic reduction in the size of the company than from asset sales compelled by regulators.” The proposal has no realistic chance of success as Alphabet’s top two executives, Larry Page and Sergey Brin, hold 51.3 percent of shareholder votes. Nevertheless, it shows a growing focus on the prospect of antitrust action against Alphabet and other big technology firms such as Facebook Inc and Amazon.com Inc as they face a political and public backlash over privacy issues and the power they now wield over the world’s information. U.S. President Donald Trump has been a frequent critic of Google, claiming without evidence that its search engine unfairly produces results unfavorable to him. He has suggested that U.S. regulators should follow Europe’s lead and look closely at tech companies’ monopolies, but has not suggested any specific remedy. The U.S. Department of Justice and Federal Trade Commission are gearing up to investigate whether Google, Amazon, Apple and Facebook misuse their massive market power, sources told Reuters earlier this month. The breakup proposal is one of a record of 13 on the ballot at Alphabet’s Wednesday meeting. A group of Google employees is backing five of the proposals, which it helped craft, but not the proposal to split the company. Tibetan and Uighur ethnic group leaders concerned about Google’s work in China are among speakers expected to speak at demonstrations outside the auditorium before the meeting. Community activists pressing Google to address housing shortages in Silicon Valley also planned to rally. Alphabet said in shareholder materials its existing policies address issues raised in the proposals and declined to comment further. Although none of the proposals is likely to pass, Google may respond to issues raised. The company stopped working on a censored Chinese search engine and banned use of its artificial intelligence tools for weaponry after petitions from employees and outside activists. “We started as a voice in the wilderness on some of these issues, but conversations have come more to the fore,” SumOfUs campaign manager Sondhya Gupta said. Source
  8. Google will end its partner agreements if it finds its third parties are scraping the web for lyrics. Google has responded to reports that it is stealing lyrics from Genius, explaining how it finds lyrics to show on its search pages. Google conceded its lyrics feature has been "under scrutiny this week," but said it pays music publishers for the rights to display their lyrics. Reports on the lyrics thefts originated with the Wall Street Journal last week, and alleged that Genius can prove lyrics on Google are its own by looking at the apostrophes. Once the apostrophes are converted into Morse Code, they spell out "red handed," CNN added. Google said in a blog post Tuesday called "How we help you find lyrics in Google Search" that it ensures songwriters are paid for their lyrics by working with music publishers who manage those rights. However, the tech giant added that publishers often don't have lyrics in digital text copies, so it works with third parties to get access to these. "News reports this week suggested that one of our lyrics content providers is in a dispute with a lyrics site about where their written lyrics come from," Google said. "We've asked our lyrics partner to investigate the issue." Google added that it will soon include third-party attribution on its digital lyrics text. While Genius didn't immediately respond to a request for comment, its chief strategy officer Ben Gross told The Verge that there is "irrefutable evidence" that Google has been copying Genius lyrics in its Lyrics OneBox. "This is a serious issue, and Google needs to address it," Gross reportedly said. A Google spokesperson added in a statement that the company takes creator rights "very seriously." "The lyrics displayed in information boxes on Google Search are licensed from a variety of sources and are not scraped from sites on the web," the statement emailed to CNET said. "We're investigating this issue with our data partners and if we find that partners are not upholding good practices, we will end our agreements." One third-party provider, LyricFind, responded to the reports of theft in a blog post Monday. LyricFind said it "invests heavily" in its own global content team to build a lyric database using text from artists, publishers and songwriters, which then works to stream, correct and synchronize the data. "Some time ago, Ben Gross from Genius notified LyricFind that they believed they were seeing Genius lyrics in LyricFind's database. As a courtesy to Genius, our content team was instructed not to consult Genius as a source," LyricFind explained. "Recently, Genius raised the issue again and provided a few examples. All of those examples were also available on many other lyric sites and services, raising the possibility that our team unknowingly sourced Genius lyrics from another location." LyricFind said it offered to remove lyrics that Genius said were stolen, but that Genius didn't respond to the offer. "Despite that, our team is currently investigating the content in our database and removing any lyrics that seem to have originated from Genius," LyricFind said. Source
  9. You might not have to wait for your carrier. Google's rollout of RCS chat to Android devices has been slow, and you can blame that partly on the carriers. As the next-gen texting format usually depends on networks adding support one at a time, compatibility has been patchy at best. Now, though, Google is ready to take matters into its own hands -- the internet giant will offer RCS services to Android users in the UK and France later in June, giving them an opt-in choice through the platform's Messages app. The company's Drew Rowny explained it to The Verge as a sort of peer-to-peer end run around the carrier-driven model. Rather than rely on a central server (as with Apple's iMessage), Android Messages quietly pings each participant in a chat to see if they support RCS. If they do, you get high-quality media, read receipts and other perks that come with the technology. Google does pass messages through its servers (though they're deleted as soon as they're delivered), but this is ultimately a decentralized approach that doesn't require carrier support or put full control in one party's hands -- it's the app that enables RCS. The weaknesses of RCS remain. It's not end-to-end encrypted, so it's viable for an intruder to read your messages. It's also tied to your phone number, so you don't have the iMessage-style ability to chat on non-phone devices. And when Google handles RCS, it'll need to temporarily retain attached files as well as data like the phone number and IMSI. The company said it was "committed to finding a solution" for secure chat, however, and texts won't disappear into a void if you switch to a phone that doesn't support RCS. This doesn't mean that Google has finally licked the RCS problem once and for all. It doesn't have a timetable for bringing the chat technology to other countries, and Apple hasn't shown interest in supporting RCS itself. The rollout beats waiting for providers to take action, mind you, and it might spur them to add RCS so that Google doesn't have too much power. Either way, your Android texts could become livelier in the near future. More At: [ The Verge ] Source
