btp

The Android phone maker says go ahead, fix your own phone.

The right-to-repair movement continues to gain steam as another big tech company shows its support for letting people fix their own broken devices.

Google endorsed an Oregon right-to-repair legislation Thursday calling it a “common sense repair bill” and saying it would be a “win for consumers.” This marks the first time the Android phone maker has officially backed any right-to-repair law.

The ability to repair a phone, for example, empowers people by saving money on devices while creating less waste,” said Steven Nickel, devices and services director of operations for Google, in a blog post Thursday. “It also critically supports sustainability in manufacturing. Repair must be easy enough for anyone to do, whether they are technicians or do-it-yourselfers.”

In the Oregon repair bill, manufacturers will be required to provide replacement parts, software, physical tools, documentation and schematics needed for repair to authorized repair providers or individuals. The legislation covers any digital electronics with a computer chip although cars, farm equipment, medical devices, solar power systems, and any heavy or industrial equipment that is not sold to consumers are exempt from the bill.

Google has made strides in making its Pixel phones easier to fix. The company enabled a Repair Mode for the phones last month allowing the protection of data on the device while it’s being serviced. There’s also a diagnostic feature that helps determine if your Pixel phone is working properly or not. That said, Google’s Pixel Watch is another story as the company said in October it will not provide parts to repair its smartwatch.

Apple jumped on the right-to-repair bandwagon back in October. The iPhone maker showed its support for a federal law to make it easier to repair its phones after years of being a staunch opponent.

The Android phone maker says go ahead, fix your own phone.

The right-to-repair movement continues to gain steam as another big tech company shows its support for letting people fix their own broken devices.

Google endorsed an Oregon right-to-repair legislation Thursday calling it a “common sense repair bill” and saying it would be a “win for consumers.” This marks the first time the Android phone maker has officially backed any right-to-repair law.

The ability to repair a phone, for example, empowers people by saving money on devices while creating less waste,” said Steven Nickel, devices and services director of operations for Google, in a blog post Thursday. “It also critically supports sustainability in manufacturing. Repair must be easy enough for anyone to do, whether they are technicians or do-it-yourselfers.”

In the Oregon repair bill, manufacturers will be required to provide replacement parts, software, physical tools, documentation and schematics needed for repair to authorized repair providers or individuals. The legislation covers any digital electronics with a computer chip although cars, farm equipment, medical devices, solar power systems, and any heavy or industrial equipment that is not sold to consumers are exempt from the bill.

Google has made strides in making its Pixel phones easier to fix. The company enabled a Repair Mode for the phones last month allowing the protection of data on the device while it’s being serviced. There’s also a diagnostic feature that helps determine if your Pixel phone is working properly or not. That said, Google’s Pixel Watch is another story as the company said in October it will not provide parts to repair its smartwatch.

Apple jumped on the right-to-repair bandwagon back in October. The iPhone maker showed its support for a federal law to make it easier to repair its phones after years of being a staunch opponent.

The New York Times is suing OpenAI and Microsoft for copyright infringement, claiming the two companies built their AI models by “copying and using millions” of the publication’s articles and now “directly compete” with its content as a result.

As outlined in the lawsuit, the Times alleges OpenAI and Microsoft’s large language models (LLMs), which power ChatGPT and Copilot, “can generate output that recites Times content verbatim, closely summarizes it, and mimics its expressive style.” This “undermine[s] and damage[s]” the Times’ relationship with readers, the outlet alleges, while also depriving it of “subscription, licensing, advertising, and affiliate revenue.”

The complaint also argues that these AI models “threaten high-quality journalism” by hurting the ability of news outlets to protect and monetize content. “Through Microsoft’s Bing Chat (recently rebranded as “Copilot”) and OpenAI’s ChatGPT, Defendants seek to free-ride on The Times’s massive investment in its journalism by using it to build substitutive products without permission or payment,” the lawsuit states.

The full text of the lawsuit can be found here

A controversial developer circumvented one of Mastodon's primary tools for blocking bad actors, all so that his servers could connect to Threads.

We’ve criticized the security and privacy mechanisms of Mastodon in the past, but this new development should be eye-opening. Alex Gleason, the former Truth Social developer behind Soapbox and Rebased, has come up with a sneaky workaround to how Authorized Fetch functions: if your domain is blocked for a fetch, just sign it with a different domain name instead.

