Trump Repeals FCC Privacy Rules, But ISPs' 'Fairness' Argument Weak

White HouseWhite HousePresident Trump signed the S.J.Res. 34 bill into law, officially overturning the FCC privacy framework that would have required internet service providers (ISPs) to obtain consent before tracking their customers online and then selling access to that data to advertisers.

Repealing The FCC’s Privacy Protections

The FCC privacy rules required broadband providers such as Comcast, AT&T, and Verizon to obtain consent before using precise geolocation, health and financial information, and browsing history for advertising purposes. The previous FCC leadership thought that obtaining such information without consent is unacceptable and made it so that broadband customers would have to opt-in before such data collection from the ISPs occurs.

However, with the rules overturned, broadband providers will benefit from selling that data to advertisers on top of collecting monthly payments from their subscribers.

The main argument that the broadband providers and most Republicans have used to repeal the FCC’s privacy rules is that they should be under the same privacy rules as Google, Facebook, and other “edge” services. In the ISPs’ view, it’s not fair that online services can collect user data while they can’t.

The argument doesn’t hold much water. First of all, it’s not unusual for ISPs to have different rules compared to other technology companies. In fact, there are hundreds of pages of legislation that apply only to ISPs, and there is a good reason for that.


Edge services can come and go, and there’s usually plenty of competition for each one of them. This is in contrast to broadband providers, which typically enjoy local monopolies; typically, customers in a given locale don’t have much choice in internet providers. Therefore, if ISPs want to be under the same rules as edge services, they would first have to ensure the same type of competitive environment. Chances are that broadband providers aren’t too eager to see that happen.

Another side of this argument is that ISPs have a typical sort of business model wherein their users pay for a service. Most online services, on the other hand, are free to use, and they generate their revenue from advertising.

Unless ISPs are going to provide broadband access for free, then it doesn’t entitle them to use customer data however they see fit.

Even so, many users don’t feel that trading free services for ads is acceptable in the first place. It’s mainly that they feel they don’t have much of a choice, because most services make their money that way.

This brings us to the third reason why the ISP argument is a weak one. If it’s unfair for broadband providers to be under different rules than edge services companies, a consumer-friendly solution would be to put edge services under the same privacy rules that the FCC enacted for ISPs.

Then, consent for using sensitive data for advertising purposes would be necessary from both ISPs and online services. That’s likely an outcome most people would want to see. But by pushing to roll back the FCC’s privacy protections, ISPs can double dip–by making money both from subscriber payments and from mining user data, and then selling access to it to advertisers.

Fighting Back

The long term solution for gaining broadband privacy back is going to have to come in the form of a new law, passed by (presumably) a new Congress and Administration. Anything else is a mitigation, at best, and more of a cat-and-mouse game, as the ISPs will fight back to stop or slow down those mitigations.

However, until such legislation becomes a possibility, there are a few ways to reduce the impact of ISP tracking. You can increase your use of encryption, VPN services, and the Tor browser, and you can also change your DNS servers from those owned by the ISPs and assigned automatically to your devices to privacy-friendly ones. You can also enable any and all opt-outs the ISPs offer you, however complicated and confusing that process may be.

Go to Source

EK Water Blocks Announces EVGA FTW2 Full-Cover Blocks

EVGA recently launched the iCX cooling solution, and evidently, EK Water Blocks thinks it can do better. The water cooling company launched a pair of full-cover GPU blocks to give EVGA’s FTW2 cards the cooling solution they deserve.

EVGA iCX technology offers sophisticated monitoring systems and advanced cooling features, but that doesn’t matter because it’s still an air cooler. If you want to push your card to the maximum, you probably want your GPU cooled by water. (Note: that comparison was made with a 1080 Ti, but we expect the same concept to apply to 1080 cards, too.) And let’s face it, EVGA designed the FTW and FTW2 series to push the boundaries of Nvidia GPUs’ capabilities.

EK Water Blocks announced the EK-FC1080 GTX FTW2 full-cover GPU water block, which should provide the cooling performance edge needed to push a card like that to its performance limits. The EK-FC1080 GTX FTW2 makes direct contact with the GPU, memory, and voltage regulation modules (VRM), and the channels inside the block direct fluid over all three heat-generating components.

EKWB is offering the EK-FC1080 GTX FTW2 in two variants. You can get the block with clear acrylic top, which features pre-drilled 3mm holes for LED diodes, or with a black Acetal top. Both options include a nickel-plated electrolytic copper base. EKWB didn’t announce a new backplate to go with the new water blocks, but the company said the existing EK-FC1080 GTX FTW Backplates are compatible with the new FTW2 water blocks.

The EK-FC1080 GTX FTW2 is compatible with 10 different EVGA FTW class graphics cards, including GTX 1080 and 1070 models with ACX 3.0, iCX, and Hybrid cooling solutions.

