Thursday

,
Apple discontinued the iPhone SE in September when iPhone XS and XR models were released, but in January, Apple started selling off its remaining stock via its clearance site for $249.

Every time Apple restocks the clearance site, available iPhone SE models go quick, suggesting there’s still quite a lot of interest in the 4-inch device. We recently picked up an iPhone SE to see just what it’s like using one in 2019.

Subscribe to the MacRumors YouTube channel for more videos.


The iPhone SE was Apple’s last 4-inch iPhone, and compared to a 5.8-inch iPhone X, a 6.1-inch iPhone XR, or a 6.5-inch iPhone XS Max, it’s tiny. Coming from one of these phones to the iPhone SE almost makes the iPhone SE feel like a toy.

On the plus side, it’s so small and light that it’s easy to use one handed, something you can’t necessarily do with Apple’s biggest iPhones. With its aluminum backing, the iPhone SE is more durable than Apple’s new all-glass smartphones.

The iPhone SE pre-dates Face ID, of course, so it’s using a Touch ID Home button, which is great for those who continue to prefer fingerprint sensors to facial recognition.

There’s also a headphone jack, which has been eliminated from all current iPhones (and the most recent iPad Pro models), and it has separate volume up and down buttons along with a power button at the top of the device instead of a side button.

Apple released the iPhone SE in 2016, so it’s using three-year-old hardware. It has an A9 processor, which was also used in the iPhone 6s and 6s Plus back in 2015, along with 2GB RAM (vs. 3 in the XR and 4 in the XS).


You might think it’d be noticeably slower than newer iPhones, but, surprisingly, for built-in apps it’s speedy. When using Mail, Messages, Calendar, FaceTime, and other similar built-in apps, the iPhone SE is as speedy as 2018 iPhones.

It’s not, however, able to hold up when using apps built for newer iPhones with more modern processors, nor does it have the same augmented reality capabilities. The camera is fine and is the same camera in the iPhone 6s, but it’s lacking the improvements made over the last three years.

If you don’t care about camera quality, prefer a smaller screen, and don’t need to use processor-intensive apps and games, the iPhone SE is a compact, easy-to-hold smartphone that still holds up even in 2019.

Apple’s clearance site continues to have iPhone SE models in stock that are unlocked, but ship with Verizon and T-Mobile SIMs. The iPhone SE with 32GB of storage is priced at $249, while the iPhone SE with 128GB of storage is available for $299.

Ahead of when the iPhone XS, XS Max, and XR were released, there were some rumors suggesting Apple was working on a second-generation version of the iPhone SE 2.

Some of that information was conflated with iPhone XR rumors, though, and since the 2018 devices launched, we’ve heard no more about another 4-inch iPhone except for some chatter suggesting Apple has nixed all plans for a new iPhone SE.

At this point in time, it looks like the iPhone SE will continue to be the last 4-inch device available from Apple.

Source link

,

Facebook has changed its story after initially trying to downplay how it targeted teens with its Research program that a TechCrunch investigation revealed was paying them gift cards to monitor all their mobile app usage and browser traffic. “Less than 5 percent of the people who chose to participate in this market research program were teens” a Facebook spokesperson told TechCrunch and many other news outlets in a damage control effort 7 hours after we published our report on January 29th. At the time,  Facebook claimed that it had removed its Research app from iOS. The next morning we learned that wasn’t true, as Apple had already forcibly blocked the Facebook Research app for violating its Enterprise Certificate program that supposed to reserved for companies distributing internal apps to employees.

It turns out that wasn’t the only time Facebook deceived the public in its response regarding the Research VPN scandal. TechCrunch has obtained Facebook’s unpublished February 21st response to questions about the Research program in a letter from Senator Mark Warner, who wrote to CEO Mark Zuckerberg that “Facebook’s apparent lack of full transparency with users – particularly in the context of ‘research’ efforts – has been a source of frustration for me.”

In the response from Facebook’s VP of US public policy Kevin Martin, the company admits that (emphasis ours) “At the time we ended the Facebook Research App on Apple’s iOS platform, less than 5 percent of the people sharing data with us through this program were teens. Analysis shows that number is about 18 percent when you look at the complete lifetime of the program, and also add people who had become inactive and uninstalled the app.” So 18 percent of research testers were teens. It was only less than 5 percent when Facebook got caught. Given users age 13 to 35 were eligible for Facebook’s Research program, 13 to 18 year olds made of 22 percent of the age range. That means Facebook clearly wasn’t trying to minimize teen involvement, nor were they just a tiny fraction of users.

WASHINGTON, DC – APRIL 10: Facebook co-founder, Chairman and CEO Mark Zuckerberg testifies before a combined Senate Judiciary and Commerce committee hearing in the Hart Senate Office Building on Capitol Hill April 10, 2018 in Washington, DC. (Photo by Chip Somodevilla/Getty Images)

Warner asked Facebook “Do you think any use reasonable understood Facebook was using this data for commercial purposes includingto track competitors?” Facebook response indicates it never told Research users anything about tracking “competitors”, and instead dances around the question. Facebook says the registration process told users the data would help the company “understand how people use mobile apps,” “improve . . . services,” and “introduce new features for millions of people around the world.”

Facebook had also told reporters on January 29th regarding teens’ participation, “All of them with signed parental consent forms.” Yet in its response to Senator Warner, Facebook admitted that “Potential participants were required to confirm that they were over 18 or provide other evidence of parental consent, though the vendors did not require a signed parental consent form for teen users.” In some cases, underage users merely had to check a box to claim they had parental consent, and there was no verification of users’ ages or that their parents actually approved.

So to quickly recap:

Facebook targeted teens with ads on Instagram and Snapchat to join the Research program without revealing its involvement

The contradictions between Facebook’s initial response to reporters and what it told Warner, who has the power to pursue regulation of the the tech giant, shows Facebook willingness to move fast and play loose with the truth when it’s less accountable. It’s no wonder the company never shared the response with TechCrunch or posted a blog post or press release about it.