  10. (Reuters) - Alphabet Inc’s Google announced on Tuesday it would set aside $750 million in land and $250 million in financing to spur developers in the San Francisco Bay Area to build at least 20,000 homes and rehabilitate other housing over the next decade. Google, which told Reuters it has 45,000 employees in the region, has been the target of local activists who for several years have said the company’s growth and high salaries have contributed to rising rents and housing shortages. They have called on Google and other Silicon Valley tech companies to invest in affordable housing and rethink expansions. Google said housing had reached a “crisis point” in the Bay Area but declined to comment on whether its announcement in a blog post on Tuesday was a response to pressure from community activists, who plan to demonstrate Wednesday outside Alphabet’s annual shareholder meeting. Activist group Silicon Valley Rising called Google’s announcement “a great step in the right direction.” In January, Facebook Chief Executive Mark Zuckerberg’s philanthropy in partnership with other groups said they planned to raise $500 million to build or preserve more than 8,000 homes in the Bay Area over 10 years. And Microsoft Corp pledged $500 million toward addressing homelessness and developing affordable housing in the Seattle region. Google told Reuters it would lease land valued at $750 million, and largely zoned for offices or shops, to construct mostly apartments and some for-sale homes for a total of at least 15,000 units. It declined to elaborate on why the space is no longer needed for offices. The $250 million would go toward equity and debt investments in projects preserving existing affordable housing or constructing at least 5,000 new affordable units for people of various income levels. Google said it would prioritize developments near transportation hubs by its offices. Google has already proposed 5,700 new homes at one of its developments in Mountain View, California adding that it is also in discussions with the cities of Sunnyvale and San Jose. Source
  11. PARIS (Reuters) - French healthcare company Sanofi has teamed up with Google to work on innovations, aimed at using emerging data technologies to change how medicines and health services will be delivered in future. Sanofi and Google will use data sets to improve their understanding of key diseases and extract patients’ insights and feedback, the companies said in a joint statement. “Combining Sanofi’s biologic innovations and scientific data with Google’s industry-leading capabilities, from cloud computing to state-of-the-art artificial intelligence, we aspire to give people more control over their health and accelerate the discovery of new therapies,” said Ameet Nathwani, chief medical officer and executive vice-president, Sanofi. This would enable Sanofi to research and develop a more personalized approach to treatment and identify accompanying technologies to improve results, the statement said. Source
  12. After a few months of testing, Google is finally rolling out the new Google search bar interface. After a few months of testing it now appears Google has started rolling out the new search bar with icons. Instead of just using text to show the various search categories or verticals for news, video, images, maps, shopping and so on – Google is showing icons that represent those categories as well. Screen shot. Here is a screen shot from Chrome on a Mac. Note, I tested this on numerous browsers and operating systems, both signed in and signed out of Google. I was able to replicate this in every single test I’ve tried. Before screen shot: Here is what search bar looked like before: Rolling out. Google has confirmed with Search Engine Land that this is now rolling out to searchers today. Throughout the day we have seen numerous reports from readers that they are seeing the new Google search bar. Now we are able to see this consistently on all browsers we are testing it on. Going back in time. Google had icons next to these search filters back in 2010 on desktop and 2011 on mobile. But in 2011 Google removed the icons from the desktop version. Google has made many changes to their top bar over the years, much of which you can find in our user interfaces archives. Why we care. Any change to the user interface of one of the most used web sites in the world will be noticed. Will it impact search marketers or SEOs? As we said before, this change will probably not impact us much but it does give a new fresh look to the Google search results page. Source
  13. Is YouTube too big to fix everything? Google CEO Sundar Pichai Google's issues with YouTube will never be totally solved. Or at least, that's impression Google CEO Sundar Pichai suggested in a CNN interview. Google-owned YouTube has been struggling with all sorts of content that YouTubers have flagged, including fake and conspiracy videos and lewd comments on children's videos. YouTube has responded with more human monitors, new policies and an aggressive machine learning push to rid some of this content from YouTube. “We’ve gotten much better at using a combination of machines and humans,” Pichai told CNN's Poppy Harlow. “So it’s one of those things, let’s say we’re getting it right 99% of the time, you’ll still be able to find examples. Our goal is to take that to a very, very small percentage well below 1%.” Pichai said Google probably can’t get that to 100%. YouTube receives 400 hours of new content uploaded every minute, which makes true monitoring of the content impossible. The Google CEO compared it to credit card systems. "There’s some fraud in that....Anything when you run at that scale, you have to think about percentages.” However, he said Google will make "significant progress” on this and that “enforcement will get better.” Source
  14. Genius Media Group Inc. depends on Google’s search engine to send music lovers to its website stocked with hard-to-decipher lyrics to hip-hop songs and other pop hits. The rapper Desiigner, whose hit song “Panda” first made a Genius software engineer suspicious about the source of Google’s lyrics in 2016. Now Genius says its traffic is dropping because, for the past several years, Google has been publishing lyrics on its own platform, with some of them lifted directly from the music site. Google denies wrongdoing. Still, Genius’s complaints offer a window into the challenges small tech companies can face when the unit of Alphabet Inc. starts offering competing services on its platform. The complaints come amid mounting concerns over the business practices of Google and other tech giants. The Wall Street Journal recently reported that the Justice Department is gearing up for a new antitrust probe into the search company. Genius said it notified Google as far back as 2017, and again in an April letter, that copied transcriptions appear on Google’s website. The April letter, a copy of which was viewed by the Journal, warned that reuse of Genius’s transcriptions breaks the Genius.com terms of service and violates antitrust law. “Over the last two years, we’ve shown Google irrefutable evidence again and again that they are displaying lyrics copied from Genius,” said Ben Gross, Genius’s chief strategy officer, in an email message. The company said it used a watermarking system in its lyrics that embedded patterns in the formatting of apostrophes. Genius said it found more than 100 examples of songs on Google that came from its site. Starting around 2016, Genius said, the company made a subtle change to some of the songs on its website, alternating the lyrics’ apostrophes between straight and curly single-quote marks in exactly the same sequence for every song. When the two types of apostrophes were converted to the dots and dashes used in Morse code, they spelled out the words “Red Handed.” In a written statement, Google said the lyrics on its site, which pop up in little search-result squares called “information panels,” are licensed from partners, not created by Google. “We take data quality and creator rights very seriously and hold our licensing partners accountable to the terms of our agreement,” Google said. After this article was published online Sunday, Google issued a second statement to say it was investigating the issue raised by Genius and would terminate its agreements with partners who were “not upholding good practices.” In 2016, Google forged a partnership with LyricFind, a Canadian company that secures deals with music publishers allowing companies such as Google to publish lyrics online. LyricFind Chief Executive Darryl Ballantyne said in an email that his company creates lyrics using its own content team. “We do not source lyrics from Genius,” he said. Google’s information boxes are part of the company’s continuing effort to provide users with direct answers to their queries on results pages, particularly on mobile devices. The company says the boxes provide users with