Tech News

On Monday, Adobe communicated to some of its users, who have taken the subscription of its Creative Cloud applications, that they cannot continue using the older versions and may face “infringement claims” from third-party companies if failed to upgrade to new versions. The email sent to the users did not have any mention of the reason why they should discontinue using the older versions. However, Adobe did share with AppleInsider that this sudden announcement is because of “ongoing litigation.” AppleInsider speculates that the company is referring to the recent lawsuit filed by Dolby Labs against Adobe for not complying with its audit obligations. In a statement to AppleInsider, Adobe wrote: "Adobe recently discontinued certain older versions of Creative Cloud applications. Customers using those versions have been notified that they are no longer licensed to use them and were provided guidance on how to upgrade to the latest authorized versions. Unfortunately, customers who continue to use or deploy older, unauthorized versions of Creative Cloud may face potential claims of infringement by third parties. We cannot comment on claims of third-party infringement, as it concerns ongoing litigation." Adobe licenses certain audio processing technologies from Dolby Labs. According to the license, whenever Adobe sells a product that has been developed with Dolby Labs’ technology, it is obligated to report the sale to Dolby and pay a royalty. The license also provides Dolby Labs the right to audit Adobe’s books and sales of the products containing its licensed technology. When the company asked Adobe to share this information, it refused to do so. “Under all of Adobe’s license agreements with Dolby, Dolby had broad rights to inspect Adobe’s books and records through a third-party audit, in order to verify the accuracy of Adobe’s reporting of sales and payment of royalties. When Dolby sought to exercise its right to audit Adobe’s books and records to ensure proper reporting and payment, Adobe refused to engage in even basic auditing and information sharing practices; practices that Adobe itself had demanded of its own licenses,” the lawsuit reads. This abrupt announcement has left many users infuriated who do not want to update to the latest versions for valid reasons. Many users wait to upgrade to the latest versions until any reported bugs are fixed. Users might also avoid the latest versions because of a few missing features that they need for their project. Matt Roszak was the first one to report this on Twitter, and after that many others reported the same issue. https://twitter.com/KupoGames/status/1126905276693667841 https://twitter.com/InspiringWhyNot/status/1128099070424289280 This also triggered a discussion on Hacker News, where a user commented: “I was stunned by this revelation, but then I think back to all the other times Adobe has exhibited similar behavior and it seems like they won't change. It's not like the CC suite is cheap either. To compare, the Office 365 subscription provides so much more value for a better price. For a very high-class replacement of Adobe products, I would recommend Affinity suite of products - they are a buy once, use forever kind. And Affinity Designer (replacement for Illustrator) is incredibly good - even better than Illustrator in a lot of areas. And the price of Designer is less than 2 months of Illustrator fees. Beat that!” Microsoft, Adobe, and SAP share new details about the Open Data Initiative Adobe Acquires Allegorithmic, a popular 3D editing and authoring company Mozilla disables the by default Adobe Flash plugin support in Firefox Nightly 69

This month, during the Microsoft Build 2019, the team behind .NET Core announced that .NET Core 5 will be coming in 2020. Yesterday the team at .NET Core released the .NET Core May 2019 updates for 1.0.16, 1.1.14, 2.1.11 and 2.2.5. The updates include security, reliability fixes, and updated packages. Expected updates in .NET Core Security .NET Core Tampering Vulnerability(CVE-2019-0820) When .NET Core improperly processes RegEx strings, a denial of service vulnerability exists. In this case, the attacker who can successfully exploit this vulnerability can cause a denial of service against a .NET application. Even a remote unauthenticated attacker can exploit this vulnerability by issuing specially crafted requests to a .NET Core application. This update addresses this vulnerability by correcting how .NET Core applications handle RegEx string processing. This security advisory provides information about a vulnerability in .NET Core 1.0, 1.1, 2.1 and 2.2. Denial of Service vulnerability in .NET Core and ASP.NET Core (CVE-2019-0980 & CVE-2019-0981) When .NET Core and ASP.NET Core improperly handle web requests, denial of service vulnerability exists. An attacker who can successfully exploit this vulnerability can cause a denial of service against a .NET Core and ASP.NET Core application. This vulnerability can be exploited remotely and without authentication. A remote unauthenticated attacker can exploit this vulnerability by issuing specially crafted requests to a .NET Core application. This update addresses this vulnerability by correcting how .NET Core and ASP.NET Core web applications handle web requests. This security advisory provides information about the two vulnerabilities (CVE-2019-0980 & CVE-2019-0981) in .NET Core and ASP.NET Core 1.0, 1.1, 2.1, and 2.2. ASP.NET Core Denial of Service vulnerability(CVE-2019-0982) When ASP.NET Core improperly handles web requests, a denial of service vulnerability exists. An attacker who can successfully exploit this vulnerability can cause a denial of service against an ASP.NET Core web application. This vulnerability can be exploited remotely and without authentication. A remote unauthenticated attacker can exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. This update addresses this vulnerability by correcting how the ASP.NET Core web application handles web requests. This security advisory provides information about a vulnerability (CVE-2019-0982) in ASP.NET Core 2.1 and 2.2. Docker images .NET Docker images have now been updated. microsoft/dotnet, microsoft/dotnet-samples, and microsoft/aspnetcore repos have also been updated. Users can get the latest .NET Core updates on the .NET Core download page. To know more about this news, check out the official announcement. .NET 5 arriving in 2020! Docker announces collaboration with Microsoft’s .NET at DockerCon 2019 .NET for Apache Spark Preview is out now!  