The EK-FC1080 GTX FTW2 water blocks are available now through the EK Webshop and EKWB’s partner reseller network. EKWB is asking $112 for both variants.

Go to Source

Asus ROG Announces Poseidon 1080 Ti, WQHD Monitor, More

So many tech companies are bad at April Fool’s Day that we were wary that Asus’ press release about new Republic of Gamers (ROG) products was a joke when it hit our inbox last Saturday. Turns out the company wasn’t pulling our leg–it really did announce a new Poseidon GTX 1080 Ti, the WQHD gaming-focused PG27VQ curved monitor, the 10Gb networking ROG Areion 10G NIC, and the ROG Pugio ambidextrous mouse. Oh, and it teased an Aura SDK that promises to give developers real-time control over the RGB lighting in compatible peripherals and components.

Asus previously announced Turbo and ROG Strix versions of Nvidia’s latest-and-greatest GPU. Now, it’s revealed the liquid-and-air-cooled Poseidon GTX 1080 Ti. In addition to that hybrid cooling, the Poseidon GTX 1080 Ti also features an expanded heatsink that covers 40% more area than its predecessor, Aura Sync lighting compatibility, and an “infinite-reflection badge that lets you stare into an RGB abyss,” if that’s what you’re into. Asus didn’t announce the new graphics card’s price, but it did say it’s expected to arrive in Q2, so we probably won’t have to wait too long for more details.

That card might come in handy with the new PG27VQ monitor. The 27″ monitor features a WQHD (2560 x 1440) resolution with an 1800R curvature and frameless design. The PG27VQ was clearly made with gaming in mind, as it boasts a 165Hz maximum refresh rate and 1ms response time, as well as support for Nvidia’s G-Sync. And, of course, it has Aura Sync-compatible RGB LED accents on the back. As with the Poseidon GTX 1080 Ti, Asus revealed only that the PG27VQ will arrive in Q3. The company did note, however, that “select versions” of the monitor will feature quantum dot technology.

The ROG Areion 10G is supposed to help you keep up with all those pixels. It uses an Aquantia AQC-107 chip, PCI Express 3.0 x4 interface, and full-sized heatsink to enable 10Gb networking without making you worry about rising temperatures. Because you know Asus had to put LEDs somewhere, the ROG Areion 10G features “easy-to-see LEDs that track network activity and connection speed.” It also supports 2.5Gbps and 5Gbps speeds. The company–you guessed it–didn’t share pricing info, but it did say that the ROG Areion 10G is expected to make its debut this month.

Next comes the 7,200DPI optical ROG Pugio mouse. Its ambidextrous design allows you to swap the thumb buttons’ sides “in seconds” thanks to their magnetic attachments. That magnetism extends to a cover that shields the other side to prevent accidental clicks with your ring finger or pinky. The left and right buttons use socketed Omron switches rated for 50 million clicks that can be swapped out. The RGB LEDs can be “controlled independently or synchronized with the rest of your system” via Aura Sync. Neither pricing info nor a release date were revealed.

Speaking of Aura Sync: Asus closed its announcement with news of an Aura SDK that’s supposed to make it easier for developers to control the lighting of compatible motherboards, graphics cards, peripherals, and other components. (That compatibility, naturally, stems from the products’ support of the Aura Sync lighting manager.) The company said that it will officially announce the Aura SDK at Computex, which runs May 30 to June 3. We expect to learn more about the Poseidon GTX 1080 Ti, PG27VQ, and the other totally real, not at all prankish products in the coming weeks.

Go to Source

How to download YouTube to Android

Want to watch YouTube video offline on your phone or tablet? Our helpful guide explains how to download YouTube to Android.

Store your favourite YouTube videos on your Android phone or tablet to watch offline


By

Watching YouTube video is one of our favourite pastimes on an Android phone or tablet, but doing so out of range of a Wi-Fi hotspot can place a heavy burden on a mobile data connection. Thankfully, you can use an app such as Tubemate to download YouTube video for offline watching. (Also see how to download YouTube to an iPad or iPhone, and how to download YouTube to a PC or laptop.)

Because Google doesn’t exactly approve of you bypassing its platform for watching video (also see is it legal to download YouTube video?), you won’t find Tubemate in Google Play. Nevertheless, it’s a free app that we will show you how to sideload on your phone or tablet.

In publishing this tutorial we do not advocate the downloading of copyrighted videos from YouTube, and in our examples we are using only video from our own YouTube channel.

