Category: Tech news

Fellow citizens! An important election is approaching, and you should vote in it. But are you registered? Are you sure? Why don’t you take ten seconds now to check?

Maybe you moved recently and the notices are going to your old place. Maybe your county had a records snafu. Maybe you’re one of thousands of voters being purged from the rolls in order to tip a close race. Who knows?

It’s very simple to do this online. You don’t need any documents and you don’t need to send anything in or call anyone. The nonpartisan Vote.org will query your state’s registration database for you, or you can scroll down a bit at that page and go directly to the state site to do it yourself.

If you’re not registered, don’t worry. Many states allow you to register right up until election day, and if you haven’t registered before or it’s been a while, all you really need is to be a citizen with a valid ID. Special welcome to all new citizens!

Some states have already closed registration: Alaska, Arizona, Arkansas, Georgia, Indiana, Kentucky, Michigan, Mississippi, Missouri, New Mexico, Ohio, Pennsylvania, Rhode Island, Tennessee and Texas. Some states have deadlines that have already passed for mail-in registration, in-person registration, and so on. But as of today it is still possible to register to vote in every state not listed above.

For instance here in Washington, online registration closed on October 8, but I could still register in person for the next couple weeks. In Delaware you only have until the 13th — but you can register online, by mail, or in person until then. South Carolina and Florida would normally have closed registration but have extended it because of the hurricane.

The New York Times has put together a comprehensive list of deadlines for each state, with links for each registration method. And if you’ll be gone for election day, November 6, you should be able to check your state’s site for an absentee or early voting ballot.

Every vote counts. Your candidates and issues need yours! Check if you’re registered at Vote.org or your state site, and if you’re not, there’s still time to register.

Facebook Friday offered more details about its recent breach. Here’s how to see if you were affected.

Apple has strongly criticized Australia’s anti-encryption bill, calling it “dangerously ambiguous” and “alarming to every Australian.”

The Australian government’s draft law — known as the Access and Assistance Bill — would compel tech companies operating in the country, like Apple, to provide “assistance” to law enforcement and intelligence agencies in accessing electronic data. The government claims that encrypted communications are “increasingly being used by terrorist groups and organized criminals to avoid detection and disruption,” without citing evidence.

But critics say that the bill’s “broad authorities that would undermine cybersecurity and human rights, including the right to privacy” by forcing companies to build backdoors and hand over user data — even when it’s encrypted.

Now, Apple is the latest company after Google and Facebook joined civil and digital rights groups — including Amnesty International — to oppose the bill, amid fears that the government will rush through the bill before the end of the year.

In a seven-page letter to the Australian parliament, Apple said that it “would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat.”

“We appreciate the government’s outreach to Apple and other companies during the drafting of this bill,” the letter read. “While we are pleased that some of the suggestions incorporated improve the legislation, the unfortunate fact is that the draft legislation remains dangerously ambiguous with respect to encryption and security.”

“This is no time to weaken encryption,” it read. “Rather than serving the interests of Australian law enforcement, it will just weaken the security and privacy of regular customers while pushing criminals further off the grid.”

Apple laid out six focus points — which you can read in full here — each arguing that the bill would violate international agreements, weaken cybersecurity and harm user trust by compelling tech companies to build weaknesses or backdoors in its products. Security experts have for years said that there’s no way to build a “secure backdoor” that gives law enforcement authorities access to data but can’t be exploited by hackers.

Although Australian lawmakers have claimed that the bill’s intentions are not to weaken encryption or compel backdoors, Apple’s letter said the “the breadth and vagueness of the bill’s authorities, coupled with ill-defined restrictions” leaves the bill’s meaning open to interpretation.

“For instance, the bill could allow the government to order the makers of smart home speakers to install persistent eavesdropping capabilities into a person’s home, require a provider to monitor the health data of its customers for indications of drug use, or require the development of a tool that can unlock a particular user’s device regardless of whether such tool could be used to unlock every other user’s device as well,” the letter said.

Apple’s comments are some of the strongest pro-encryption statements it’s given to date.

Two years ago, the FBI sued Apple to force the technology giant to build a tool to bypass the encryption in an iPhone used by one fo the the San Bernardino shooters, who killed 14 people in a terrorist attack in December 2015. Apple challenged the FBI’s demand — and chief executive Tim Cook penned an open letter called the move a “dangerous precedent.” The FBI later dropped its case after it paid hackers to access the device’s contents.

Australia’s anti-encryption bill is the latest in a string of legislative efforts by governments to seek greater surveillance powers.

The U.K. passed its Investigatory Powers Act in 2016, and earlier this year the U.S. reauthorized its foreign surveillance laws with few changes, despite efforts to close warrantless domestic spying loopholes discovered in the wake of the Edward Snowden disclosures.