Facebook’s attempt to minimize the issue in the wake of backlash exemplifies the trend of of the social network’s “reactionary” PR strategy that employees described to BuzzFeed’s Ryan Mac. The company often views its scandals as communications errors rather than actual product screwups or as signals of deep-seeded problems with Facebook’s respect for privacy. Facebook needs to learn to take its lumps, change course, and do better rather than constantly trying to challenge details of negative press about it, especially before it has all the necessary information. Until then, the never-ending news cycle of Facebook’s self-made disasters will continue.

Below is Facebook’s full response to Senator Warner’s inquiry, and following that is Warner’s original letter to Mark Zuckerberg.

Additional reporting by Krystal Hu

Source link

,
,
Streaming music services like Apple Music, Spotify, Google Play Music, Pandora, and others are continuing to grow in popularity and in 2018, were responsible for 75 percent of total U.S. music industry revenues, according to a new year-end music industry report released today by the RIAA. [PDF]

Revenue from streaming platforms grew 30 percent year over year and hit $7.4 billion. Total music industry revenue for 2018 was at $9.8 billion, up from $8.8 billion in 2017 and $7.6 billion in 2016.


Digital downloads from storefronts like iTunes made up 11 percent of total revenue in 2018, and physical sales of records and CDs made up 12 percent. Digital downloads fell for the sixth consecutive year and were eclipsed by physical sales, which were also down, with the exception of vinyl record sales (up 8%).

Paid on-demand subscription services like Apple Music were responsible for much of the music industry’s revenue growth, with ad-supported services and customized radio services making up a smaller portion of the growth.


Overall subscription revenues increased a total of 32 percent from 2017 to 2018, totaling $5.4 billion, thanks to 42 percent growth in the average number of paid subscriptions.

The RIAA does not break down revenue by subscription music service, but at last count, Apple Music had 50 million paying subscribers, while Spotify had 87 million.

Source link

,

Disney is in discussions to buy AT&T’s 10 percent stake in Hulu, which it comes into by way of its WarnerMedia acquisition, according to a report from Variety this morning. The news is not surprising — AT&T had already said it was exploring a sale. And Disney has been looking to increase its stake in Hulu following its deal for 20th Century Fox which, when closed, will see Disney picking up Fox’s 30 percent share in Hulu.

Currently, Disney owns a 30 percent stake in Hulu’s streaming service. That means the Fox deal will give it a 60 percent stake in Hulu. Snagging AT&T’s Hulu share would bring Disney’s ownership to 70 percent.

Comcast/NBCU is Hulu’s other major owner, but isn’t currently prepared to sell, Variety said.

AT&T had detailed its streaming plans to investors in November, noting at the time it was thinking of selling its Hulu stake as part of its larger goal to “monetize assets” that were not essential to its current strategies and to help pay down its debt. Its Hulu share is valued at $930 million.

AT&T has little interest in Hulu because it’s building out its own internet-based streaming services, including live TV service DirecTV Now; the more lightweight WatchTV; and a new service that leverages its WarnerMedia properties. WarnerMedia also today operates streaming services for its brands, like HBO NOW, Boomerang, DC Universe and others.

Disney, meanwhile, is preparing to launch its family-friendly Netflix competitor, Disney+, but sees Hulu as a place to house its more adult-oriented programming and general entertainment properties.

Hulu today has 25 million subscribers, but is still a smaller player compared with Netflix because it’s not yet available worldwide. It also hasn’t invested in original programming at Netflix’s scale. Disney’s increased ownership will change these things and could help Hulu compete on the market against larger rivals like Netflix, AT&T/WarnerMedia and soon Apple, as well.

Source link

,
The foldable smartphone era is in full swing with the recent introductions of the Samsung Galaxy Fold and Huawei Mate X, and while it remains unclear if Apple will follow suit, the company has at least explored ideas related to foldable smartphones in patent applications over the past few years.
Huawei Mate X


In a patent application published by the U.S. Patent and Trademark Office today, titled “Electronic Devices With Flexible Displays,” Apple explains that foldable smartphone displays could be prone to damage when bent in cold temperatures, and describes various heating methods to mitigate the issue.

For example, Apple says the portion of the display that bends could be heated by lighting up the pixels in that area of the screen. Alternatively, a “heating element or other heating structure” could be used, although Apple wasn’t specific.

Apple’s illustration of a folding device, along with an expanded view showing the bendable area of the display being heated


The patent application, highlighted by AppleInsider, notes that the foldable smartphone could have a magnetic latching mechanism that would prevent the device from being folded or unfolded in very cold temperatures to avoid damage to the display. This would be in environments “significantly below room temperature.”

Apple files numerous patent applications every week, of course, and many of the inventions do not see the light of day. Patents are also very detailed, encompassing many possible ideas, even ones that Apple might not have any plans to advance. So, the exact implementation if any remains to be seen.

While unique, early foldable smartphones from Samsung and Huawei are far from perfect, with bulky designs and expensive price tags. Apple is unlikely to release a foldable iPhone unless it can meet the company’s strict quality standards.

Last year, Bank of America analyst Wamsi Mohan predicted that Apple is working on a foldable iPhone for release in 2020, while an earlier Korean report said Apple was developing a foldable iPhone alongside LG. However, it’s still not entirely clear if Apple will ever proceed with those plans.

Source link

,

US President Donald Trump said he was a “little impressed” that his former personal lawyer told Congress there was “no collusion” between Trump’s presidential campaign and Russia.

“He lied a lot, but it was very interesting because he didn’t lie about one thing, he said no collusion with the Russian hoax,” Trump said on Thursday. 

“I was actually impressed that he didn’t say, ‘Well, I think there was collusion for this reason or that’. He didn’t say that,” Trump added. 

Cohen told US politicians on Wednesday that he had no “direct evidence” that Trump or his aides had colluded with Russia to get him elected. He added, however, that he had his “suspicions”. 

In his explosive day-long testimony, the one-time fixer described what he said were incidents in which Trump lied, including the payment of hush money to women.

Cohen said Trump lied throughout the 2016 election campaign about his business interests in Russia and had advance knowledge that emails damaging to Hillary Clinton would be released during the campaign.

Cohen also called Trump a “racist”, “conman” and “cheat”. 

Sceptical and, at times, hostile Republicans noted repeatedly that Cohen has already pleaded guilty to lying to Congress. 

‘Fake’ hearing

Trump, speaking at a press conference in Vietnam after his second summit with North Korea leader Kim Jong-un ended early on Thursday, said he tried to watch as much of Cohen’s marathon congressional hearing as he could.