Download YouTube video to Android with Tubemate

• Open the Settings menu on your Android phone or tablet and go to Security, then enable Unknown sources. This will allow you to install apps from outside Google Play; that it is disabled by default is to protect you, so we recommend disabling that toggle once you have installed Tubemate

• Now open your web browser and head to tubemate.net. You want to install the latest version of the app (currently 2.3) from one of the verified sites listed here. This is because in downloading apps from outside Google Play you risk potentially downloading something malicious that is masquerading as a genuine app

• Also note that because you are sideloading the app it won’t be automatically updated along with the other apps on your phone when a new version is released. So if Tubemate ever stops working for you, return here and install the update assuming one is available

• We’ve chosen Android Freeware. Click on the link, then press the blue Install app button. You’ll be warned that this type of file can harm your device, but go ahead and press OK anyway

• Once the file has downloaded you’ll see a notification in the drop-down bar at the top of the screen. Tap on this notification and your device should open the Downloads folder on your device

• Tap on the download listed youtube-tubemate.7.07.apk and choose Install when prompted. Click Open when the download completes and agree to the T&Cs

Download YouTube video to Android

Download YouTube video to Android

• You can either use Tubemate to download YouTube videos from directly within the app, or you can do so within the YouTube app itself. To download a video from the YouTube app, launch the video, then tap Share and choose Tubemate. You’ll be prompted to choose a resolution, then tap the green download button

• Alternatively, open the Tubemate app and use the search function to find a video. To download the video just press the green arrow at the top of the screen, choose a resolution and again tap the green download icon

Read next: If YouTube wanted you to download YouTube videos for free it wouldn’t have come up with YouTube Red.

Follow Marie Brewis on Twitter.

Go to Source

Yooka-Laylee review: This nostalgia-fueled platformer is Banjo-Kazooie 4 in everything but name

To call Yooka-Laylee a Banjo-Kazooie “clone” is to do it a disservice. In everything but name, this is a full-fledged Banjo-Kazooie sequel—closer, in fact, to its Nintendo 64 predecessors than actual 2008 sequel Banjo-Kazooie: Nuts & Bolts.

And that’s exactly what Playtonic’s Kickstarter promised, so good on them.

Treasure Trove Cove: Redux

You play as Yooka and Laylee, a chameleon and bat respectively. The pair are lounging around their home in Shipwreck Creek one day when evil Capital B (a play on both his bumblebee-like nature and his status as “Boss”) decides to vacuum up all the books in the world and, I guess, turn them into gold or something.

Yooka-Laylee Yooka-Laylee

The struggle between “Art” and “Capitalism” is obvious, though the actual plot not so much. Like any good N64-era platformer these comic-book-villain ends are more set-dressing than deep social commentary, an excuse to get our heroes on their way. Is it a not-so-subtle jab at Microsoft and other big publishers for putting profits ahead of the “art” of making games? Maybe. But if you’re coming to Yooka-Laylee for that sort of moralizing I think you’ve walked into the wrong review by accident.

Yooka and Laylee certainly aren’t there to fall into deep philosophical discussions about ethical consumption under capitalism. They’re mad because Laylee was using a book as a coaster for her drink, and then the book was sucked away. That’s it.

Yooka-Laylee Yooka-Laylee

Turns out Laylee’s coaster was a special book though, full of “Pagies”—golden pages that, when collected, allow the duo to enter special “Grand Tome” books and access other worlds. There’s the island-themed Tribalstack Tropics, icy Glitterglaze Glacier, Halloween-skinned Moody Marsh, and more.

And, again like its N64 predecessors, your job is to collect various MacGuffins across these worlds, either picking them up off the ground or solving some simple puzzles. There are 145 Pagies total and 1,010 Quills. The former are used to unlock new Grand Tomes to explore, the latter to buy new moves for Yooka and Laylee—and (later) to collect compulsively, because that’s what you do in these games.

Sound similar to Banjo-Kazooie? It should. The conceits are essentially the same, though given a new name and theme. Jigsaw pieces are now pages, music notes became quills, honeycomb pieces are butterflies, and so on. For every Banjo-Kazooie concept, there’s a parallel in Yooka-Laylee. As I said, it’s a sequel in everything but name.

'Chrysaor' Surveillance Malware Found On Android Devices By Lookout And Google

Countries targeted by Chrysaor surveillance malwareCountries targeted by Chrysaor surveillance malware

The NSO Group, an Israeli firm that sells malware and exploits to governments and law enforcement agencies, created a sophisticated piece of malware called “Pegasus” to compromise iOS devices. Lookout researchers have now discovered a version of Pegasus for Android, which they dubbed “Chrysaor,” after the malware infected a few dozen targets. Google was made aware of the threat and has taken steps to protect Android users.

Pegasus Surveillance Malware

Lookout and Citizen Lab–an organization within the University of Toronto’s Munk School of Global Affairs–discovered Pegasus in August 2016 after it tried to infect human rights activists and journalists. The malware used three zero-day exploits in iOS (dubbed Trident by the researchers) to serve as a “one-click jailbreaking tool” that could take over iPhones. All the attacker had to do was trick you into clicking a malicious link.