Yesterday, Atlassian Bitbucket, GitHub, and GitLab published a joint incident report in the wake of the recent Git ransomware attack on the three platforms earlier this month. The post sheds light on the ransom event details, what measures the platforms are taking to protect users, and what are the next steps to be taken by the affected repo owners. https://twitter.com/github/status/1128332167229202433 The Git ransom attack On May 2, the security teams at Atlassian Bitbucket, GitHub, and GitLab started getting numerous reports from users about their accounts being compromised. The reports mentioned that the source code from their repositories, both private and public, was being wiped off and replaced with the following ransom note: “To recover your lost data and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at [email protected] with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we don't receive your payment in the next 10 Days, we will make your code public or use them otherwise.” The user accounts were compromised with legitimate user credentials including passwords, app passwords, API keys, and personal access tokens. After getting access to the user accounts, the attackers performed command-line Git commits, which resulted in overwriting the source code in repositories with the ransom note. To recover your repository, in case you have its latest copy on your computer, you can force push the local copy to the current HEAD using the ‘git push origin HEAD:master --force’ command. If not, you can clone the repository and use the git reflog or git fsck commands to find your last commit and change the HEAD. What the investigation revealed? A basic GitHub search shows that 267 repositories were affected by the ransom attack. While investigating how the credential leakage happened, the security teams found a public third-party credential dump, which was hosted by the same hosting provider where the attack had originated. The dump had credentials of nearly one-third of the attacked accounts. After finding this out, the platforms took steps to invalidate the credentials by resetting or revoking them. On further investigation, it was found that continuous scanning has been conducted by the same IP address as the attacker for publicly exposed .git/config and other environment files, which may have sensitive information like credentials and personal access tokens. Similar scanning behavior from other IPs residing on the same hosting provider was also found. How you can protect your repositories from such attacks? Strong and unique passwords: Users should use strong and unique passwords as attackers can easily crack simple passwords through brute-force attacks. Enabling multi-factor authentication (MFA): Users are recommended to use multi-factor authentication, which is supported on all three platforms. MFA provides better security by combining two or more independent credentials for authentication. Understanding personal access tokens (PATs) and their risks: PATs serve as an alternative to passwords when you are using two-factor authentication. Users should ensure that these are not publicly accessible in repositories or on web servers as in some situations these tokens may have read or write access to repositories. The report further recommends that users should use them as environment variables and avoid hardcoding them into their programs. Additionally, the three platforms also offer other features through which we can prevent such attacks from recurring. Bitbucket gives admins the authority to control access of users through IP Whitelisting on their Premium plan. GitHub does token scanning on public repositories to check for known token formats and notifies the service providers if secrets are published to public GitHub repositories. GitLab 11.9 comes with a feature called Secret Detection that scans repositories to find API keys and other information that should not be there. To read the official announcement, check out the joint incident report on GitLab blog. GitHub announces beta version of GitHub Package Registry, its new package management service GitHub deprecates and then restores Network Graph after GitHub users share their disapproval DockerHub database breach exposes 190K customer data including tokens for GitHub and Bitbucket repositories  

Facebook, Twitter and other social media firms are facing increasing pressure from lawmakers and the public to remove anti-vaccination propaganda from their platforms. ‘Vaccine hesitancy’ has been listed as the top 10 threats to Global Health in 2019 by the World Health Organisation (WHO). Following this, last week, Twitter launched a new ‘search prompt’ feature to prevent misinformation about vaccines. If a user searches for vaccines on Twitter, a prompt will lead them to a credible public health resource which will guide them to information about vaccines from authoritative sources. Twitter’s Vice President of Trust and Safety, Del Harvey posted on her blog about this new feature. It reads, “We’re committed to protecting the health of the public conversation on Twitter — ensuring individuals can find information from authoritative sources is a key part of that mission” With regard to this tool, if a user searches for any keyword related to vaccines, a prompt will appear on your feed which will direct individuals to a credible public health resource. For the U.S., a website by the Department of Health and Human Services, called Vaccines.gov will appear. Twitter will also not auto-suggest queries that are likely to direct individuals to non-credible commentary and information about vaccines.          Image source: Del Harvey’s Blog The search prompt feature will be available on iOS, Android, and mobile.twitter.com in the United States (in English and Spanish), Canada (in English and French), UK, Brazil, Korea, Japan, Indonesia, Singapore, and in Spanish-speaking Latin American countries. The new initiative will enable Twitter to guard users against the artificial amplification of non-credible content about the safety and effectiveness of vaccines. Twitter also ensures that their advertising content does not contain misleading claims about the cure, treatment, diagnosis or prevention of certain diseases and conditions, including vaccines. Twitter’s new ‘search prompt’ is an extension of Twitter’s #ThereIsHelp initiative where if a user searches for terms associated with suicide or self-harm, the top search result is a prompt encouraging them to reach out for help. These new features from social media giants come after there have been reports about Anti-Vaccine groups using social media to target parents with misinformation.  Pinterest was the first to take a strong stand against the spread of misinformation related to vaccines. In February, it blocked all vaccination related searches as the majority of shared images on Pinterest cautioned people against vaccinations. The same month, Youtube also started demonetizing channels which promoted anti-vaccination views. Also,   started placing new information panel that links to the Wikipedia entry on “vaccine hesitancy” before anti-vaccination videos. Two months ago, Facebook in its effort to minimize the spread of vaccination misinformation and to point users away from inaccurate anti-vaccination propaganda, started downranking groups and pages that spread this kind of content across both News Feed and its search function. It also started to reject ads promoting anti-vaccination misinformation. Instagram, began blocking hashtags that return anti-vaccination misinformation earlier this month. WhatsApp limits users to five text forwards to fight against fake news and misinformation Twitter launches a new reporting feature that allows users to flag tweets about voting that may mislead voters Dorsey meets Trump privately to discuss how to make public conversation “healthier and more civil” on Twitter