He slammed the hearing as “fake” and said it was a “terrible thing” for Democrats to hold it during the summit. 

In a tweet, Trump suggested Cohen was testifying before Congress to reduce his prison sentence.

Cohen was sentenced to three years in prison after pleading guilty to several charges, including fraud, lying to Congress and campaign finance violations. His prison sentence is set to begin in May.

Cohen is testifying behind closed doors to the House Intelligence Committee on Thursday, capping a week of testimonies on Capitol Hill.

Cohen did not respond to questions from the Associated Press as he arrived this morning for his third and final session in Congress this week.

His private testimony before the House Intelligence Committee is expected to last all day. 

The panel has been probing Russian election meddling and any collusion with the Trump campaign.

SOURCE:
Al Jazeera and news agencies

Source link

,

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. FTC ruling sees Musical.ly (TikTok) fined $5.7M for violating children’s privacy law, app updated with age gate

In an app update released yesterday, all users will need to verify their age, and the under 13-year-olds will then be directed to a separate, more restricted in-app experience that protects their personal information and prevents them from publishing videos to TikTok.

And if you’re confused about Musical.ly versus TikTok: The Federal Trade Commission had begun looking into TikTok back when it was known as Musical.ly, and the ruling itself is a settlement with Musical.ly.

2. How Disney built Star Wars, in real life

Over the course of the past five years, Walt Disney Imagineering has been hard at work making the world of Star Wars a reality on Earth. Matthew Panzarino has all the details, with plenty of tantalizing images.

3. Amazon Prime members can choose a weekly delivery date with launch of ‘Amazon Day’

The option lets shoppers pick a day of the week to take delivery of their recent orders. The boxes will then arrive together on the selected Amazon Day, in fewer boxes.

4. Zūm, a ridesharing service for kids, raises $40M

Zūm is a mobile app that enables parents to schedule rides for their kids from fully vetted drivers. It also partners with school districts to support their transportation needs.

5. Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked

The data, since secured, is the financial giant’s Watchlist database, which companies use as part of their risk and compliance efforts.

6. SoftBank’s Vision Fund invests $1.5B in Chinese second-hand car startup Chehaoduo

The Beijing-based company operates two main sites — peer-to-peer online marketplace Guazi for used vehicles, and Maodou, which retails new sedans through direct sales and financial leasing.

7. Netflix may be losing $192M per month from piracy, cord cutting study claims

As many as one in five people today are mooching off of someone else’s account when streaming video from Netflix, Hulu or Amazon Video, according to a new study from CordCutting.com. Of these, Netflix tends to be pirated for the longest period.

Source link

,

A report by the lead data watchdog for a large number of tech giants operating in Europe shows a significant increase in privacy complaints and data breach notifications since the region’s updated privacy framework came into force last May.

The Irish Data Protection Commission (DPC)’s annual report, published today, covers the period May 25, aka the day the EU’s General Data Protection Regulation (GDPR) came into force, to December 31 2018 and shows the DPC received more than double the amount of complaints post-GDPR vs the first portion of 2018 prior to the new regime coming in: With 2,864 and 1,249 complaints received respectively.

That makes a total of 4,113 complaints for full year 2018 (vs just 2,642 for 2017). Which is a year on year increase of 36 per cent.

But the increase pre- and post-GDPR is even greater — 56 per cent — suggesting the regulation is working as intended by building momentum and support for individuals to exercise their fundamental rights.

“The phenomenon that is the [GDPR] has demonstrated one thing above all else: people’s interest in and appetite for understanding and controlling use of their personal data is anything but a reflection of apathy and fatalism,” writes Helen Dixon, Ireland’s commissioner for data protection.

She adds that the rise in the number of complaints and queries to DPAs across the EU since May 25 demonstrates “a new level of mobilisation to action on the part of individuals to tackle what they see as misuse or failure to adequately explain what is being done with their data”.

While Europe has had online privacy rules since 1995 a weak regime of enforcement essentially allowed them to be ignored for decades — and Internet companies to grab and exploit web users’ data without full regard and respect for European’s privacy rights.

But regulators hit the reset button last year. And Ireland’s data watchdog is an especially interesting agency to watch if you’re interested in assessing how GDPR is working, given how many tech giants have chosen to place their international data flows under the Irish DPC’s supervision.

More cross-border complaints

“The role places an important duty on the DPC to safeguard the data protection rights of hundreds of millions of individuals across the EU, a duty that the GDPR requires the DPC to fulfil in cooperation with other supervisory authorities,” the DPC writes in the report, discussing its role of supervisory authority for multiple tech multinationals and acknowledging both a “greatly expanded role under the GDPR” and a “significantly increased workload”.

A breakdown of GDPR vs Data Protection Act 1998 complaint types over the report period suggests complaints targeted at multinational entities have leapt up under the new DP regime.

For some complaint types the old rules resulted in just 2 per cent of complaints being targeted at multinationals vs close to a quarter (22 per cent) in the same categories under GDPR.

It’s the most marked difference between the old rules and the new — underlining the DPC’s expanded workload in acting as a hub (and often lead supervisory agency) for cross-border complaints under GDPR’s one-stop shop mechanism.

The category with the largest proportions of complaints under GDPR over the report period was access rights (30%) — with the DPC receiving a full 582 complaints related to people feeling they’re not getting their due data. Access rights was also most complained about under the prior data rules over this period.

Other prominent complaint types continue to be unfair processing of data (285 GDPR complaints vs 178 under the DPA); disclosure (217 vs 138); and electronic direct marketing (111 vs 36).

EU policymakers’ intent with GDPR is to redress the imbalance of weakly enforced rights — including by creating new opportunities for enforcement via a regime of supersized fines. (GDPR allows for penalties as high as up to 4 per cent of annual turnover, and in January the French data watchdog slapped Google with a $57M GDPR penalty related to transparency and consent — albeit still far off that theoretical maximum.)

Importantly, the regulation also introduced a collective redress option which has been adopted by some EU Member States.