Gleason was originally investigating Threads federation to determine whether or not a failure to fetch posts indicated a software compatibility issue, or if Threads had blocked his server. After checking some logs and experimenting, he came to a conclusion.

“Fellas,” Gleason writes, “I think threads.net might be blocking some servers already.”

What Alex found was that Threads attempts to verify domain names before allowing access to a resource, a very similar approach to what Authorized Fetch does in Mastodon.

You can see Threads fetching your own server by looking at the facebookexternalua user agent. Try this command on your server:

grep facebookexternalua /var/log/nginx/access.log

If you see logs there, that means Threads is attempting to verify your signatures and allow you to access their data.

I got interested in this question a few years ago, when I started writing about the “denominator problem”. A great deal of social media research focuses on finding unwanted behavior – mis/disinformation, hate speech – on platforms. This isn’t that hard to do: search for “white genocide” or “ivermectin” and count the results. Indeed, a lot of eye-catching research does just this – consider Avaaz’s August 2020 report about COVID misinformation. It reports 3.8 billion views of COVID misinfo in a year, which is a very big number. But it’s a numerator without a denominator – Facebook generates dozens or hundreds of views a day for each of its 3 billion users – 3.8 billion views is actually a very small number, contextualized with a denominator.

The paper this post describes can be found here
Abstract:

YouTube is one of the largest, most important communication platforms in the world, but while there is a great deal of research about the site, many of its fundamental characteristics remain unknown. To better understand YouTube as a whole, we created a random sample of videos using a new method. Through a description of the sample’s metadata, we provide answers to many essential questions about, for example, the distribution of views, comments, likes, subscribers, and categories. Our method also allows us to estimate the total number of publicly visible videos on YouTube and its growth over time. To learn more about video content, we hand-coded a subsample to answer questions like how many are primarily music, video games, or still images. Finally, we processed the videos’ audio using language detection software to determine the distribution of spoken languages. In providing basic information about YouTube as a whole, we not only learn more about an influential platform, but also provide baseline context against which samples in more focused studies can be compared.

I got interested in this question a few years ago, when I started writing about the “denominator problem”. A great deal of social media research focuses on finding unwanted behavior – mis/disinformation, hate speech – on platforms. This isn’t that hard to do: search for “white genocide” or “ivermectin” and count the results. Indeed, a lot of eye-catching research does just this – consider Avaaz’s August 2020 report about COVID misinformation. It reports 3.8 billion views of COVID misinfo in a year, which is a very big number. But it’s a numerator without a denominator – Facebook generates dozens or hundreds of views a day for each of its 3 billion users – 3.8 billion views is actually a very small number, contextualized with a denominator.

The paper this post describes can be found here
Abstract:

YouTube is one of the largest, most important communication platforms in the world, but while there is a great deal of research about the site, many of its fundamental characteristics remain unknown. To better understand YouTube as a whole, we created a random sample of videos using a new method. Through a description of the sample’s metadata, we provide answers to many essential questions about, for example, the distribution of views, comments, likes, subscribers, and categories. Our method also allows us to estimate the total number of publicly visible videos on YouTube and its growth over time. To learn more about video content, we hand-coded a subsample to answer questions like how many are primarily music, video games, or still images. Finally, we processed the videos’ audio using language detection software to determine the distribution of spoken languages. In providing basic information about YouTube as a whole, we not only learn more about an influential platform, but also provide baseline context against which samples in more focused studies can be compared.

NEW YORK (AP) — New York’s attorney general filed suit Wednesday against SiriusXM, accusing the satellite radio and streaming service of making it intentionally difficult for its customers to cancel their subscriptions.

Attorney General Latitia James’ office said an investigation into complaints from customers found that SiriusXM forced subscribers to wait in an automated system before often lengthy interactions with agents who were trained in ways to avoid accepting a request to cancel service.

“Having to endure a lengthy and frustrating process to cancel a subscription is a stressful burden no one looks forward to, and when companies make it hard to cancel subscriptions, it’s illegal,” the attorney general said in a statement.

The company disputed the claims, arguing that many of the lengthy interaction times cited in the lawsuit were based on a 2020 inquiry and were caused in part by the effects of the pandemic on their operations. The company said many of its plans can be canceled with a simple click of a button online.

Attorney General Letitia James' Statement

“Verizon royally fucked up,” Poppy told me in a phone call. “There’s no way around it.” Verizon, she added, was “100% at fault.”