a better experience. It also means Google is directing a smaller share of those queries to other sites. In March, 62% of mobile searches on Google didn’t result in a user clicking through to another website, according to the web-analytics firm Jumpshot Inc. Google previously has disrupted companies’ business models by switching from referring traffic via search to providing services directly on Google websites. Google Maps increasingly competes with local-business listing service Yelp Inc., and Google’s forays into travel and shopping services have taken traffic from online retailers and travel sites, said Rand Fishkin, chief executive of SparkToro LLC, a web-marketing software company. As a result, clicks to web publishers have been dropping on desktop search, Mr. Fishkin said. Desktop searches end without a click to another website about 35% of the time. That is up about 9% since 2016, according to Jumpshot. Genius is a privately held company, and its investors include Andreessen Horowitz, the rapper Nas and Quicken Loans Inc. founder Dan Gilbert. The company doesn’t disclose revenue but says its ad business runs to tens of millions of dollars a year. It also earns money by providing lyrics and facts about songs that it publishes and licenses under agreement with music publishers. Genius clients include the music-streaming website Spotify Technology SA and Apple Inc. Genius also earns money through different initiatives, including advertising and sponsored videos on YouTube. Genius first became suspicious about the source of Google’s lyrics in 2016, when a Genius software engineer spotted something odd about the song “Panda,” a hit by rapper Desiigner. While many lyrics sites had published error-ridden transcriptions of Desiigner’s hard-to-understand lyrics, Genius had the definitive version because Desiigner himself provided his lyrics to the site, Genius said. “We noticed that Google’s lyrics matched our lyrics down to the character,” Genius’s Mr. Gross said. The Journal randomly chose three of the more than 100 examples Genius says it found of songs on Google containing these watermarks, and verified the pattern of apostrophes was the same. Because Genius doesn’t itself own the copyright on the lyrics in question, the company might have a weak hand in any legal dispute with Google, said Daphne Keller, a former Google lawyer who now studies the regulation of technology platforms at Stanford’s Center for Internet and Society. “But it’s totally understandable why they don’t want this happening, and I imagine Google doesn’t want it happening either,” she said. Source
  15. The Mozilla Foundation and Google released “high” rated security updates for Thunderbird and Chrome, respectively. The high-rated Thunderbird vulnerabilities patched in version 60.7.1 are CVE-2019-11703 and CVE-2017-11704 concern a heep buffer overflow in icalparser.c and another in Icalfvalue.c. The former flaw can cause a flaw in Thunderbird’s implementation of iCal causes a heap buffer overflow in parser_get_next_char, while the second has the same problem but in icalmemory_strdup_and_dequote. In each case processing certain email messages can in a potentially exploitable crash. The low-rated CVE-2019-11705 is for a type confusion in icalproperty.c due to Thunderbird’s implementation of iCal can cause a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. The Chrome stable channel has been updated to 75.0.3770.90 that covers CVE-2019-5842, a Use-after-free in Blink, for Windows, Mac, and Linux. As per Google’s normal policy it has not released any further details on the bug. Source
  16. ESET analysis uncovers a novel technique bypassing SMS-based two-factor authentication while circumventing Google’s recent SMS permissions restrictions When Google restricted the use of SMS and Call Log permissions in Android apps in March 2019, one of the positive effects was that credential-stealing apps lost the option to abuse these permissions for bypassing SMS-based two-factor authentication (2FA) mechanisms. We have now discovered malicious apps capable of accessing one-time passwords (OTPs) in SMS 2FA messages without using SMS permissions, circumventing Google’s recent restrictions. As a bonus, this technique also works to obtain OTPs from some email-based 2FA systems. The apps impersonate the Turkish cryptocurrency exchange BtcTurk and phish for login credentials to the service. Instead of intercepting SMS messages to bypass 2FA protection on users’ accounts and transactions, these malicious apps take the OTP from notifications appearing on the compromised device’s display. Besides reading the 2FA notifications, the apps can also dismiss them to prevent victims from noticing fraudulent transactions happening. The malware, all forms of which are detected by ESET products as Android/FakeApp.KP, is the first known to sidestep the new SMS permission restrictions. The malicious apps The first of the malicious apps we analyzed was uploaded to Google Play on June 7, 2019 as “BTCTurk Pro Beta” under the developer name “BTCTurk Pro Beta”. It was installed by more than 50 users before being reported by ESET to Google’s security teams. BtcTurk is a Turkish cryptocurrency exchange; its official mobile app is linked on the exchange’s website and only available to users in Turkey. The second app was uploaded on June 11, 2019 as “BtcTurk Pro Beta” under the developer name “BtSoft”. Although the two apps use a very similar guise, they appear to be the work of different attackers. We reported the app on June 12, 2019 when it had been installed by fewer than 50 users. After this second app was removed, the same attackers uploaded another app with identical functionality, this time named “BTCTURK PRO” and using the same developer name, icon and screenshots. We reported the app on June 13, 2019. Figure 1 shows the first two malicious apps as they appeared on Google Play. Figure 1. The fake BtcTurk apps on Google Play The novel 2FA bypass technique After installation, both apps described in the previous section follow a similar procedure. In this section of the blogpost, we will describe the novel 2FA bypass technique using the first app, “BTCTurk Pro Beta”, as an example. After the app is launched, it requests a permission named Notification access, as shown in Figure 2. This permission allows the app to read the notifications displayed by other apps installed on the device, dismiss those notifications, or click buttons they contain. Figure 2. The fake app requesting Notification access The Notification access permission was introduced in Android version 4.3 (Jelly Bean), meaning almost all active Android devices are susceptible to this new technique. Both fake BtcTurk apps require Android version 5.0 (KitKat) or higher to run; thus they could affect around 90% of Android devices. Once the user grants this permission, the app displays a fake login form requesting credentials for BtcTurk, as shown in Figure 3. Figure 3. The fake login form displayed by the malicious app After credentials are entered, a fake error message in Turkish is displayed, as seen in Figure 4. The English translation of the message is: “Opss! Due to the change made in the SMS Verification system, we are temporarily unable to service our mobile application. After the maintenance work, you will be notified via the application. Thank you for your understanding.” In the background, the entered credentials are sent to the attacker’s server. Figure 4. The fake error message displayed by the malicious app Thanks to the Notification access permission, the malicious app can read notifications coming from other apps, including SMS and email apps. The app has filters in place to target only notifications from apps whose names contain the keywords “gm, yandex, mail, k9, outlook, sms, messaging”, as seen in Figure 5. Figure 5. Targeted app names and types The displayed content of all notifications from the targeted apps is sent to the attacker’s server. The content can be accessed by the attackers regardless of the settings the victim uses for displaying notifications on the lock screen. The attackers behind this app can also dismiss