In January, San Francisco legislation proposed a ban on using facial recognition technology by the government. The ban is imposed on government agencies, including the city police and county sheriff’s department, but excludes the technology that unlocks the iPhone or cameras installed by businesses or individuals. Again this month, San Francisco Supervisor Aaron Peskin introduced the Stop Secret Surveillance Ordinance. And yesterday it has been reported that the Board of Supervisors voted in favor of the ban to use facial recognition by city agencies. https://twitter.com/UberFacts/status/1128454197324800000 https://twitter.com/SarahNEmerson/status/1128424297003868160 Northern California’s Matt Cagle and Brian Hofer, chair of Oakland’s Privacy Advisory Commission, came in support of this ordinance and wrote in an op-ed last week, “If unleashed, face surveillance would suppress civic engagement, compound discriminatory policing, and fundamentally change how we exist in public spaces.” https://twitter.com/Matt_Cagle/status/1128418575159418880 The proposal faced opposition from few, a local group named Stop Crime SF argued a ban might not be that fruitful when talking about property crime and might also impact in collecting and presenting evidence of crime. Though the vice president of Stop Crime SF, Joel Engardio, seems to be satisfied with the amended bill. In a statement to Wired, he says, “We agree with the concerns that people have about facial ID technology. The technology is bad and needs a lot of improvement.” This move definitely would impact the use of technology all over the world and might motivate other cities to adopt the same. Last month, the Oakland Privacy Advisory Commission released 2 key documents, an initiative to protect Oaklanders’ privacy namely, Proposed ban on facial recognition and City of Oakland Privacy Principles. Techies and developers of the facial recognition systems have been showing their concern in this regard and think that introducing strict rules and surveillance would be better than putting up a ban. Benji Hutchinson, vice president of federal operations for NEC, a major supplier of facial-recognition technology, says, “I think there’s a little bit too much fear and loathing in the land around facial-recognition technology.” In a statement to Wired, Daniel Castro, vice president of the Information Technology and Innovation Forum believes in calling for safeguards on the use of the technology rather than prohibitions. He also calls ban a “step backward for privacy,” as it will leave more people reviewing surveillance video. Though in the board meeting, Peskin said, “I want to be clear — this is not an anti-technology policy.”  He further clarified that the ordinance is also an accountability measure which would ensure safe and responsible use for surveillance tech. Update from ACLU on 21st May San Francisco's ban on using facial recognition technology by the government is now official. Yesterday, Matt Cagle tweeted that San Francisco has approved the ban by a vote of 10 to 1. https://twitter.com/Matt_Cagle/status/1130947088605298688 Amazon finally agrees to let shareholders vote on selling facial recognition software Oakland Privacy Advisory Commission lay out privacy principles for Oaklanders and propose ban on facial recognition China is using facial recognition tech to profile 11 million Uighurs Muslim minority: NYT report  

Last week, the Rust team was informed about a vulnerability in Rust’s standard library, the details of which they shared yesterday. The vulnerability is caused by a function that was stabilized in the Rust 1.34.0 and 1.34.1 versions. The Common Vulnerabilities and Exposures (CVE) Id for this vulnerability is CVE-2019-12083. What is the vulnerability? The Rust standard library contains the `Error::type_id` method, which allows you to acquire TypeId (a globally unique identifier for a type) of the underlying error type to downcast back to the original type. The vulnerability happens when the method is manually implemented or interacts with ‘Error::downcast’ family of functions to cast a type to the wrong type. Though the standard library has a default implementation of ‘Error::type_id’, it can also be manually implemented by downstream crates. This can cause security issues such as out of bounds reads and writes. If your code does not have a manual implementation of ‘Error::type_id’, then it is safe. This vulnerability affects two versions, Rust 1.34.0 and 1.34.1, which were released last month. Also, since the function has been a part of all the releases starting from Rust 1.0.0, this vulnerability may have affected the code compiled with the nightly distribution as well. What are the mitigation steps? The Rust team recommends to immediately remove the manual implementations of Error::type_id and inherit the default implementation which is a safe option. As a long term measure, the team plans to destabilize this function, which will be a breaking change for users calling Error::type_id and for users overriding Error::type_id. The team further wrote, “We will be releasing a 1.34.2 point release on 2019-05-14 (tomorrow) which reverts #58048 and destabilizes the Error::type_id function. The upcoming 1.35.0 release along with the beta/nightly channels will also all be updated with a destabilization.” Read the full announcement on Rust’s official website. Rust shares roadmap for 2019 Rust 1.34 releases with alternative cargo registries, stabilized TryFrom and TryInto, and more Chris Dickinson on how to implement Git in Rust