This allows for third party organizations such as consumer rights groups to lodge data protection complaints on individuals’ behalf. The provision has led to a number of strategic complaints being filed by organized experts since last May (including in the case of the aforementioned Google fine) — spinning up momentum for collective consumer action to counter rights erosion. Again that’s important in a complex area that remains difficult for consumers to navigate without expert help.

For upheld complaints the GDPR ‘nuclear option’ is not fines though; it’s the ability for data protection agencies to order data controllers to stop processing data.

That remains the most significant tool in the regulatory toolbox. And depending on the outcome of various ongoing strategic GDPR complaints it could prove hugely significant in reshaping what data experts believe are systematic privacy incursions by adtech platform giants.

And while well-resourced tech giants may be able to factor in even very meaty financial penalties, as just a cost of doing a very lucrative business, data-focused business models could be far more precarious if processors can suddenly be slapped with an order to limit or even cease processing data. (As indeed Facebook’s business just has in Germany, where antitrust regulators have been liaising with privacy watchdogs.)

Data breach notifications also up

GDPR also shines a major spotlight on security — requiring privacy by design and default and introducing a universal requirement for swiftly reporting data breaches across the bloc, again with very stiff penalties for non-compliance.

On the data breach front, the Irish DPC says it received a total of 3,687 data breach notifications between May 25 and December 31 last year — finding just four per cent (145 cases) did not meet the definition of a personal-data breach set out in GDPR. That means it recorded a total of 3,542 valid data protection breaches over the report period — which it says represents an increase of 27 per cent on 2017 breach report figures.

“As in other years, the highest category of data breaches notified under the GDPR were classified as Unauthorised Disclosures and accounted for just under 85% of the total data-breach notifications received between 25 May and 31 December 2018,” it notes, adding: “The majority occurred in the private sector (2,070).”

More than 4,000 data breach notifications were recorded by the watchdog for full year 2018, the report also states.

The DPC further reveals that it was notified of 38 personal data breaches involving 11 multinational technology companies during the post-GDPR period of 2018. Which means breaches involving tech giants.

“A substantial number of these notifications involved the unauthorised disclosure of, and unauthorised access to, personal data as a result of bugs in software supplied by data processors engaged by the organisations,” it writes, saying it opened several investigations as a result (such as following the Facebook Token breach in September 2018).

Open probes of tech giants

As of 31 December 2018, the DPC says it had 15 investigations open in relation to multinational tech companies’ compliance with GDPR.

Below is the full list of the DPC’s currently open investigations of multinationals — including the tech giant under scrutiny; the origin of the inquiry; and the issues being examined:

  • Facebook Ireland Limited — Complaint-based inquiry: “Right of Access and Data Portability. Examining whether Facebook has discharged its GDPR obligations in respect of the right of access to personal data in the Facebook ‘Hive’ database and portability of “observed” personal data”
  • Facebook Ireland Limited — Complaint-based inquiry: “Lawful basis for processing in relation to Facebook’s Terms of Service and Data Policy. Examining whether Facebook has discharged its GDPR obligations in respect of the lawful basis on which it relies to process personal data of individuals using the Facebook platform.”
  • Facebook Ireland Limited — Complaint-based inquiry: “Lawful basis for processing. Examining whether Facebook has discharged its GDPR obligations in respect of the lawful basis on which it relies to process personal data in the context of behavioural analysis and targeted advertising on its platform.”
  • Facebook Ireland Limited — Own-volition inquiry: “Facebook September 2018 token breach. Examining whether Facebook Ireland has discharged its GDPR obligations to implement organisational and technical measures to secure and safeguard the personal data of its users.”
  • Facebook Ireland Limited — Own-volition inquiry: “Facebook September 2018 token breach. Examining Facebook’s compliance with the GDPR’s breach notification obligations.”
  • Facebook Inc. — Own-volition inquiry: “Facebook September 2018 token breach. Examining whether Facebook Inc. has discharged its GDPR obligations to implement organizational and technical measures to secure and safeguard the personal data of its users.”
  • Facebook Ireland Limited — Own-volition inquiry: “Commenced in response to large number of breaches notified to the DPC during the period since 25 May 2018 (separate to the token breach). Examining whether Facebook has discharged its GDPR obligations to implement organisational and technical measures to secure and safeguard the personal data of its users.”
  • Instagram (Facebook Ireland Limited) — Complaint-based inquiry: “Lawful basis for processing in relation to Instagram’s Terms of Use and Data Policy. Examining whether Instagram has discharged its GDPR obligations in respect of the lawful basis on which it relies to process personal data of individuals using the Instagram platform.”
  • WhatsApp Ireland Limited — Complaint-based inquiry: “Lawful basis for processing in relation to WhatsApp’s Terms of Service and Privacy Policy. Examining whether WhatsApp has discharged its GDPR obligations in respect of the lawful basis on which it relies to process personal data of individuals using the WhatsApp platform.”
  • WhatsApp Ireland Limited — Own-volition inquiry: “Transparency. Examining whether WhatsApp has discharged its GDPR transparency obligations with regard to the provision of information and the transparency of that information to both users and non-users of WhatsApp’s services, including information provided to data subjects about the processing of information between WhatsApp and other Facebook companies.”
  • Twitter International Company — Complaint-based inquiry: “Right of Access. Examining whether Twitter has discharged its obligations in respect of the right of access to links accessed on Twitter.”
  • Twitter International Company — Own-volition inquiry: “Commenced in response to the large number of breaches notified to the DPC during the period since 25 May 2018. Examining whether Twitter has discharged its GDPR obligations to implement organisational and technical measures to secure and safeguard the personal data of its users.”
  • LinkedIn Ireland Unlimited Company — Complaint-based inquiry: “Lawful basis for processing. Examining whether LinkedIn has discharged its GDPR obligations in respect of the lawful basis on which it relies to process personal data in the context of behavioural analysis and targeted advertising on its platform.”
  • Apple Distribution International — Complaint-based inquiry: “Lawful basis for processing. Examining whether Apple has discharged its GDPR obligations in respect of the lawful basis on which it relies to process personal data in the context of behavioural analysis and targeted advertising on its platform.”
  • Apple Distribution International — Complaint-based inquiry: “Transparency. Examining whether Apple has discharged its GDPR transparency obligations in respect of the information contained in its privacy policy and online documents regarding the processing of personal data of users of its services.”