incoming notifications and set the device’s ringer mode to silent, which can prevent victims from noticing fraudulent transactions happening. As for effectiveness in bypassing 2FA, the technique does have its limitations – attackers can only access the text that fits the notification’s text field, and thus, it is not guaranteed it will include the OTP. The targeted app names show us that both SMS and email 2FA are of interest to the attackers behind this malware. In SMS 2FA, the messages are generally short, and OTPs are likely to fit in the notification message. However, in email 2FA, message length and format are much more varied, potentially impacting the attacker’s access to the OTP. A fast-evolving technique Just last week, we analyzed a malicious app impersonating the Turkish cryptocurrency exchange Koineks (kudos to @DjoNn35 for bringing that app to our attention). It is of interest that the fake Koineks app uses the same malicious technique to bypass SMS and email-based 2FA but lacks the ability to dismiss and silence notifications. According to our analysis, it was created by the same attacker as the “BTCTurk Pro Beta” app analyzed in this blogpost. This shows that attackers are currently working on tuning this technique to achieve the “next best” results to stealing SMS messages. Figure 6. Information about the fake Koineks app on Google Play How to stay safe If you suspect that you have installed and used one of these malicious apps, we advise you to uninstall it immediately. Check your accounts for suspicious activity and change your passwords. Last month, we warned about the growing price of bitcoin giving rise to a new wave of cryptocurrency malware on Google Play. This latest discovery shows that crooks are actively searching for methods of circumventing security measures to increase their chances of profiting from the development. To stay safe from this new technique, and financial Android malware in general: Only trust cryptocurrency-related and other finance apps if they are linked from the official website of the service Only enter your sensitive information into online forms if you are certain of their security and legitimacy Keep your device updated Use a reputable mobile security solution to block and remove threats; ESET systems detect and block these malicious apps as Android/FakeApp.KP Whenever possible, use software-based or hardware token one-time password (OTP) generators instead of SMS or email Only use apps you consider trustworthy, and even then: only allow Notification access to those that have a legitimate reason for requesting it Indicators of Compromise (IoCs) MITRE ATT&CK Source
  17. Google says the changes will improve performance and security. Ad block developers and consumer advocates say Google is simply protecting its ad dominance. Google has found itself under fire for plans to limit the effectiveness of popular ad blocking extensions in Chrome. While Google says the changes are necessary to protect the “user experience” and improve extension security, developers and consumer advocates say the company’s real motive is money and control. As it stands, the Chrome web store currently offers users a wide variety of ad blocking extensions that can help curtail the volume and nosiness of online advertising. From Adblock to Ghostery, such extensions make it harder for ad networks to build a detailed profile of your online activities or serve you behavioral ads based on your daily browsing habits. Last year, Google began hinting at some changes to Chrome’s extension system as part of its Manifest V3 proposal. Under these changes, Google said it would be modifying permissions and other key aspects of Chrome’s extensions system. The extension development community didn’t respond well, and said the changes would harm many popular user tools. Currently, many Chrome adblock extensions use Chrome's webRequest API, letting users block ads before they even reach the browser. But Google’s proposal would require extensions use the declarativeNetRequest API, which leaves it to the browser to decide what gets blocked based on a list of predetermined rules. While some extensions, like AdBlock, already use the latter, developers say the overall result will be tools that simply don’t work quite as well overall. In the wake of ongoing backlash to the proposal, Chrome software security engineer Chris Palmer took to Twitter this week to claim the move was intended to help improve the end-user browsing experience, and paid enterprise users would be exempt from the changes. Chrome security leader Justin Schuh also said the changes were driven by privacy and security concerns. Adblock developers, however, aren’t buying it. uBlock Origin developer Raymond Hill, for example, argued this week that if user experience was the goal, there were other solutions that wouldn’t hamstring existing extensions. “Web pages load slow because of bloat, not because of the blocking ability of the webRequest API—at least for well crafted extensions,” Hill said. Hill said that Google’s motivation here had little to do with the end user experience, and far more to do with protecting advertising revenues from the rising popularity of adblock extensions. “In order for Google Chrome to reach its current user base, it had to support content blockers—these are the top most popular extensions for any browser,” he said. “Google strategy has been to find the optimal point between the two goals of growing the user base of Google Chrome and preventing content blockers from harming its business.” Hill argues that the blocking ability of the webRequest API caused Google to yield some control of content blocking to third-party developers. Now that Chrome’s market share is greater, the company’s in a better position to “shift the optimal point between the two goals which benefits Google's primary business,” Hill said. Consumer advocates are similarly unimpressed, noting that the changes could also harm the effectiveness of some parental control, privacy, and security extensions. “This is a very bad decision on Google's part,” Justin Brookman, Director of Consumer Privacy and Technology Policy at Consumer Reports told Motherboard in an email. Brookman noted that millions of users rely on extensions like uBlock, Disconnect, and Ghostery to limit cross-site tracking and block malicious code from third-party servers, and that pushing these extensions to use a different API with lesser functionality would only weaken them. “It's hard to escape the suspicion that this is driven primarily by a desire to protect third-party tracking and ad revenue, where Google is the overwhelming market leader,” he said. “Notably, the move will insulate the largest ad blocker AdBlockPlus, who Google pays to whitelist their ads and tracking behavior.” That concern has long been mirrored by the Electronic Frontier Foundation. The group frequently argues that Chrome’s ad tracker blocking technology has lagged behind other browsers because Google, whose online ad market share currently hovers around 37 percent, doesn’t want to hamstring the profitability of tracker-driven, behaviorally-targeted ads. The EFF’s Privacy Badger extension is one of the ad blocking tools that would be impacted, and its development team has also spoken out against the changes. In an email, an EFF spokesperson argued that Google’s move would stifle developer innovation in the browser space and hamper user security and privacy. The group also wasn’t particularly sold on Google’s justification for the move. “Google's claim that these new limitations are needed to improve performance is at odds with the state of the internet,” the organization said. “Sites today are bloated with trackers that consume data and slow down the user experience. Tracker blockers have improved the performance and user experience of many sites and the user experience. Why not let independent developers innovate where the Chrome team isn't? The EFF says it was “particularly worrisome” that Google is going ahead with these changes despite all of the criticisms it's received from the developer community, adding that “security extensions should not be a privilege reserved only for enterprise users.” While Google has responded to criticism by saying the proposal was subject to change, it hasn’t yet backed off the proposal, which would be implemented this fall at the earliest. Should Google stick to its guns in the face of widespread criticism, it’s pretty clear that more than a few Chrome users will soon be on the market for a different browser. Source