Earlier this month, a major vulnerability was discovered in Whatsapp by its security team that allowed attackers to remotely install surveillance software on iOS and Android smartphones. The malicious software was injected in users phone by making WhatsApp voice calls, regardless of whether the user has answered the call or not. In some cases, these calls just vanished from the call logs leaving the targeted users clueless of the attack. There is a possibility that this spyware would have allowed an attacker to read messages from the affected device. Facebook, who owns Whatsapp, published an advisory to security specialists yesterday, describing the attack as, “A buffer overflow vulnerability in WhatsApp VOIP stack that allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.” What steps have been taken by WhatsApp? WhatsApp engineers worked through Sunday before deploying a patch for its 1.5 Billion customers yesterday and urging them to update their app as an added precaution. The Financial Times reported, “WhatsApp said that teams of engineers had worked around the clock in San Francisco and London to close the vulnerability. It began rolling out a fix to its servers on Friday last week, WhatsApp said, and issued a patch for customers on Monday.” Not much detail about the vulnerability or the impact of the attack has been revealed yet as WhatsApp is still in its early stages of the investigation. Reportedly, last week the company disclosed the attack to the United States Department of Justice. WhatsApp in a statement shared on Monday said, "This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.” Who was behind this attack? According to the Financial Times, this malicious software was developed by NSO Group, which is headquartered in the Israeli city of Herzliya. While the company tries to keep its work under wraps, it has been accused of selling its flagship software Pegasus to Saudi Arabia and UAE. It also licenses Pegasus to intelligence and law enforcement agencies worldwide. The NSO Group in its defense shared a statement: "NSO's technology is licensed to authorized government agencies for the sole purpose of fighting crime and terror. The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organization." Human rights advocates against NSO Group NSO group does not have a good reputation with human rights organizations and groups. Its software has been linked to human rights abuses, unethical surveillance, and also to the gruesome murder of the Saudi Arabian critic Jamal Khashoggi. Back in 2016, it was revealed by Citizen Lab and Lookout Mobile Security that the company exploited three unpatched iOS vulnerabilities, which are also known as zero-days, to jailbreak on user phones. This allowed the installation of Pegasus on user phones, which is capable of reading texts, tracking calls, collecting passwords, tracking location, and gathering information from apps. Yesterday, human rights advocates, along with Amnesty International, shared their plans to file a petition against NSO Group. They are taking the Israeli Ministry of Defence (MoD) to court demanding the revocation of the mobile spyware vendor’s export license. This decision comes after an Amnesty International researcher was targeted by the company’s Pegasus surveillance software. Amnesty International wrote in a post, “In a petition to be filed tomorrow at the District Court of Tel Aviv, approximately 30 members and supporters of Amnesty International Israel and others from the human rights community set out how the MoD has put human rights at risk by allowing NSO to continue exporting its products.” To know more in detail, check out the report by the Financial Times. DARPA plans to develop a communication platform similar to WhatsApp The Indian government proposes to censor social media content and monitor WhatsApp messages Facebook hires top EEF lawyer and Facebook critic as Whatsapp privacy policy manager

Recently Amazon has shown tremendous growth in bringing in automation to warehouses. But now it seems Amazon is taking up automation and AI on another level with respect to bringing in technologies for replacing manual work. Last year, Amazon started incorporating technology to a handful of warehouses to scan goods coming down a conveyor belt. Amazon is now all set to roll out its specially-made automated machines that are capable of boxing up orders, overtaking a manual job which is currently held by thousands of workers, Reuters reports. Currently, the company has considered installing two machines at more than a dozen warehouses, while removing at least 24 job roles at each one of them. This set-up usually involves around more than 2,000 people. And if automation will be implemented it will lead to more than 1,300 job cuts across 55 U.S. fulfillment centers for standard-sized inventory. But the company is expecting to recover the cost of machines in two years, at around $1 million per machine plus operational expenses. Though the changes regarding the machines haven’t been finalized yet because vetting the technology might take some more time. In a statement to Reuters, an Amazon spokesperson said, “We are piloting this new technology with the goal of increasing safety, speeding up delivery times and adding efficiency across our network. We expect the efficiency savings will be re-invested in new services for customers, where new jobs will continue to be created.” Boxing multiple orders per minute over 10 hours is a very difficult job. The latest machines, known as the CartonWrap from CMC Srl, an Italian firm, pack the boxes much faster than humans. They can manage to pack 600 to 700 boxes per hour, or four to five times the rate of a human packer. The employees of the company might be trained to take up more technical roles. According to a spokesperson from Amazon, the company is not just aiming at speeding up the process but its aim is to work on efficiency and savings. An Amazon spokesperson said, “It’s truly about efficiency and savings.” But Amazon’s hiring deals with governments have a different story to tell! The company announced 1,500 jobs last year in Alabama, and the state had promised Amazon $48.7 million in return over 10 years. Well, Amazon is not the only one in this league of automation, as even Walmart has plans to deploy thousands of robots for lower level jobs in its 348 stores in US. Walmart aims to bring in autonomous floor cleaners, shelf-scanners, conveyor belts, and “pickup towers” on stores. Looking at the pace where companies like Amazon and Walmart are heading to implement technology in retail space, the future for advanced tech-enabled warehouses are near. But this will be at the cost of jobs of the existing workers who will be at stake. Amazon S3 is retiring support for path-style API requests; sparks censorship fears Amazon introduces S3 batch operations to process millions of S3 objects Amazon finally agrees to let shareholders vote on selling facial recognition software

At the beginning of this month, Apple’s Vice President of Apple Pay, Jennifer Bailey announced a new NFC feature for Apple Pay. Now, Apple Pay will be supported with NFC stickers/tags, that will trigger it for payment without needing to have an app installed. This announcement was made during the keynote address at the TRANSACT Conference, Las Vegas, which focused on global payment technology. The new iPhones will have special NFC tags that will trigger Apple Pay purchases when tapped. This means all you need to do is tap on the NFC tag, confirm the purchase through Apple Pay(through Face ID or Touch ID) and the payment would be done. This will require no separate app and will be handled by Apple Pay along with the Wallet app. As per 9to5Mac, Apple is partnering with Bird scooters, Bonobos clothing store, and PayByPhone parking meters in the initial round. Also, users will soon be able to sign up for loyalty cards within the Wallet app, with a single tap with no third party or setup required. According to NFC World, Dairy Queen, Panera Bread, Yogurtland, Jimmy John's, Dave & Busters, and Caribou Coffee are all planning to launch services later this year that will use NFC tags allowing customers to sign up for loyalty cards. https://twitter.com/SteveMoser/status/1127949077432426496 This could be another step towards Apple’s goal of replacing the wallet. This feature will make instant and on the go purchases a lot more faster and easier. A user on Reddit has commented, “From a user's point of view, this seems great. No need to wait for congested LTE to download an app in order to pay for a scooter or parking.” Another user is comparing Apple Pay with QR code, stating “QR code requires at least one more step which is using the camera. Hopefully, Apple Pay will be just a single tap and confirm, which would be invoked automatically whenever the phone is near a point of sale. And since the NFC tags will have a predetermined, set payment amount associated with them, even biometrics shouldn’t be necessary.” https://twitter.com/lgeffen/status/1128083948410744832 More details on this feature can be expected at the Apple Worldwide Developers Conference (WWDC) 2019 (WWDC19) coming up in June. Apple’s March Event: Apple changes gears to services, is now your bank, news source, gaming zone, and TV Spotify files an EU antitrust complaint against Apple; Apple says Spotify’s aim is to make more money off others’ work Elizabeth Warren wants to break up tech giants like Amazon, Google Facebook, and Apple and build strong antitrust laws