“The DPC’s role in supervising the data-processing operations of the numerous large data-rich multinational companies — including technology internet and social media companies — with EU headquarters located in Ireland changed immeasurably on 25 May 2018,” the watchdog acknowledges.

“For many, including Apple, Facebook, Microsoft, Twitter, Dropbox, Airbnb, LinkedIn, Oath [disclosure: TechCrunch is owned by Verizon Media Group; aka Oath/AOL], WhatsApp, MTCH Technology and Yelp, the DPC acts as lead supervisory authority under the GDPR OSS [one-stop shop] facility.”

The DPC notes in the report that between May 25 and December 31 2018 it received 136 cross-border processing complaints through the regulation’s OSS mechanism (i.e. which had been lodged by individuals with other EU data protection authorities).

A breakdown of these (likely) tech giant focused GDPR complaints shows a strong focus on consent, right of erasure, right of access and the lawfulness of data processing:

Breakdown of cross-border complaint types received by the DPC under GDPR’s OSS mechanism

While the Irish DPC acts as the lead supervisor for many high profile GDPR complaints which relate to how tech giants are handling people’s data, it’s worth emphasizing that the OSS mechanism does not mean Ireland is sitting in sole judgement on Silicon Valley’s giants’ rights incursions in Europe.

The mechanism allows for other DPAs to be involved in these cross-border complaints.

And the European Data Protection Board, the body that works with all the EU Member States’ DPAs to help ensure consistent application of the regulation, can trigger a dispute resolution process if a lead agency considers it cannot implement a concerned agency objection. The aim is to work against forum shopping.

In a section on “EU cooperation”, the DPC further writes:

Our fellow EU regulators, alongside whom we sit on the European Data Protection Board (EDPB), follow the activities and results of the Irish DPC closely, given that a significant number of people in every EU member state are potentially impacted by processing activities of the internet companies located in Ireland. EDPB activity is intense, with monthly plenary meetings and a new system of online data sharing in relation to cross-border processing cases rolled out between the authorities. The DPC has led on the development of EDPB guidance on arrangements for Codes of Conduct under the GDPR and these should be approved and published by the EDPB in Q1 of 2019. The DPC looks forward to industry embracing Codes of Conduct and raising the bar in individual sectors in terms of standards of data protection and transparency. Codes of Conduct are important because they will more comprehensively reflect the context and reality of data-processing activities in a given sector and provide clarity to those who sign up to the standards that need to be attained in addition to external monitoring by an independent body. It is clarity of standards that will drive real results.

Over the reported period the watchdog also reveals that it issued 23 formal requests seeking detailed information on compliance with various aspects of the GDPR from tech giants, noting too that since May 25 it has engaged with platforms on “a broad range of issues” — citing the following examples to give a flavor of these concerns:

  • Google on the processing of location data
  • Facebook on issues such as the transfer of personal data from third-party apps to Facebook and Facebook’s collaboration with external researchers
  • Microsoft on the processing of telemetry data collected by its Office product
  • WhatsApp on matters relating to the sharing of personal data with other Facebook companies

“Supervision engagement with these companies on the matters outlined is ongoing,” the DPC adds of these issues.

Adtech sector “must comply” with GDPR 

Talking of ongoing action, a GDPR complaint related to the security of personal data that’s systematically processed to power behavioral advertising is another open complaint on the DPC’s desk.

The strategic complaint was filed by a number of individuals in multiple EU countries (including Ireland) last fall. Since then the individuals behind the complaints have continued to submit and publish evidence they argue bolsters their case against the behavioral ad targeting industry (principally Google and the IAB which set the spec involved in the real-time bidding (RTB) system).

The Irish DPC makes reference to this RTB complaint in the annual report, giving the adtech industry what amounts to a written warning that while the advertising ecosystem is “complex”, with multiple parties involved in “high-speed, voluminous transactions” related to bidding for ad space and serving ad content “the protection of personal data is a prerequisite to the processing of any personal data within this ecosystem and ultimately the sector must comply with the standards set down by the GDPR”.

The watchdog also reports that it has engaged with “several stakeholders, including publishers and data brokers on one side, and privacy advocates and affected individuals on the other”, vis-a-vis the RTB complaint, and says it will continue prioritizing its scrutiny of the sector in 2019 — “in cooperation with its counterparts at EU level so as to ensure a consistent approach across all EU member states”.

It goes on to say that some of its 15 open investigations into tech giants will both conclude this year and “contribute to answering some of the questions relating to this complex area”. So, tl;dr, watch this space.

Responding to the DPC’s comments on the RTB complaint, Dr Johnny Ryan, chief policy and industrial relations officer of private browser Brave — and also one of the complainants — told us they expect the DPC to act “urgently”.

“We have brought our complaint before the DPC and other European regulators because there is a dire need to fix adtech so that it’s works safely,” he told TechCrunch. “The DPC itself recognizes that online advertising is a priority. The IAB and Google online ‘ad auction’ system enables companies to broadcast what every single person online reads, watches, and listens to online to countless parties. There is no control over what happens to these data. The evidence that we have submitted to the DPC shows that this occurs hundreds of billions of times a day.”

“In view of the upcoming European elections, it is particularly troubling that the IAB and Google’s systems permit voters to be profiled in this way,” he added. “Clearly, this infringes the security and integrity principles of the GDPR, and we expect the DPC to act urgently.”

The IAB has previously rejected the complaints as “false”, arguing any security risk is “theoretical”; while Google has said it has policies in place to prohibit advertisers from targeting sensitive categories of data. But the RTB complaint itself pivots on GDPR’s security requirements which demand that personal data be processed in a manner that “ensures appropriate security”, including “protection against unauthorised or unlawful processing and against accidental loss”.

So the security of the RTB system is the core issue which the Irish DPC, along with agencies in the UK and Poland, will have to grapple with as a priority this year.

The complainants have also said they intend to file additional complaints in more markets across Europe, so more DPAs are likely to join the scrutiny of RTB, as concerned supervisory agencies, which could increase pressure on the Irish DPC to act.

Schrems II vs Facebook 

The watchdog’s report also includes an update on long-running litigation filed by European privacy campaigner Max Schrems concerning a data transfer mechanism known as standard contractual clauses (SCCs) — and originally only targeted at Facebook’s use of the mechanism.