Once an iPhone was compromised, Pegasus could be used to steal target information from chat applications and social media accounts. The malware could also persist on the device even if the vulnerabilities it was exploiting were patched, and could be remotely updated to exploit new cracks in iOS’ defenses.

Chrysaor

Chrysaor is a piece of Android malware closely related to Pegasus, according to Google security researchers. Google learned about it when Lookout submitted a list of suspicious packages to Google for analysis. That’s when Google discovered that a few dozen smartphones had malware on them that was similar to Pegasus. Google’s team said the packages were never in the Play Store, but that they could be downloaded from elsewhere.

The small number of infections may be surprising, but that’s probably because it was intentional. As a company specializing in creating exploit tools for governments, NSO’s solutions are likely tailored for the targets in question. Because  national governments pay for those exploits, it also means that even if Chrysaor or some other piece of malware only infects one target, the company could still be paid handsomely for it.

NSO likely doesn’t want its malware to spread to as many devices as possible, either, as that would increase the chances of it being discovered and blocked.

How Chrysaor Works

Once Chrysaor is installed on a target’s device, a remote operator is able to track phone and SMS activities, as well as leverage the microphone and camera to spy on the target.

In Android 4.3 or earlier, the Chrysaor exploit would use framaroot (an Android rooting tool) to escalate privileges and break out of Android’s application sandbox. If the target device is not vulnerable to these exploits, then the app attempts to elevate privileges with a superuser binary.

The malware uses six techniques to collect data:

  • It repeats commands, such as requesting GPS location, at certain intervals
  • It makes the /data/data directories where data from chat and social media application is usually stored world readable, so it can be easily collected
  • It uses Android’s ContentObserver framework to observe changes in SMS, Calendar, Contacts, and chat applications
  • It collects screenshots of what’s on the phone’s screen
  • It does keylogging to record all inputs
  • It silently answers a telephone call in the background, which makes it possible for the attacker to hear nearby conversations

Chrysaor can be removed via a remote command or it can be automatically deleted if it hasn’t contacted the attacker’s server in 60 days.

Protecting Against Android Malware

Android’s security situation could be much more dire than it actually is, considering how few devices receive updates on time. However, Google’s Verify Apps service usually does a good job against most of the malware out there that’s trying to exploit known vulnerabilities that haven’t been fixed in most Android devices. This is why it’s a good idea to keep Verify Apps enabled.

However, Verify Apps is typically effective only against malware that is known to Google. In Chrysaor’s case, it wasn’t the Verify Apps service that alerted Google about the malware, but Lookout, which in turnlearned about it from Citizen Lab and a human rights activist. Google’s Verify Apps only entered the scene after the Pegasus malware was proven to be active, which meant Google could develop defense capabilities against it.

Those who may be targets of software developed by companies such as NSO Group may want to have a phone that receives security patches on time, because that’s usually the best protection you can expect from a device. It’s also a good idea not to click on links from strange messages or download applications from places outside of the Play Store, as that exposes you to unnecessary risks.

Go to Source

Sex toy with in-built camera can be 'easily hacked'

A wi-fi-enabled sex toy that features an in-built camera can be hacked, security researchers say.

Pen Test Partners, which tested the Siime Eye vibrator, said it was “trivial” to connect to its web interface.

This meant attackers could access intimate videos recorded by the device, as well as control other functions.

Svakom, the US firm that makes the toy, has not responded to a request for comment.

According to Svakom’s website, the Siime Eye has a built-in micro camera and a hidden searchlight, which can be connected to a PC, tablet or mobile phone via wi-fi.

The firm says this allows users to “record and share” their experiences with a partner via “pictures or videos”.

Instant access

But in a blog, Pen Test Partners showed how the device could be hacked.

It said someone within range of the device could access its video stream, either by working out the user’s password, or entering the manufacturer’s default password, 88888888, if it had not been changed.

Those with more advanced knowledge could gain “complete control” over operation of the device, Pen said.

“It’s trivial to connect to the access point (AP),” it said, “[and] if you can get onto the wireless AP, you’ll have instant access to everything on this web application.

“Oh, and being a Wi-Fi AP means you can find users too… This part surprised us the most.”

Pen Test said it had contacted Svakom several times about the issue since December but had not heard back.

It comes weeks after Canadian firm Standard Innovation agreed to pay $3.75m (£3m) to settle privacy claims regarding some of its We-Vibe sex toys.

Some We-Vibe models collected intimate user data and sent it back to the manufacturer without the user’s consent.

Tech experts said the vibrator could also be hacked although Standard Innovation, which did not admit wrongdoing, said none of the devices’ data was accessed by outside parties.

Go to Source