Facebook has been trending in the news because of its ethics and data privacy issues. Right from the Cambridge Analytica scandal to multiple hearings and fine against the company, Facebook has been surrounded by these controversies since quite some time now. Lately,  the Canadian and British Columbia privacy commissioners decided to take Facebook to Federal Court to seek an order because of its privacy practices. And once again, the company makes the headline for tracking users across Stack Overflow. Well, to explain this better, Stack Overflow directly links to Facebook profile pictures. You must be wondering many third-party platforms allow such tracking, then what’s the big deal in this one? So, the trap is, that this linking unintentionally allows user activity throughout Stack Exchange to be tracked by Facebook and surprisingly, it also tracks the topics you are interested in! To explain this further, let’s take an example from a Stack Overflow user. Image source: Stack Overflow The user says, “Have a look: when I load a page containing any avatars hot-linked from Facebook, my browser automatically sends a request including a Facebook identifying cookie and the URL of the page I'm viewing on Stack Exchange. They don't just know that I'm visiting the site, they also get to know which topics I'm interested on throughout the network.” Another user commented on the thread, “Facebook creates 'shadow' accounts for many people who don't have actual accounts (or at least, for people they can't find an actual account for) in order to consistently/reliably track/gather data to sell.” Few others are complaining about their profile pictures being attributed directly to facebook.com domains. The browser is basically making a request to Facebook and the Facebook session cookie identifies the user as well as a referrer header. This header tells Facebook what page the users were on at the time they check the image. How to save yourself from such creepy activity by Facebook? A lot of users have suggested selecting the cookies they should be accepting on each of the sites they visit. Also, blocking third-party cookies and setting the browser to remove cookies while closing the browser as a viable option. Manual removal of cookies is advisable while quitting a browser. Few others have suggested using an ad blocker which will refrain the users from going on fishy sites. It is suggested to enable Strict Content Blocking in Firefox for security concerns. But the matter of concern is that even other tech companies must be involved in collecting the user data and manipulating them and basically playing around our privacy. Just a few years ago, Google was trying to patent the collection of user data. It’s surprising to see how is the world changing around us and we are forced to live in an era where the tech giants are data minded. To know more about this news, check out the Stack Overflow thread. Facebook bans six toxic extremist accounts and a conspiracy theory organization Facebook open-sources F14 algorithm for faster and memory-efficient hash tables Facebook shareholders back a proposal to oust Mark Zuckerberg as the board’s chairperson

On Monday, the U.S. supreme court ruled against Apple’s App Store monopoly case allowing iPhone users to move forward with an antitrust suit against Apple. The case involved an allegation that Apple has monopolized the market for iPhone apps by charging third-party app developers a 30 percent commission. In the case of Apple Inc. v. Pepper, the iPhone users argue that this commission on sales through the App Store was passed along to consumers which is an unfair use of monopoly power. The lawsuit was first filed in 2011 by lead plaintiff Robert Pepper and three other iPhone users. Apple claimed that only app developers, and not users, should be able to bring such a lawsuit. The company said that consumers were buying their apps from developers— not from Apple. And it was the developers who were setting the prices. However, the court disagreed and in a 5–4 decision, written by Justice Brett Kavanaugh, the court voted against Apple, allowing the case to proceed. At the core of the lawsuit is another Supreme Court case from 1977, Illinois Brick Co. v. Illinois, which established the Illinois Brick Doctrine which says that you can't sue for antitrust damages if you're not the direct purchaser of a good or service. Apple had initially argued that the iPhone owners could not sue because they were not direct purchasers from Apple under Illinois Brick Doctrine. The District Court had agreed to Apple’s decision, but the Ninth Circuit reversed, concluding that the iPhone owners were direct purchasers because they purchased apps directly from Apple. “Apple’s line-drawing does not make a lot of sense, other than as a way to gerrymander Apple out of this and similar lawsuits,” the opinion, authored by Justice Kavanaugh, read. Kavanaugh's opinion was joined by Justices Ruth Bader Ginsburg, Stephen Breyer, Elena Kagan, and Sonia Sotomayor. The dissent was written by Justice Neil Gorsuch, President Trump's appointee to the high court. Gorsuch's opinion was joined by Justices Clarence Thomas, Samuel Alito and Chief Justice John Roberts. This decision is a big blow to how Apple operates. The company’s stock is down by more than 5% since Monday. This lawsuit can potentially disrupt Apple’s sales ecosystem and hit the company with millions of dollars in penalties. The decision could also have ramifications on how other tech giants like Google and Amazon operate. This is considering the fact that after this ruling, users of electronic marketplaces can now bring antitrust suits against companies that operate online stores even if they are buying from a third-party seller. Apple has released an official statement post this lawsuit: Today’s decision means plaintiffs can proceed with their case in District Court. We’re confident we will prevail when the facts are presented and that the App Store is not a monopoly by any metric. We’re proud to have created the safest, most secure and trusted platform for customers and a great business opportunity for all developers around the world. Developers set the price they want to charge for their app and Apple has no role in that. The vast majority of apps on the App Store are free and Apple gets nothing from them. The only instance where Apple shares in revenue is if the developer chooses to sell digital services through the App Store. Developers have a number of platforms to choose from to deliver their software — from other apps stores, to Smart TVs to gaming consoles — and we work hard every day to make our store the best, safest and most competitive in the world. You can read the Supreme court’s opinion here. Apple convincingly lobbied against ‘right to repair’ bill in California citing consumer safety concern. Apple plans to make notarization a default requirement in all future macOS updates Apple officially cancels AirPower; says it couldn’t meet hardware’s ‘high standards’