The DPC decided to refer Schrems’ original challenge to the Irish courts — which have since widened the action by referring a series of legal questions up to the EU’s top court with (now) potential implications for the legality of the EU’s ‘flagship’ Privacy Shield data transfer mechanism.

That was negotiated following the demise of its predecessor Safe Harbor, in 2015, also via a Schrems legal challenge, going on to launch in August 2016 — despite ongoing concerns from data experts. Privacy Shield is now used by close to 4,500 companies to authorize transfers of EU users’ personal data to the US.

So while Schrems’ complaint about SCCs (sometimes also called “model contract clauses”) was targeted at Facebook’s use of them the litigation could end up having major implications for very many more companies if Privacy Shield itself comes unstuck.

More recently Facebook has sought to block the Irish judges’ referral of legal questions to the Court of Justice of the EU (CJEU) — winning leave to appeal last summer (though judges did not stay the referral in the meanwhile).

In its report the DPC notes that the substantive hearing of Facebook’s appeal took place over January 21, 22 and 23 before a five judge Supreme Court panel.

“Oral arguments were made on behalf of Facebook, the DPC, the U.S. Government and Mr Schrems,” it writes. “Some of the central questions arising from the appeal include the following: can the Supreme Court revisit the facts found by the High Court relating to US law? (This arises from allegations by Facebook and the US Government that the High Court judgment, which underpins the reference made to the CJEU, contains various factual errors concerning US law).

“If the Supreme Court considers that it may do so, further questions will then arise for the Court as to whether there are in fact errors in the judgment and if so, whether and how these should be addressed.”

“At the time of going to print there is no indication as to when the Supreme Court judgment will be delivered,” it adds. “In the meantime, the High Court’s reference to the CJEU remains valid and is pending before the CJEU.”

Source link

,

Announced at last year’s WWDC, Apple’s been firing up Siri Shortcuts at a fairly steady clip. The company says there are now “thousands” of apps integrating the iOS 12 feature, which bring all sorts of third-party functionality to the smart assistant.

There are five new Shortcuts available starting today. Most notable (depending on where you get your airline miles, I suppose) is probably the one from American Airlines. Saying, “Hey Siri, flight update” will provide you with information on your upcoming travel plans. The response uses location information to determine what to share, including flight status, travel time and the gate from which it will depart.

Caviar has a new Shortcut as well. It lets users check on food status or reorder frequent items, like, say, “order my usual pizza,” for those of us who are perfectly fine with the food related ruts we’ve dug ourselves into. Merriam-Webster, meanwhile, is adding a “word of the day” Shortcut, while Dexcom is bringing glucose monitoring to the smart assistant.

In the next couple of months, Apple will add Shortcuts from Airbnb, Drop, ReSound and coffee-maker Smarter. Those all join recent additions from Waze and Nike Run Club. Apple clearly sees the features as a way to build out Siri’s functionality following increased competition from the likes of Google and Amazon.

The addition of these sorts of features can make for a much richer voice ecosystem, all while leaving third-party developers to do a lot of the heavy lifting.

Source link

,
Qualcomm may be running out of time if it wants to supply Apple with 5G modems for its 2020 iPhones as some rumors suggest.


In a research note today, analysts at investment bank Barclays said that while they originally thought Qualcomm had an opportunity to supply the 5G modems to Apple, they now believe that time “seems to be running out” unless the two companies can settle their bitter legal battle in the next few weeks.

Back in November, it was reported that Apple will tap Intel as its 5G modem supplier instead, but Barclays analysts believe that the modem design for 2020 iPhones “needs to be set now,” and that the expected late 2019 availability of Intel’s first consumer 5G modem “does not work with Apple’s timeline.”

Apple recently testified that it held conversations with Samsung and MediaTek as potential alternative suppliers, but it’s unclear if those companies would be able to meet Apple’s production, quality, and cost demands.

Apple is also reportedly working on its own cellular modems, but research and development appears to be in the early stages.

Last week, Intel confirmed that it expects the first consumer products embedded with its 5G chips to be released in 2020, the same year Apple is rumored to release its first 5G-enabled iPhone, enabling faster data speeds.

Source link

,
,

Thailand’s government passed a controversial cybersecurity bill today that has been criticized for vagueness and the potential to enable sweeping access internet user data.

The bill (available in Thai) was amended late last year following criticism over potential data access, but it passed the country’s parliament with 133 positives votes and no rejections although there were 16 absentees.

There are concerns around a number of clauses, chiefly the potential for the government — which came to power via a military coup in 2014 — to search and seize data and equipment in cases that are deemed issues of national emergency. That could enable internet traffic monitoring and access to private data, including communications, without a court order.

The balance of power beyond enforcement has also been questioned. Critics have highlighted the role of the National Cybersecurity Committee, which is headed by the Prime Minister and holds considerable weight in carrying out the law. The Committee has been called upon to include representation from the industry and civic groups to give it greater oversight and balance.

Added together, there’s a fear that the law could be weaponized by the government to silence critics. Thailand already has powerful lese majeste laws, which make it illegal to criticize the monarchy and have been used to jail citizens for comments left on social media and websites. The country has also censored websites in the past, including the Daily Mail and, for a nearly six-month period in 2007, YouTube.

“The Asia Internet Coalition is deeply disappointed that Thailand’s National Assembly has voted in favor of a Cybersecurity Law that overemphasizes a loosely-defined national security agenda, instead of its intended objective of guarding against cyber risks,” read a statement from Jeff Paine, managing director of Asia Internet Coalition — an alliance of international tech firms that include Facebook, Google and Apple.

“Protecting online security is a top priority, however the Law’s ambiguously defined scope, vague language and lack of safeguards raises serious privacy concerns for both individuals and businesses, especially provisions that allow overreaching authority to search and seize data and electronic equipment without proper legal oversight. This would give the regime sweeping powers to monitor online traffic in the name of an emergency or as a preventive measure, potentially compromising private and corporate data,” Paine added.

Reaction to the law has seen a hashtag (#พรบไซเบอร์) trend on Twitter in Thailand, while other groups have spoken out on the potential implications.