  18. Security bug would have allowed hackers access to Google's internal network Security researcher finds dangerous XSS bug in Google's Invoice Submission Portal. A young Czech bug hunter has found a security flaw in one of Google's backend apps. If exploited by a malicious threat actor, the bug could have allowed hackers a way to steal Google employee cookies for internal apps and hijack accounts, launch extremely convincing spear-phishing attempts, and potentially gain access to other parts of Google's internal network. This attack vector was discovered by security researcher Thomas Orlita in February, this year, and has been patched in mid-April, but only now made public. XSS IN GOOGLE'S INVOICING PORTAL Described as a cross-site scripting (XSS) vulnerability, the security flaw impacted the Google Invoice Submission Portal, a public website where Google redirects business partners to submit invoices, based on contractual agreements. Most XSS flaws are considered benign, but there are those rare cases where these types of vulnerabilities can lead to serious consequences.One of those cases was Orlita's discovery. The researcher said that a malicious threat actor could have uploaded malformed files in the Google Invoice Submission Portal, via the Upload Invoice field. Using a proxy, the attacker could have intercepted the uploaded file immediately after the form submission and validation operation took place, and modified the documents from a PDF to HTML, to the XSS malicious payload. The data would have ended up being stored in Google's invoicing backend and would have executed automatically when an employee tried to view it. GOOGLE'S INTERNAL NETWORK COULD HAVE BEEN AT RISK "Since the XSS was executed on a googleplex.com subdomain while the employee is logged in, the attacker should be able to access the dashboard on this subdomain where it's possible to view and manage the invoices," Orlita told ZDNet via email. "Depending on the way cookies are configured on googleplex.com, it might also be possible to access other internal applications hosted on this domain," the researcher added. Since most Google internal apps are hosted on the googleplex.com domain, this opens the door for attackers to a wide range of possibilities. But, all in all, like most XSS security bugs, this bug would have depended on a threat actor's skill level and ability to pivot to more complex attacks. "The severity of the impact is, of course, depending on how well it can be exploited to access their internal sites," Orlita told ZDNet. "For example, an attacker might try a phishing attack on the employee." For more technical details about the XSS bug, Orlita's official vulnerability disclosure is the place to go. Source
  19. SAN FRANCISCO (Reuters) - Alphabet Inc’s Google is trying to plug a surge of public scrutiny around the world by overhauling how its policy office operates, with increased emphasis on having policy staffers and top company executives alike building relationships with governments, people familiar with the matter said this week. Government officials in the United States, India, Ireland, Singapore, Australia and at least several other countries have threatened regulation or launched probes concerning Google’s user privacy practices, its policing of inappropriate videos and apps, and the potential abuse of its dominance in internet search and advertising. The negative attention on Google’s power and its data collection practices could hurt its public image and force costly business changes. Google’s global policy office had gone years without a major strategy shift until Karan Bhatia was hired last June from General Electric Co, where he also led government affairs and policy. In his first year, he has added “government affairs” to his unit’s name before “public policy” to stress relationship building over whitepaper writing, overhauled reporting lines and begun to cut a roster of contract lobbyists, eight of the people said. The moves aim to get Google’s separate units including cloud computing, consumer hardware and YouTube - along with each unit’s senior leaders - to take a bigger role in lobbying on issues affecting them and set the company up to uniformly challenge similar regulatory threats in different parts of the world, sources said. In Washington, lawmakers long have raised concerns about Google’s executives not engaging enough to address their concerns or personally weigh in on policy discussions, according to lobbyists. The issue attracted attention last September when senators pointedly left an empty seat for Google at an intelligence committee hearing on election integrity after the company declined to send a top executive to testify. The empty-seat blunder, as Google’s Washington leadership eventually recognized it, and a string of policy defeats on issues such as copyright in Europe and censorship in Asia have given Bhatia a wide opening to bring changes, sources said. Google’s chief executive, Sundar Pichai, has traveled to Washington each quarter since Bhatia joined, including for a meeting with President Donald Trump. The company declined to comment for this story. Spokespeople have declined multiple requests to interview Bhatia since his hiring. NEW STRUCTURE Bhatia centralized policy crafting through a set of “centers of excellence,” each focused on a separate issue such as data privacy rules, competition law or economic policy, sources said. Google’s policy team has been organized regionally, a vestige of the company gradual’s expansion into new countries. But different regions with limited coordination each had their own projects to create proposals for addressing the same concern. Under Bhatia, those regional teams now focus more on interacting with lawmakers and regulators out of the office, sources said. The four regional heads reporting to Bhatia include Ted Osius for Asia Pacific and Doron Avni for Latin America, Africa, Middle East and Greater Russia. Leaders for U.S.-Canada and Europe have not been named. Also reporting to Bhatia are Leslie Miller, who supervises the centers of excellence, and Wilson White, who oversees teams focused on relaying insights to YouTube, Google Cloud and other business units. MORE INTERNAL INVOLVEMENT Getting Pichai and his product executives to be more involved has been a challenge over the years because Pichai has been reluctant to make engaging with government policymakers a core duty, people said, in contrast to CEOs such as Apple Inc’s Tim Cook and General Motors Co’s Mary Barra. Bhatia may end up drawing product leaders into government affairs by having individual Google units hire lobbying firms directly in the future, sources said. He has already begun to reset lobbying contracts. Google recently fired one long-time lobbying firm in Europe and has threatened to drop as many as 20 of its U.S. lobbying firms from the 26 it worked with last year, sources said. One U.S. firm said it was told its last day would be June 30, while three others said they were awaiting word from Google. All declined to be named because they were not authorized to comment on their client. The Wall Street Journal reported on Wednesday, citing unnamed sources, that Google has fired six U.S. lobbying firms, which together accounted for about half of its $20 million domestic lobbying budget. Source