Last month, Amazon employees used their company-issued stock to pressure top executives into reducing contributions to climate change. Amazon’s proxy statement, released on 11th April, includes an employee-backed resolution asking the company to report publicly on how it plans to reduce its reliance on fossil fuels and manage the risks posed by climate change. The supporters also released an open letter signed by more than 7164 employees calling on CEO Jeff Bezos and the board of directors to support the resolution. In the letter, the employees also asked Amazon to stop offering its cloud services to the oil and gas industries. On 10th May, Amazon Employees for Climate Change Justice group tweeted that two of the largest proxy advisors to institutional investors have recommended shareholders to vote Yes to their resolution. https://twitter.com/AMZNforClimate/status/1126922811975409664 Amazon employees have made a proposal which states, “Amazon’s Board of Directors prepare a public report as soon as practicable describing how Amazon is planning for disruptions posed by climate change, and how Amazon is reducing its company-wide dependence on fossil fuels. The report should be prepared at reasonable expense and may exclude confidential information.” Glass Lewis have recommended the shareholders to vote in favor of this proposal. It has specified in its recommendations that, “The Company has provided some level of disclosure concerning some of its environmental initiatives, but we find this disclosure to fall short in many respects.” However, Glass Lewis also states that they do not believe that this disclosure addresses what they view as the heart of this proposal, which is how the Company plans to mitigate disruptive risks resulting from climate change. They believe that issues, including extreme weather patterns, a more stringent regulatory framework on climate-related issues and changing public perceptions on account of climate change, can all have real and disruptive effects on companies. Further, as evidenced by the submission of this resolution and the aforementioned employee letter, the Company's apparent inaction on issues of climate change can present human capital risks, which have the potential to lead to the Company having problems attracting and retaining talented employees. Lastly, according to Glass Lewis the additional disclosure requested by the proposal would benefit the Company by allowing shareholders to better understand how the Company is ensuring resilience to climate-related disruptions and would provide reassurance to employees that issues related to climate change are being taken seriously. ISS also states, "Publication of the report requested by shareholders would allow shareholders to better assess the company's management of its risks related to climate change and actions to reduce its GHG emissions in line with Paris Agreement goals." Dr. Friederike Otto from Oxford states, "There is absolutely no doubt that when there is a tropical cyclone...because of climate change the rainfall intensities are higher…the resulting flooding is more intense than it would be without human-induced climate change." https://twitter.com/AMZNforClimate/status/1126922816152989696 https://twitter.com/emahlee/status/1126991815372972032 https://twitter.com/techjunkiejh/status/1126924880392392707 Read the recommendation letters by Glass Lewis and ISS in response to the Amazon employees proposal. Amazon S3 is retiring support for path-style API requests; sparks censorship fears Amazon finally agrees to let shareholders vote on selling facial recognition software Eero’s acquisition by Amazon creates a financial catastrophe for investors and employees