Thailand isn’t alone in introducing controversial internet laws. New regulations, passed last summer, came into force in near-neighbor Vietnam on January 1 and sparked similar concerns around free speech online.

That Vietnamese law broadly forbids internet users from organizing with, or training, others for anti-state purposes, spreading false information, and undermining the nation state’s achievements or solidarity. It also requires foreign internet companies to operate a local office and store user information on Vietnamese soil. That’s something neither Google nor Facebook has complied with, despite the Vietnamese government’s recent claim that the former is investigating a local office launch.

Source link

,
coinhive cryptocurrency miner

Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019.

Regular readers of The Hacker News already know how Coinhive’s service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites.

For a brief recap: In recent years, cybercriminals leveraged every possible web vulnerability [in Drupal, WordPress, and others] to hack thousands of websites and wireless routers, and then modified them to secretly inject Coinhive’s JavaScript-based Monero (XMR) cryptocurrency mining script on web-pages to financially benefit themselves.

Millions of online users who visited those hacked websites immediately had their computers’ processing power hijacked, also known as cryptojacking, to mine cryptocurrency without users’ knowledge, potentially generating profits for cybercriminals in the background.

Now, while explaining the reason to shut down in a note published on its website yesterday, the Coinhive team said mining Monero via internet browsers is no longer “economically viable.”

“The drop in hash rate (over 50%) after the last Monero hard fork hit us hard. So did the ‘crash’ of the cryptocurrency market with the value of XMR depreciating over 85% within a year,” the service said.

“This and the announced hard fork and algorithm update of the Monero network on March 9 has lead us to the conclusion that we need to discontinue Coinhive.”

So users who have an account on Coinhive website with above the minimum payout threshold balance can withdraw funds from their accounts before April 30, 2019.

Though Coinhive was launched as a legitimate service for website administrators to alternative generate more revenue from their websites, its extreme abuse in cyber criminals activities forced tech companies and security tools to label it as “malware” or “malicious tool.”

To prevent cryptojacking by browser extensions that mine digital currencies without users’ knowledge, last year Google also banned all cryptocurrency mining extensions from its Chrome Web Store.

A few months after that Apple also banned all cryptocurrency mining apps from its official app store.

Source link

,
Apple Watch maintained pole position in the smartwatch market over last year’s fourth quarter as global smartwatch shipments continued to grow, according to the latest research from Strategy Analytics.


Apple shipped 9.2 million Apple Watch units during Q4 2018, according to the report, rising 18 percent from 7.8 million units in Q4 2017. Global smartwatch shipments meanwhile grew 56 percent annually to reach a record 18 million units in the same quarter.

Apple’s global smartwatch marketshare actually slipped to 51 percent this quarter, down from 67 percent a year ago, but Apple held on to first position with a 51 percent global smartwatch marketshare, while Samsung jumped to second place, overtaking Fitbit and Garmin.

The research corroborates an earlier report from consumer research firm The NPD Group that Apple Watch is the “clear market leader” in the U.S. smartwatch market, but it also underlines the growing threat of rivals like Samsung, which continues to invest heavily in wearables that are compatible with both Android devices and iPhones.

“Apple’s global smartwatch marketshare slipped to 51 percent this quarter, down from 67 percent a year ago,” said Neil Mawston, executive director at Strategy Analytics. “Apple Watch is losing marketshare to Samsung and Fitbit, whose rival smartwatch portfolios and retail presence have improved significantly in the past year.”

Apple doesn’t reveal Apple Watch unit sales from its overall earnings. But in a recent earnings call for the first quarter of the 2019 fiscal year, CEO Tim Cook said the company’s wearables revenue was being driven by the “amazing popularity” of Apple Watch and AirPods, and that the category was “approaching the size of a Fortune 200 company.”

Source link

,
If you subscribe to Apple Music and you have an Amazon Echo with Alexa enabled, you can get the smart speaker to play songs, artists, playlists, and more from Apple Music or playlists from your Library.

The following steps show you how to set up Apple Music on your Echo device. Keep reading to learn how it’s done. (Note that, as of writing, this feature is only available in the U.S.)

How to Set Up Apple Music on Amazon Echo

  1. Launch the Amazon Alexa app on your iPhone or iPad.

  2. Tap the menu icon in the upper left corner of the screen.
  3. Tap Settings.
  4. Tap Music under Alexa Preferences.
  5. Tap Link New Service.

  6. Tap Apple Music.
  7. Tap Enable to Use.
  8. Follow the onscreen instructions to sign in with your Apple ID.

Now you’ve linked the service to your Echo device, say something like “Alexa, play Reggae on Apple Music,” or “Alexa, play Lana Del Ray on Apple Music.”

Make Apple Music Alexa’s Default Music Service

To avoid having to say “…on Apple Music” each time you ask Alexa to play something, make Apple Music Alexa’s default music service by following these steps.

  1. Launch the Amazon Alexa app on your iPhone or iPad.
  2. Tap the menu icon in the upper left corner of the screen.

  3. Tap Settings.
  4. Tap Music under Alexa Preferences.

  5. Tap Default Services under Account Settings.
  6. Tap Apple Music.

While Apple Music can be controlled via Alexa, the feature is limited to Amazon’s own Echo devices at the current time. In the future, Amazon does plan to expand Apple Music availability to other Alexa-enabled third-party devices.

Source link

,

Some 3,000 journalists from 40 countries descended this week in Vietnam‘s Hanoi to cover the second summit between North Korean leader Kim Jong Un and US President Donald Trump.

On Thursday, at the start of the second day of high-stakes talks on denuclearisation, one of them shouted at the North Korean leader.

“Chairman Kim, are you confident?” David Nakamura, of the Washington Post, asked as the two men sat down before a one-on-one session.

What followed was almost certainly unprecedented.

“It is too early to tell. I would not make a prediction,” Kim said, after leaning back slightly to hear his interpreter’s whispers. “But my instinct is that good results will come out,” he added in his typically gravelly voice, in what was believed to be his first ever response to a foreign journalist.

South Korea‘s Unification Ministry, which deals with North Korean affairs, could not confirm whether it was the first time Kim answered a question from a foreign reporter. But journalists did not get opportunities to ask questions of Kim during his three summits with South Korean President Moon Jae-in and his four meetings with Chinese President Xi Jinping. 