  20. Google relaxes control on new Chrome extensions API that would have crippled ad blockers. After being ripped to shreds by angry users, Google engineers have promised today that the upcoming changes to Chrome's extensions system won't cripple ad blockers, as everyone is fearing. Instead, the company claims that the new extension API changes will actually improve user privacy and bring speed improvements. Furthermore, Google also promised to raise a maximum limit in one of the upcoming APIs that should address and lay to rest the primary criticism brought against the new extensions API by developers of ad blockers during the last six months. The beginning All of this drama about "Google crippling ad blockers" started back in October 2018, when Google announced major changes to the Chrome extensions ecosystem. Plagued by a rise in the number of malicious extensions, Google announced new rules for the extensions review process, but also major changes to Chrome's extensions codebase. Google grouped the changes in the Chrome codebase in a new set of rules called Manifest V3, which developers had to follow when coding new extensions or updating old ones to work with Chrome's future codebase. All of the Manifest V3 changes were detailed in a 19-page "design document" that the browser maker published last year. The old Web Request API While initially there was little discussion about the Manifest V3 changes, in January, the maintainers of several ad blocker extensions raised an issue with the deprecation of the Web Request API, which they were using to inspect web requests before a page was loaded inside the browser. Developers were angry that Google was replacing this tried and tested feature with one named the Declarative Net Request API, which they said would prevent their extensions from inspecting web requests made on a page with the same efficiency as the older API. The original Web Request API allowed developers to stop a page from loading while they looked at the page's content to search for ads or other content, and block or modify it as they wished. Google said today that this old API was a source of abuse, with 42% of all the malicious extensions the company detected since January 2018, abusing it for nefarious purposes. "With Web Request, Chrome sends all the data in a network request to the listening extension - including any sensitive data contained in that request like personal photos or emails," Simeon Vincent, Developer Advocate for Chrome Extensions, said today. The privacy risk is obvious and apparent. "Because all of the request data is exposed to the extension, it makes it very easy for a malicious developer to abuse that access to a user's credentials, accounts, or personal information," Vincent said. The Declarative Net Request API Instead, Google planned to replace this old and security-proned API with one that worked very differently. Named the Declarative Net Request API, this new technology would work the exact opposite. Instead of an extension stopping web requests and looking at all the content, the extension sets up "rules" that the browser reads and applies to each web page before it loads. With this new API, extensions never receive page data, and the browser makes all the modifications to a page only when one or more declared "rules" are met. This way, all the user's data that may be included on a page -- such as emails, photos, passwords, etc. -- remain at the browser level, and are never passed to the extensions. Google says the new API is better in terms of privacy, but also speed, as Chrome's highly optimized code handles all the web request filtering, instead of leaving this operation to an extension's slow JavaScript code. The problem But in January this year, ad blocker developers argued that despite the advantages of this new API, Google planned to restrict the maximum number of "rules" to 30,000, a number that was far insufficient for ad blockers, which often have to filter web requests for hundreds of thousands of ad-related domains. In online discussions regarding the upcoming API changes, some argued that a maximum "rules" limit of anywhere between 90,000 to 150,000 would have been enough, while some argued that the rule should be around 500,000, to ensure that ad blockers are completely safe. Google developers initially disagreed, but today, the company finally relented and promised to update the "rules" limit to 150,000, from the current 30,000. Should we trust Google this time? But this is actually the second time that Google gives in. The company first promised to back down in mid-February, when it said it wouldn't completely remove the Web Request API. That turned to be a misleading statement, because, in May, Google revealed that it was keeping the Web Request API, but only for enterprise users, and not for regular ones. At the technical and theoretical level, Google's latest announcement should allow ad blockers to work on top of the new Declarative Net Request API; however, it remains to see if Google keeps its promise this time, and won't have its fingers crossed behind its back like it did in February. Other issues Further, some issues still remain. The primary of these is in relation to the capability of the new API. The old Web Request API allowed extensions to be in full control of how they filtered content. According to previous statements made by the developers of the NoScript and uBlock Origin extensions, the new API's declarative rules system doesn't provide the same level of control. "I actually don't care about the hard-coded limit on blacklists because I use a whitelist, but I need contextual information which the Declarative API's stated purpose is keeping away from extensions," Giorgio Maone, the developer of the NoScript extension told ZDNet today. What this means is that extensions that deal with web requests manipulation will most likely lose some of their accuracy in identifying the domains they want to block, and the circumstances they block or allow content to load. Google engineers don't seem to like the idea of giving extension developers full control, as this would negate any performance impact the new API would introduce. While the new Manifest V3 is still up for debate, there will be a tug-of-war between the two sides over the coming weeks. However, Google has given in to various developer requests since January and has also promised today to look into other extension developer gripes. More on the technical side of the changes Google is currently considering allowing into Manifest V3 can be found in Google's recent blog post on the matter. Source
  21. Google’s Pixel 4 rumored to support air gesture system Pause music and skip tracks with a radar-based air gesture system? Enlarge / Project Soli in action. We're at least four months out from the typical Google Pixel smartphone unveiling, but that isn't stopping the rumor mill from churning. There are already a pair of reports pointing toward a Project Soli-based gesture system being in development for the Pixel 4. First, a refresher on what the heck Project Soli is. The project has been in development for years inside Google's ATAP group, with the first public showing happening all the way back in 2015. Soli aims to embed a tiny radar system into a chip that can be used to detect hand motion above a device. Google demoed gestures like moving the thumb and index finger together for a virtual button press or rubbing the two fingers together to scroll or turn a dial. It has always seemed like something that would be a good fit for a smartwatch, where the tiny touchscreens and UIs limit how much can be done on with smartphone-style input. Like many ATAP projects, Soli kept a low profile for years, and you would have been forgiven for assuming it was dead—until the project surprisingly gained FCC approval this January. Now, about those reports. 9to5Google was the first to float the rumor that Google's next smartphone would be equipped with the radar-based gesture system, and then XDA Developers quickly followed up with actual code evidence. XDA has been tracking a feature in Android Q that uses an "Aware" sensor, which would be a good fit for a consumer-facing name for Soli. The latest Android Q betas allow for Aware-based control of lock screen notifications and gestures to skip and silence music. Google has been experimenting with air gestures since the second-gen Moto X, which was equipped with IR sensors that would let you wake the display or dismiss alarms or phone calls just by waving your hand across the display.That feature, from before Google sold Motorola to Lenovo, was not useful enough to be brought forward to future Google phones. The Pixel line has been experimenting with weird input methods, too. Both the Pixel 2 and Pixel 3 are squeezable—sensors embedded in the sides of the device allow you to call up the Google Assistant with just a firm squish. Does anyone out there want air gestures in their smartphone? If Soli does make it to the Pixel 4, Google has some work to do to convince everyone the feature isn't just a gimmick. Source: Google’s Pixel 4 rumored to support air gesture system (Ars Technica)