On Friday, Facebook revealed that it has filed a lawsuit against a South Korean data analytics firm, Rankwave claiming that it is unlawfully using its app data for personal marketing and advertising while not adhering to Facebook’s data policies. Facebook further stated that Rankwave failed to cooperate with the compliance audit, which Facebook says it requires from all developers using their platform. The lawsuit was filed in a California superior court in San Mateo County claims that Rankwave operated minimum 30 apps through Facebook’s platform and used “Facebook data in order to market and sell its own services, specifically tools used by various customers and businesses to track Facebook interactions such as likes and comments on their pages”. Rankwave also apparently misused data taken in by its own consumer app, called “Rankwave App”, for checking one’s social media ‘influencer score’. The app “could pull data about your Facebook activity such as location check-ins, determine that you’ve checked into a baseball stadium, and then Rankwave could help its clients target you with ads for baseball tickets”, TechCrunch reports. The lawsuit also mentions that the RankWave App stopped operating on the Facebook Platform around about March 30, 2018. On January 17, 2019, Facebook sent a written request for information (“RFI”) to Rankwave that requested proof that Rankwave was in compliance with its contractual obligations under Facebook’s Policies and TOS. Moreover, they also wanted to determine the Facebook data Rankwave were used to sell advertising and marketing, including whether any user data had been impacted. Rankwave did not respond to Facebook’s RFI, nor to an email, which reminded them that their response to the RFI was due on January 31, 2019. On February 13, 2019, Facebook sent Rankwave a Cease and desist letter (C&D Letter) which informed Rankwave that it had violated and continued to violate the platform policies, including Policy 7.9, by failing to provide proof of compliance with Facebook’s Platform Policies and TOS. Facebook Platform Policy, Section 7.9 states: “[Facebook] or an independent auditor acting on our behalf may audit your app, systems, and records to ensure your use of Platform and data you receive from us is safe and complies with our Terms, and that you've complied with our requests and requests from people who use Facebook to delete user data obtained through our Platform. If requested, you must provide proof that your app complies with our terms.” According to the lawsuit, in an email response on February 19, 2019, Rankwave ignored the demands in the C&D letter, including the audit request. It also claimed that it had not had access to any of its Facebook apps since 2018. Jessica Romero, Facebook’s Director of Platform Enforcement and Litigation, writes, “By filing the lawsuit, we are sending a message to developers that Facebook is serious about enforcing our policies, including requiring developers to cooperate with us during an investigation.” According to TechCrunch, “Rankwave came into Facebook’s crosshairs in June 2018 after it was sold to a Korean entertainment company in May 2017. Facebook assesses that the value of its data at the time of the buyout was $9.8 million. Worryingly, Facebook didn’t reach out to Rankwave until January 2019 for information proving it complied with the social network’s policies.” “Now Facebook is seeking money to cover the $9.8 million value of the data, additional monetary damages, and legal fees, plus injunctive relief restraining Rankwave from accessing the Facebook Platform, requiring it to comply with Facebook’s audit, requiring that it delete all Facebook data”, TechCrunch further added. Many are speculating this incident to the Cambridge Analytics scandal that abused private Facebook data in order to inform political campaigning efforts, leading the social media firm into a huge crisis. On Friday, Facebook co-founder and chief executive Mark Zuckerberg met French President Emmanuel Macron in Paris to discuss potential regulation of social networks. "We need new rules for the internet that will spell out the responsibilities of companies and those of governments," Mr. Zuckerberg told French TV channel France 2 after the meeting. One of the users on HackerNews writes, “My prediction after the Cambridge Analytica scandal broke is that it would lead to an explosion in wealthy people who want to play at noopolitics. I suspect they have dozens of CA's on their hands currently. At the very least, if not hundreds. The key takeaway that some people will have had from Cambridge Analytica, is not 'they got caught, don't do this', but rather 'they were largely successful and incredibly cheap'.” “The upshot from having lots of players in this space, however, is not one of greater control by insidious power addicts, but rather a loss of control as the players compete for attention and influence. So, chaos in the news and the elimination of any kind of consistent narrative from on high. I think we have been experiencing this for a while now. In some ways, it is almost an improvement”, the user further added. Facebook responds to Chris Hughes’ “It’s time to break up Facebook” Facebook co-founder Chris Hughes recently wrote an opinion piece in The New York Times that said, the company should be broken up. “Hughes stated that CEO Mark Zuckerberg’s “focus on growth led him to sacrifice security and civility for clicks,” and that he should be held accountable for his company’s mistakes” Nick Clegg, Facebook’s Vice President for global affairs and communications, in his response to Hughes’ thoughts states, “what matters is not size but rather the rights and interests of consumers, and our accountability to the governments and legislators who oversee commerce and communications.” Clegg, in his article, highlights on various achievements by Facebook, the key areas that FB is planning to concentrate on, and the misunderstanding associated with the company. He mentions, “The first misunderstanding is about Facebook itself and the competitive dynamics in which we operate.” The other one he mentions is that of antitrust laws. “Over the past two years we’ve focused heavily on blocking foreign adversaries from trying to influence democratic elections by using our platforms. We’ve done the same to protect against terrorism and hate speech and to better safeguard people’s data”, Clegg writes. Zuckerberg, also responded to Hughes in a TV interview with France Info while in Paris to meet with French President Emmanuel Macron, ”When I read what he wrote, my main reaction was that what he’s proposing that we do isn’t going to do anything to help solve those issues.” He further added, “So I think that if what you care about is democracy and elections, then you want a company like us to be able to invest billions of dollars per year like we are in building up really advanced tools to fight election interference.” A user on HackerNews writes, “Mr. Clegg starts his opinion piece with a nirvana fallacy: breaking up Facebook won't solve all the world's problem, so why bother? More appeals are made throughout to Facebook's large user-base, as justification for continued market dominance. Yet Mr. Clegg claims anti-trust laws do not apply to Facebook those laws are to ensure "low-cost, high-quality products" - and since Facebook is free, they're immune from such rules. He proudly denigrates and defies the laws simply because they were "developed in the 1800s" which is an outright disgrace. I find his arguments wholly unedifying and severely lacking in substance and creativity. That pro-Facebook propaganda by their PR head is even deemed worthy of publishing (in NYTimes of all places!) is frankly a disappointment.” https://twitter.com/ewarren/status/1126493176406081537 https://twitter.com/SenSanders/status/1126848277083717633 To know more about this news in detail, head over to Nick Clegg’s post on The New York Times. Facebook bans six toxic extremist accounts and a conspiracy theory organization Facebook open-sources F14 algorithm for faster and memory-efficient hash tables New York AG opens investigation against Facebook as Canada decides to take Facebook to Federal Court for repeated user privacy violations