The Five Eyes group of governments — made up of the U.K., U.S., Canada, Australia and New Zealand — further doubled down on its anti-encryption aggression in recent remarks, demanding that tech companies provide access or face legislation that would compel their assistance.

The Gadget Lab team breaks down this week’s tech news and welcomes special guest Ivy Ross to the show, to talk about the new Google Pixel products.

In April, TechCrunch broke the news that some of Mark Zuckerberg’s Facebook messages were deleted from recipients’ inboxes in what some saw as a violation of user trust and abuse of power since Facebook Messenger doesn’t have an Unsend button. The next morning, Facebook suddenly announced that it would actually build this Unsend functionality for everyone. But six months went by without a peep about the feature, furthering suspicions that the announcement that it would release an Unsend button was merely a PR driven response to the scandal, even if Facebook was just taking time to figure out the right way to build it.

Late last week, TechCrunch asked Facebook about its progress on Unsend ahead of the six month mark, and the company told us “Though we have nothing to announce today, we have previously confirmed that we intend to ship a feature like this and are still planning to do so.”

Now we have our first look at the feature thanks to TechCrunch’s favorite tipster Jane Manchun Wong. She’s managed to generate screenshots of a prototype Unsend button from Facebook Messenger’s Android code. Other Facebook prototypes discovered by Wong like the Your Activity screentime dashboard, Instagram’s video calling and music stickers, and more features have gone on to receive official launches.

Currently, you can only delete messages from your own inbox — they still remain in the recipients’ inbox. But with this Unsend feature prototype, you’re able to remove a message from both sides of a conversation. However, the code indicates that in the current prototype there’s a “time limit”. That may mean users would only have a certain amount of time after they send a message to unsend it. That would essentially be an editing window in which users could take back what they said.

In response, a spokesperson confirmed that “Facebook internally tests products and features before they ship to the public so we can ensure the quality of the experience.”

The Unsend feature could be useful to people who say something stupid or inappropriate, disclose a secret they shouldn’t have, or want to erase evidence of their misdeeds. That could make users more comfortable speaking freely on the app, since they know they can retract their texts. Snapchat’s messages self-destruct unless purposefully saved to the thread by a user, permitting more off-the-cuff chatting.

But Unsend could also open vectors for abuse, as users could harass people over Messenger and then delete the evidence. Facebook will need to ensure that Unsend doesn’t accidentally become a weapon for bullies. That might mean allowing users to turn off the ability for their conversation partners to Unsend messages on a thread by thread basis, and/or a report button specifically for flagging messages that have since been retracted.

Facebook’s acquisition Instagram already lets users Unsend messages and Snapchat added an Unsend option in June. But those chat products are more designed for having fun, discussing memes, and sharing photos with close friends. Messenger has positioned itself as a core communications utility for the world. Messing with the permanence of messages could make it feel less reliable or truthful to some users. When we talk in person, our conversations aren’t written in stone forever…but there’s also no way to force someone to forget what you said.

[Postscript: Ideally, Facebook builds this similarly to Gmail’s Undo Send option, where you can only use it for a very short period of time after a message is sent, but still actually deliver messages in real time. The real confusion and trouble would come with being able to unsend messages well after they’ve been sent and even read.]

Tesla CEO Elon Musk confirmed Friday in a tweet that the Tesla-branded tequila called “Teslaquilla”—the bottle of liquor that co-starred in his April Fool’s Day joke about the automaker filing for bankruptcy — is “coming soon.”

Musk’s tweet was a response to a CNBC article that reported Tesla had filed an application with the U.S. Patent and Trademark Office to trademark “Teslaquila.”

Musk later tweeted a photo of a Teslaquila label.

The Teslaquila story began on April Fool’s Day after Musk posted a photo of himself passed out against a Tesla Model 3 “surrounded by “Teslaquilla” bottles, the tracks of dried tears still visible on his cheeks.” In the photo, Musk is holding a cardboard sign that reads “bankwupt.”

It’s important to note that the filing Monday is an “intent to use” trademark, which, just like it sounds, means Tesla has a “bona fide intention, and is entitled, to use the mark in commerce on or in connection with the identified goods/services.”

Facebook has announced a relatively small but significant purge of bad actors from the platform: 810 pages and accounts that have “consistently broken our rules against spam and coordinated inauthentic behavior.” It may not seem like a lot, but it sounds like the company is erring on the side of disclosure even if the news isn’t particularly hard-hitting.

These were not, as far as Facebook could tell, part of an organized nation-state effort or political interference campaign, like the Iranian and Russian groups previously highlighted in these ban alert posts. These are pages that use networks of fake accounts and pages to drive traffic to clickbait articles strictly for the purpose of ad revenue.

810 can’t be much more than a drop out of the bucket of fake accounts on Facebook — of which there are millions — but the company’s focus right now isn’t individual bad actors but coordinated ones.