Kim ignored questions shouted at him during his first summit with Trump last June in Singapore. In an earlier brush with foreign media at the opening of a war museum in Pyongyang in 2013, questions were shouted at him but not answered.

Question on human rights 

Later on Thursday, as if to prove his earlier response was not a fluke, Kim did it again.

As journalists were allowed to see the beginning of the final day of talks, Kim replied to several more questions from reporters in the White House pool – but observers cautioned against interpreting it as representing a new openness on the part of Pyongyang.

“I think it is something that is worth welcoming,” Kim said when asked about the possibility of a US liaison office being opened in Pyongyang.

He also said through the interpreter that he “would not be” in Hanoi if he were not willing to discuss denuclearisation – prompting a remark by Trump as well.

“Good answer. Wow. That might be the best answer that you’ve ever heard,” the US president said.

And when the reporters asked Kim if the two leaders would be talking about human rights, which he is accused of abusing, Trump jumped in again: “We’re discussing everything,” he said.

SOURCE:
Al Jazeera and news agencies

Source link

,

Wednesday

,
Apple is laying off 190 employees who worked in its Santa Clara and Sunnyvale self-driving car division, the company said in a letter to the California Employment Development Department that was shared by the San Francisco Chronicle.

Affected employees include 38 engineering program managers, 33 hardware engineers, 31 product design engineers, and 22 software engineers, with the layoff set to happen on April 16.


Last month, Apple confirmed that it was removing more than 200 employees from its autonomous car team, with some to be laid off and some to be relocated to other areas in the company.

At the time, an Apple spokesperson said that it was part of a restructuring where the team was focusing on its work for “key areas for 2019.”

“We have an incredibly talented team working on autonomous systems and associated technologies at Apple. As the team focuses their work on several key areas for 2019, some groups are being moved to projects in other parts of the company, where they will support machine learning and other initiatives, across all of Apple.”

“We continue to believe there is a huge opportunity with autonomous systems, that Apple has unique capabilities to contribute, and that this is the most ambitious machine learning project ever.”

Some rumors have suggested that the layoffs were because of a reorganization under former Tesla engineer Doug Field, who joined the company back in August 2018 to lead the car project alongside Bob Mansfield.

Apple started work on self-driving vehicles back in 2014, with rumors at the time suggesting Apple was working to develop a full electric vehicle at a secret location near its Cupertino headquarters.

Leadership issues, internal strife, and other problems impacted the development of the car, and in 2016, new information suggested Apple had shelved its plans for a car to instead focus on an autonomous driving system.

The hiring of Field, who was once Apple’s VP of Mac hardware before he went to Tesla, has, however, been seen as a sign that Apple is again developing a full autonomous vehicle, which could perhaps explain another major employee shakeup.

Despite the layoffs, Apple says it still sees a huge opportunity in autonomous systems in the future.

Source link

,
,
thunderbolt dma attack

Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks.

Known for years, Direct memory access (DMA)-based attacks let an attacker compromise a targeted computer in a matter of seconds by plugging-in a malicious hot plug device—such as an external network card, mouse, keyboard, printer, storage, and graphics card—into Thunderbolt 3 port or the latest USB-C port.

The DMA-based attacks are possible because Thunderbolt port allows connected peripherals to bypass operating system security policies and directly read/write system memory that contains sensitive information including your passwords, banking logins, private files, and browser activity.

That means, simply plugging in an infected device, created using tools like Interception, can manipulate the contents of the memory and execute arbitrary code with much higher privileges than regular universal serial bus peripherals, allowing attackers to bypass the lock screen or control PCs remotely.

To block DMA-based attacks, most operating systems and devices leverage Input/Output Memory Management Unit (IOMMU) protection technique to control which peripheral device (usually legitimate) can access memory and which region of the memory.

ThunderClap Flaws Bypass IOMMU to Re-Enable DMA Attacks

Now, a team of cybersecurity researchers from the University of Cambridge, Rice University, and SRI International has unveiled a set of new vulnerabilities in various major operating systems that could allow attackers to bypass IOMMU protection.

By mimicking the functionality of a legitimate peripheral device, an attacker can trick targeted operating systems into granting it access to sensitive regions of memory.

In a paper [PDF] published earlier this week, researchers detailed technical information of all new vulnerabilities that they claimed to have discovered using a hardware/software stack, called Thunderclap, which they build and also released in the open-source.

thunderbolt dma attack
thunderbolt dma attack

“Our work leverages vulnerabilities in operating system IOMMU usage to compromise a target system via DMA, even in the presence of an IOMMU that is enabled and configured to defend against DMA attacks,” the researchers said.

Besides this, the researchers also stressed that since IOMMU does not come enabled by default on most operating systems and since modern devices have USB-C, the attack surface of DMA attack has significantly increased which was earlier primarily limited to Apple devices with Thunderbolt 3 ports.

thunderbolt dma attack

“The rise of hardware interconnects like Thunderbolt 3 over USB-C that combine power input, video output, and peripheral device DMA over the same port greatly increases the real-world applicability of Thunderclap vulnerabilities.”

“In particular, all Apple laptops and desktops produced since 2011 are vulnerable, with the exception of the 12-inch MacBook. Many laptops, and some desktops, designed to run Windows or Linux produced since 2016 are also affected – check whether your laptop supports Thunderbolt.”

How to Protect Against Thunderclap Vulnerabilities

Researchers have reported their findings to all major hardware and operating system vendors, and most of them have already shipped substantial mitigation to address the Thunderclap vulnerabilities.

“In macOS 10.12.4 and later, Apple addressed the specific network card vulnerability we used to achieve a root shell,” researchers said. “Recently, Intel has contributed patches to version 5.0 of the Linux kernel.”

“The FreeBSD Project indicated that malicious peripheral devices are not currently within their threat model for security response.”

Though not all software patches can entirely block DMA attacks, users are still advised to install available security updates to reduce the attack surface. According to the researchers, the best way to fully protect yourself is to disable the Thunderbolt ports on your machine, if applicable.

thunderbolt dma attack

Additionally, researchers also developed a proof-of-concept attacking hardware that can execute the ThunderClap vulnerabilities on targeted systems, but they chose not to release it in public at this time.

Source link

Follow Us @soratemplates