One of the major challenges in computer vision is Multi-person pose estimation. Though few of the currently used approaches have achieved significant progress by fusing the multi-scale feature maps, little attention is paid to enhancing the channel-wise and spatial information of the feature maps. Last week, researchers from Southeast University, Nanjing, China proposed a paper Multi-Person Pose Estimation with Enhanced Channel-wise and Spatial Information, wherein they have introduced two novel modules for enhancing the information for the multi-person pose estimation. Firstly, the researchers have proposed a Channel Shuffle Module (CSM) to adopt the channel shuffle operation on the feature maps with different levels while promoting cross-channel information communication among the feature maps. Secondly, they have designed a Spatial, Channel-wise Attention Residual Bottleneck (SCARB) to boost the original residual unit with attention mechanism. And further highlighting the information of the feature maps both in the spatial and channel-wise context. Lastly, they have evaluated the effectiveness of their proposed modules on the COCO keypoint benchmark, and experimental results show that their approach achieves the state-of-the-art results. So hereby we discuss the modules introduced by the researchers in detail. Modules proposed by the researchers Channel Shuffle Module (CSM) The levels of the feature maps are enriched by the depth of the layers in the deep convolutional neural networks and many visual tasks have also made major improvements. However, in the case of multi-person pose estimation, there are still limitations in the trade-off between the low-level and high-level feature maps. Here, the channel information with different characteristics can complement and reinforce with each other. So, the researchers decided to propose the Channel Shuffle Module (CSM) to further calculate the interdependencies between the low-level and high-level feature maps. Image Source: Multi-Person Pose Estimation with Enhanced Channel-wise and Spatial Information Let’s assume that the pyramid features extracted from the ResNet backbone are denoted as Conv2∼5 (as shown in the figure). In this case, Conv-3∼5 are first upsampled to the same resolution as the Conv2, and then these feature maps are concatenated together. Then the channel shuffle operation is performed on the concatenated features in order to fuse the complementary channel information among different levels. The shuffled features then are split and downsampled to the original resolution separately which are denoted as C-Conv-2∼5. C-Conv-2∼5. Next, the researchers perform 1×1 convolution to further fuse C-Conv-2∼5, and obtain the shuffled features that are denoted as SConv-2∼5. And they concatenate the shuffled feature maps S-Conv-2∼5 with the original pyramid feature maps Conv2∼5 for achieving the final enhanced pyramid feature representations. These enhanced pyramid feature maps contain the information from the original pyramid features and fused cross-channel information from the shuffled pyramid feature maps. Attention Residual Bottleneck (ARB) The researchers introduced Attention Residual Bottleneck based on the enhanced pyramid feature representations mentioned above. With the help of Attention Residual Bottleneck, they enhanced the feature responses both in the spatial and channel-wise context. Image Source: Multi-Person Pose Estimation with Enhanced Channel-wise and Spatial Information In the figure, the schema of the original Residual Bottleneck and the Spatial, Channel-wise Attention Residual Bottleneck is composed of the spatial attention and channel-wise attention. The dashed links in the figure, indicate the identity mapping. The ARB learns the spatial attention weights β and the channel-wise attention weights α respectively. By applying the whole feature maps, the project leads to sub-optimal results due to the irrelevant regions. Whereas, the spatial attention mechanism attempts to highlight the task-related regions in the feature maps. Evaluating the models on COCO keypoint The team evaluates the models on the challenging COCO keypoint benchmark and train them on the COCO dataset that includes 57K images and 150K person instances with no extra data involved. The ablation studies are then validated on the COCO minival dataset and the final results are reported on the COCO test-dev dataset compared with the public state-of-the-art results. The team uses the official evaluation metric that reports the OKS-based AP (average precision) in the experiments. Here the OKS (object keypoints similarity) defines the similarity between the ground truth pose and predicted pose. In the Channel-wise Attention Residual Bottleneck (SCARB) experiment, the team explores the effects of different implementation orders of the spatial attention and the channelwise attention in the Attention Residual Bottleneck, i.e., SCARB and CSARB. To know more about this news, check out the paper, Multi-Person Pose Estimation with Enhanced Channel-wise and Spatial Information. AI can now help speak your mind: UC researchers introduce a neural decoder that translates brain signals to natural-sounding speech OpenAI researchers have developed Sparse Transformers, a neural network which can predict what comes next in a sequence Researchers propose a reinforcement learning method that can hack Google reCAPTCHA v3  

Last week, the team behind GraalVM announced the release of GraalVM 19.0. This is the first production release, which comes with early adopter Windows support, class initialization update in GraalVM Native Image, Java 8 SE compliant Java Virtual Machine, and more. https://twitter.com/graalvm/status/1126607204860289024 GraalVM is a polyglot virtual machine that allows users to run applications written in JavaScript, Python, Ruby, R, JVM-based languages like Java, Scala, Kotlin, Clojure, and LLVM-based languages such as C and C++. Updates in GraalVM 19.0 GraalVM Native Image GraalVM Native Image is responsible for compiling Java code ahead-of-time to a standalone executable called a native image. Currently, it is available as an early adopter plugin and you can install it by executing the ‘gu install native-image’ command. With this release, Native Image is updated in how classes are initialized in a native-image. The application classes are now initialized at runtime by default and all the JDK classes are initialized at the build time. This change was made to improve user experience, as it eliminates the need to write substitutions and to deal with instances of unsupported classes ending up in the image heap. Early adopter Windows support With this release, early adopter builds for Windows users are also made available. These builds include the JDK with the GraalVM compiler enabled, Native Image capabilities, and GraalVM’s JavaScript engine and the developer tools. Java 8 SE compliant Java VM This release comes with Java 8 SE compliant Java Virtual Machine, which is based on OpenJDK 1.8.0_212. Read also: No more free Java SE 8 updates for commercial use after January 2019 Node.js with polyglot capabilities This release comes with Node.js with polyglot capabilities, based on Node.js 10.15.2. With these capabilities, you will be able to leverage Java or Scala libraries from Node.js and also use Node.js modules in Java applications. JavaScript engine compliant with ECMAScript 2019 GraalVM 19.0 comes with JavaScript engine compliant with the latest ECMAScript 2019 standard. You can now migrate from JavaScript engines Rhino or Nashorn, which are no longer maintained, to GraalVM’s JavaScript engine compatible with the latest standards. Check out the GraalVM 19.0 release notes for more details. OpenJDk team’s detailed message to NullPointerException and explanation in JEP draft Introducing Node.js 12 with V8 JavaScript engine, improved worker threads, and much more What’s new in ECMAScript 2018 (ES9)?