  22. Kaspersky fingers pro-G filters for letting cyber-muck through Spammers are abusing the preferential treatment Google affords its own apps to score free passes through Gmail's spam filters, it was claimed this week. The ad giant greases the wheels so that incoming messages involving Google Calendar and other Big-G appsvslide through the filters and appear in Gmail inboxes, to ensure stuff generated and shared via its applications aren't silenced by its own webmail product. This situation, according to Kaspersky bods this week, is being exploited by scam artists to lob spam, phishing pages, and links to malicious malware-flinging websites at netizens, in some cases without triggering Gmail's defenses. "The spammer’s main task is to bypass the spam filter and deliver email to your inbox," Kaspersky analyst Maria Vergelis helpfully reminded us. "As it happens, Google services often send email notifications to Gmail inboxes — and Google’s antispam module avoids flagging notifications from its own services as spam." Because Google usually allows these kinds of notifications through, scammers have found they can schedule a load of events in Google Calendar, inviting Gmail users en masse, and, when the set time draws near, generate a wave of reminders that include spam, phishing links, and so on, at least some of which slips through Gmail's filters. For example, the scammer could send a block of Gmail users a Calendar invite with the description being a link to a fake banking site. Rather than catch and filter out the e-nasty, Gmail would let the notification through and, when the person clicked the link, they would then go to the phony bank page. If the recipient has Calendar set to automatically accept invites, they would even get a pop-up notification of the spam message. It is not only Calendar that is being gamed by scam artists. Vergelis noted that Google Photos is also a popular method for evading filters. In that case, the spam would either be placed within the image file or its description – for example the image could be a picture of a check and the description would be instructions on how to claim it, which would typically involve handing over personal information for nothing in return. Again, thanks to Google's overly slick sharing features, the recipient would get a notification in their Gmail inbox that they had a shared photo waiting for them, and the spam itself would be delivered without being troubled by a filter. Additionally, Kaspersky's team said Google Forms is being used to serve up fake surveys that harvest personal information, and Google Drive is being abused to host phishing pages, malware, and ad pages. Even Google Analytics is being turned into a tool for criminals. Vergelis said her team reported seeing businesses targeted with visitor statistics PDF files containing the spammer's links or information. In short, pretty much any Google service that integrates with Gmail can and will be abused to get as much spam into your inbox as possible, and the same goes for other services like Facebook and Twitter that allow users to send each other event notifications. "The main problem is that messages sent through a legal service are assigned its standard headers, so spam filters often view them as harmless," Vergelis explained. "And spam subjects vary widely, so interception requires a high threshold level in the spam filter, which can lead to excessive false positives. Spammers take advantage of this to exploit public services for their own purposes." In response to Kaspersky's findings, a Google spokesperson provided the Russian antivirus biz the following statement, which was shared with El Reg: "Google’s Terms of Service and product policies prohibit the spreading of malicious content on our services, and we work diligently to prevent and proactively address abuse. "Combating spam is a never-ending battle, and while we've made great progress, sometimes spam gets through. We remain deeply committed to protecting all of our users from spam: we scan content on Photos for spam and provide users the ability to report spam in Calendar, Forms, Google Drive, and Google Photos, as well as block spammers from contacting them on Hangouts. "In addition, we offer security protections for users by warning them of known malicious URLs via Google Chrome's Safe Browsing filters." Source
  23. Opera, Brave, Vivaldi to ignore Chrome's anti-ad-blocker changes, despite shared codebase Other browser makers don't seem to be on board with Google's decision to neuter its extensions API, and essentially, ad blockers. Despite sharing a common Chromium codebase, browser makers like Brave, Opera, and Vivaldi don't have plans on crippling support for ad blocker extensions in their products -- as Google is currently planning on doing within Chrome. The three browsers makers have confirmed to ZDNet, or in public comments, of not intending to support a change to the extensions system that Google plans to add to Chromium, the open-source browser project on which Chrome, Brave, Opera, and Vivaldi are all based on. THE MANIFEST V3 SCANDAL Google announced plans to modify the Chromium extension system last October when the browser maker said it would develop a new set of standards -- collectively known as Manifest V3 -- that will modify how extensions work on top of the Chromium codebase. It took extension developers a few months to understand how intrusive the Manifest V3 modifications were, but they did eventually realize that Google was planning to replace one of the main technology through which extensions interacted with website requests, in favor of one that was far inferior. Initially, it was thought that extensions which provided ad-blocking services would be the ones impacted the most, but it was later also discovered that extensions for antivirus products, parental control enforcement, and various privacy-enhancing services were also affected. Users protested against Google's decision, and the company came under heavy criticism from the public -- with many users accusing it of trying to sabotage ad-blocking extensions that were cutting into Google's advertising business profits. Google backtracked on the change a month later, in mid-February, but it appears that the promise to keep the old extension technology intact was just a lie. At the end of May, Google made a new announcement in which it said that the old technology that ad blockers were relying on would only be available for Chrome enterprise users, but not for regular users. This time, Chrome developers seem intent on plowing through with their decision, with the Manifest V3 changes being scheduled to go live in January 2020, when ad blocker extensions would see their ability to block ads greatly diminished. The move has angered Chrome users beyond belief, with many vowing to switch browsers, and many setting their eyes on Firefox, whose developers have been working to transform and rebrand the former fan-favorite into a privacy-first product. But Google's planned Manifest V3 changes are being added to the Chromium base, meaning they'll also likely impact other Chromium-based browsers as well. BRAVE In an email to ZDNet on Friday, Brendan Eich, CEO of Brave Software, said the Brave browser plans to support the old extension technology that Google is currently deprecating. "To respond on the declarativeWebRequest change (restricting webRequest in full behind an enterprise policy screen), we will continue to support webRequest for all extensions in Brave," Eich told ZDNet. In addition, Brave itself supports a built-in ad