A few hundred accounts working together to do a bit of ad fraud produces a sort of digital footprint that might look similar to a a few hundred accounts working together to push a political narrative or sow discontent.  And one can turn into the other quite easily.

There are patterns of logins, likes, visits, account creation, and so on that Facebook has been working hard to identify — recently, at least. Although they’ve designed their net to catch the nation-state actors and large-scale operations that have previously been uncovered, small fry like these spammers are getting tangled up as well. Not a bad thing.

“Given the activity we’ve seen — and its timing ahead of the US midterm elections — we wanted to give some details about the types of behavior that led to this action,” the company wrote on its blog.

No doubt they also want to give the impression that there is indeed a cop on the beat. Expect more announcements like this through the midterms as Facebook strives to make it clear that it is working round the clock to keep you, its valuable product users, safe.

Are you one of the 30 million users hit by Facebook’s access token breach announced two weeks ago? Here’s how to find out.

1. Visit this Facebook Help center link while logged in: https://www.facebook.com/help/securitynotice?ref=sec.
2. Scroll down to the section “Is my Facebook account impacted by this security issue?”
3. Here you’ll see a Yes or No answer to whether your account was one of the 30 million users impacted. Those affected will also receive a warning like this atop their News Feed:
   
4. If Yes, you’ll be in one of three categories:
   A. You’re in the 15 million users’ whose name plus email and/or phone number was accessed.
   B. You’re in the 14 million users’ who had that data plus account bio data accessed including “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.”
   C. You’re in the 1 million users whose access token was stolen but your account was never actually accessed with it. Lucky you.

 

So what should you do if you were hacked?

1. You don’t necessarily have to change your Facebook password or credit card info, as there’s no evidence that data was accessed in the attack.
2. Watch out for spam or scam calls, emails or messages as your contact info could have been sold to unscrupulous businesses.
3. Be on alert for phishing attempts that may try to email you and get you to sign in to one of your online accounts on a fake page that will steal your data. If you get a suspicious email that looks like it’s from Facebook, you can check here to see if it’s legitimate.
4. If you’re in group B who had their bio info accessed, you may want to contact your bank or cell phone provider and add additional security layers such as a pincode. That’s because hackers may have enough biographical info to perform social engineering attacks where they pretend to be you and use stolen data to answer security questions and gain access to your accounts so they can spam your friends, steal and sell your social media handles, or port your phone number to their phone to intercept two-factor authentication prompts.
5. Consider whether Facebook still deserves to host what you share.

If Facebook and Google’s recent security debacles proved anything, it’s that disclosure is tricky business.

Facebook has now detailed what data was scraped and stolen in the breach it revealed two weeks ago. 30 million users, not 50 million as it initially estimated, had their access tokens stolen by hackers. Users can check Facebook’s Help Center to find out if their information was accessed, and Facebook will send customized alerts to those impacted detailing what was accessed from their account and what they can do to recover. It’s currently not clear if all the information accessed was necessarily scraped.

Facebook’s VP of product managment Guy Rosen told reporters on a press call that “We are cooperating with the FBI on this matter” and that “the FBI have asked us not to discuss who may be behind this attack” as its own investigation is ongoing. Disclosing anything about perpetrator now could cause them to cover tracks.

15 million of the 30 million users had their name plus phone number and/or email accessed. 14 million had that info plus potentially more biographical info accessed, including “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches”. The remaining 1 million users’ information wasn’t accessed.

Facebook’s other apps including Messenger, Messenger Kids, Instagram, WhatsApp, Workplace, and Pages, as well as its features for payments, third-party apps, advertisers, and developers were not accessed. Facebook says that law enforcement has asked it not to discuss evidence regarding who committed the attack as the FBI continues its investigation.

Facebook says the breach started when hackers with some access tokens exploited a combination of three bugs related to its “View As” privacy feature for seeing your profile from the perspective of someone else. This let them gain access to those accounts’ friends leading them to steal access tokens 400,000 accounts, and used a different method to then grab tokens from 30 million of their friends.

Unlike most breaches, this one appears to have turned out to be less severe then initially expected. Users seem to already be forgetting about the breach after a short hiccup where they had to log back in to Facebook. It’s possible that that could impact Facebook’s user counts slightly in its Q3 earnings report. But unless a truly nefarious use case for the accessed data is revealed, the breach could fade into the noise of non-stop cybersecurity failures across the web, including Google+’s breach that was covered up and has now prompted the Facebook competitor’s shut down.

A new video of SpotMini, a quadruped robot, shows the mechanical pup looking more businesslike than usual.

When the FDA discovers that a supplement is contaminated, it might issue a voluntary recall—and that’s about where the action stops.

Xbox’s planned service, known internally as Project xCloud, could let you stream games anywhere.

Opinion: This Big Oil-backed climate tax is something Republicans and Democrats can agree on.

Obsessive online learning can often lead to nothing but bottomless pits.