Verizon handed Poppy’s personal data, including the address on file and phone logs, to a stalker who later directly threatened her and drove to an address armed with a knife. Police then arrested the suspect, Robert Michael Glauner, who is charged with fraud and stalking offenses, but not before he harassed Poppy, her family, friends, workplace, and daughter’s therapist, Poppy added. 404 Media has changed Poppy’s name to protect her identity.

Glauner’s alleged scheme was not sophisticated in the slightest: he used a ProtonMail account, not a government email, to make the request, and used the name of a police officer that didn’t actually work for the police department he impersonated, according to court records. Despite those red flags, Verizon still provided the sensitive data to Glauner.

Remarkably, in a text message to Poppy sent during the fallout of the data transfer, a Verizon representative told Poppy that the corporation was a victim too. “Whoever this is also victimized us,” the Verizon representative wrote, according to a copy of the message Poppy shared with 404 Media. “We are taking every step possible to work with the police so they can identify them.”

In the interview with 404 Media, Poppy pointed out that Verizon is a multi-billion dollar company and yet still made this mistake. “They need to get their shit together,” she said.

Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers.

This vulnerability, known as “CitrixBleed,” is found in Citrix networking devices often used by big corporations and has been under mass-exploitation by hackers since late August. Citrix made patches available in early October, but many organizations did not patch in time. Hackers have used the CitrixBleed vulnerability to hack into big-name victims, including aerospace giant Boeing, the Industrial and Commercial Bank of China, and international law firm Allen & Overy.

Comcast's statement

Notice To Customers of Data Security Incident
December 18, 2023 04:30 PM Eastern Standard Time

PHILADELPHIA--(BUSINESS WIRE)--Xfinity is providing notice of a recent data security incident. Starting today, customers are being notified through a variety of channels, including through the Xfinity website, email, and news media.

On October 10, 2023, Citrix announced a vulnerability in software used by Xfinity and thousands of other companies worldwide. Citrix issued additional mitigation guidance on October 23, 2023. Xfinity promptly patched and mitigated the Citrix vulnerability within its systems. However, during a routine cybersecurity exercise on October 25, Xfinity discovered suspicious activity and subsequently determined that between October 16 and October 19, 2023, there was unauthorized access to its internal systems that was concluded to be a result of this vulnerability.

Xfinity notified federal law enforcement and initiated an investigation into the nature and scope of the incident. On November 16, Xfinity determined that information was likely acquired. After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords; for some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, the data analysis is continuing.

Xfinity has required customers to reset their passwords to protect affected accounts. In addition, Xfinity strongly recommends that customers enable two-factor or multi-factor authentication to secure their Xfinity account, as many Xfinity customers already do. While Xfinity advises customers not to re-use passwords across multiple accounts, the company is recommending that customers change passwords for other accounts for which they use the same username and password or security question.

Customers with questions can contact Xfinity’s dedicated call center at 888-799-2560 toll-free 24 hours a day, seven days a week. More information is available on the Xfinity website at www.xfinity.com/dataincident.

Customers trust Xfinity to protect their information, and the company takes this responsibility seriously. Xfinity remains committed to continued investment in technology, protocols and experts dedicated to helping to protect its customers.

We answer the questions readers asked in response to our guide to anonymizing your phone

About the LevelUp series: At The Markup, we’re committed to doing everything we can to protect our readers from digital harm, write about the processes we develop, and share our work. We’re constantly working on improving digital security, respecting reader privacy, creating ethical and responsible user experiences, and making sure our site and tools are accessible.

This is a follow-up article. Here's the first piece, if you'd like to read that one as well

In one of the coolest and more outrageous repair stories in quite some time, three white-hat hackers helped a regional rail company in southwest Poland unbrick a train that had been artificially rendered inoperable by the train’s manufacturer after an independent maintenance company worked on it. The train’s manufacturer is now threatening to sue the hackers who were hired by the independent repair company to fix it.

After breaking trains simply because an independent repair shop had worked on them, NEWAG is now demanding that trains fixed by hackers be removed from service.

In one of the coolest and more outrageous repair stories in quite some time, three white-hat hackers helped a regional rail company in southwest Poland unbrick a train that had been artificially rendered inoperable by the train’s manufacturer after an independent maintenance company worked on it. The train’s manufacturer is now threatening to sue the hackers who were hired by the independent repair company to fix it.

After breaking trains simply because an independent repair shop had worked on them, NEWAG is now demanding that trains fixed by hackers be removed from service.