blocker, that users can utilize as an alternative to any extension. Furthermore, Eich told ZDNet that Brave would continue to support uBlock Origin and uMatrix, the two extensions developed by Raymond Hill, the Chrome extension developer who's been highlighting Google's plans to sabotage Chrome ad blockers for the past months. OPERA ZDNet also received a similar statement from Opera, another browser vendor which uses the Chromium codebase. "We might also consider keeping the referenced APIs working, even if Chrome doesn't, but again, this is not really an issue for the more than 300 million people who have chosen Opera," an Opera spokesperson told us. This is because, just like Brave, Opera also ships with a built-in ad blocker. "All the Opera browsers, both on mobile and PC, come with an ad blocker that users can choose to enable," the spokesperson said. "This means that Opera users aren't really exposed to these changes - unlike users of most other browsers." Further, this ad blocker is very configurable because it also allows users to import custom domain lists, so users can block any advertising domain they want, giving them full control of what types of ads they can see, or not. VIVALDI Vivaldi, another pretty popular Chromium-based browser, published a blog post on Monday affirming its support for giving users a choice -- even if the company has not yet decided how it will proceed. "How we tackle the API change depends on how Google implements the restriction," said Petter Nilsen, Senior Developer at Vivaldi. "Once the change is introduced to Chromium, believe me when I say that there are many, many possible scenarios. Restoring the API could be one of them. We've restored functionality before," Nilsen said. "If the API is removed altogether and no decent alternative is implemented, we might look into creating a limited extensions store. "The good news is that whatever restrictions Google adds, at the end we can remove them. Our mission will always be to ensure that you have the choice," Nilsen added. MICROSOFT EDGE The only major browser maker who did not respond to our request for comment on this issue was Microsoft. The company announced last year it was ditching its proprietary EdgeHTML browser engine for a Chromium port of Edge, which is currently in public testing. Microsoft's plans in regards to Google's Manifest V3 changes are currently unknown. Source
  24. An analysis by Google Security on the Triada malware family found a vendor going by the name of either Yehuo or Blazefire was most likely responsible for malware that came preinstalled on some Android phones. Google’s research revealed Triada was most likely implanted on a device during the manufacturing process when the vendor opted to use third-party software to deliver features not found in the Android Open Source Project, such as face unlock. “The OEM might partner with a third-party that can develop the desired feature and send the whole system image to that vendor for development. Based on analysis, we believe that a vendor using the name Yehuo or Blazefire infected the returned system image with Triada,” Google wrote. The company did not offer any further details on the vendor in question. The backdoor trojan Triada was first uncovered by Kaspersky in 2016 and was being used to obtain super user privileges to intercept URLs being opened by the user and redirect them to another URL. In 2017 Dr Web found Triada built into Android phones firmware enabling an attacker to download and run malicious modules such as spam apps. The creators of Traida then collected money from the ads displayed on the spam apps. Google has since set up a system with the affected OEM device makers to update their systems and remove Triada and Google now scans for the malware on all Android devices. “Triada was inconspicuously included in the system image as third-party code for additional features requested by the OEMs. This highlights the need for thorough ongoing security reviews of system images before the device is sold to the users as well as any time they get updated over-the-air (OTA),” Google said. Source
  25. DMCA Takedowns Try to Delist Dozens of Adult Homepages from Google A wave of DMCA notices sent from a company without an obvious web presence have targeted, among other things, the homepages of dozens of adult-focused sites. Google appears to have responded by delisting the main pages of several affected platforms. Larger ones, such as YouPorn and xHamster, seem to have got a free pass. Google receives millions of notices requesting the removal of allegedly-infringing links from its search results every month. The load is truly huge, as is the flood of pirated content the DMCA notices attempt to address. It’s a huge task on all sides, so it’s not a surprise some dubious takedowns slip through the net. Over the past couple of weeks, more than usual appear to have done just that. Without going into too much detail and annoying the purists, hentai can loosely be defined as adult-focused comics and cartoons. Hailing from Japan, hentai has a huge following worldwide and, of course, is widely pirated. Several companies and organizations attempt to take infringing content down but this week a new one stepped up to cause waves across hundreds of sites. It isn’t clear who is behind ‘Copyright Legal Services INC’ (CLS). A specific Google search yields nothing and its takedown notices offer no additional information either. However, several of its DMCA notices indicate that the original works it tries to protect can be bought from DLSite.com, a platform operated by Japan’s EYSIS, Inc. At first view, the notices filed by CLS seem unremarkable. They list original works and then allegedly-infringing URLs. However, what these notices then try to do is purge from Google entire adult-site homepages, full sections, plus pages that clearly aren’t infringing. Due to their inherent NSFW nature, we won’t quote them directly here but anyone interested can click the links provided. For instance, this notice attempts to remove ‘xhamster.com/hd’ and the ‘subbed’ and ‘english’ tag archives on YouPorn.com.. Many other sites are listed too, with the notice even trying to take down their contact pages. Around two dozen homepages are among the 331 targeted URLs. Another notice targets 198 URLs, six of them site homepages. In common with the other notices, some have been removed from Google search, others have not. It’s hard to make a clear determination but Google seems to delist some smaller sites while giving sites like YouPorn and xHamster a pass. The list of notices goes on, and on, and on, and on, with the same general theme of some accurate reports, many massively overbroad ones, and notices that nearly always target some sites’ homepages, some of which were acted upon by Google. A site operator affected by the wave of takedowns sent TorrentFreak a list of the homepages that were requested for removal from Google. They numbered 294, which is a lot by any measurement. Of course, there are a number of other factors that also need to be highlighted. While it’s impractical to check them all, a cursory view of a few dozen domain URLs shows that most of the sites are probably infringing someone’s copyrights, so these types of notices (when accurate) shouldn’t come as a surprise. It’s also possible that some of the sites carried the content in question on their homepages when the notices were sent to Google. However, given the volume of sites and the limited range of content, it seems likely this would be the exception and not the rule. The operator of one site – Gelbooru.com – which had its homepage delisted from Google despite containing no infringing content, told TorrentFreak that complaining to Google proved fruitless. Homepage delisted “Thanks for reaching out to us,” Google responded. “At this time, Google has decided not to take action. We encourage you to review https://library.educause.edu/topics/policy-and-law/digital-millennium-copyright-act-dmca for more information about the DMCA. If you have legal questions about this notification, you should retain your own legal counsel.” Source
  • Create New...