Category Archives: News

Article note: The most fascinating thing to me is that there are indicators of biological race that are so blatant that shitty low-hanging pattern recognition tools can find them, but it's so fraught/taboo to discuss biological race even to enable better targeted medical care that no one is/will admit to being aware of them.

Article note: The incentive structure is to vomit papers, so people vomit papers. Here we see the naturally resulting arms race between plagiarism detection tools and "automatic paraphrasing" tools in action. Some of the automatic paraphrases are amazing, "flag to clamor" for signal to noise, "focal preparing unit" for CPU, "arbitrary right of passage" for random access.

Article note: It's official.

Article note: There are a few things I notice that are a little odd as far as attribution lines, but it's a nice chart with a ton of truly obscure things broken out.

Article note: Sigh. Privacy getting "Think of the children"'d again. You build the technical capability to scan all your users' devices for undesirable content of any particular kind (with sketchy perceptual hashing tools! Surely nothing bad will happen there! How you feelin' "human inspection" hired to spend all day looking at pictures of people's kids in baths to make sure nothing sketchy is going on?), and you will get pressure from governments and interest groups to scan for arbitrary other things, because you have already expressed that your system can do so. Previous similar tools were a little less gross there was a "It's running server side, we're making sure we aren't storing or transporting illegal content" pseudo-justification, and the _vendor_ was running it on their hardware instead of user's expensive devices they supposedly "own" snitching on them.

Article note: This is solidly in the "Consequences of dung-beetle programming" column.

Article note: For 2/3 complaints, all they had to do was say they were focusing on scaling and urgently needed management features during the pandemic, not ...blatantly lie... about their encryption features, and not insert spyware APIs into their code. The "zooombombing is the platform's fault" one is a little more of a stretch, since Zoom was very suddenly pushed into all kinds of unintended new use-cases ... but see above, it _is_ what they should have been working on.

Enlarge / Technical preview of Zoom's end-to-end encryption, made available months after Zoom was caught lying to users about how it encrypts video calls. (credit: Zoom )

Zoom has agreed to pay $85 million to settle claims that it lied about offering end-to-end encryption and gave user data to Facebook and Google without the consent of users. The settlement between Zoom and the filers of a class-action lawsuit also covers security problems that led to rampant "Zoombombings."

The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California. It came nine months after Zoom agreed to security improvements and a "prohibition on privacy and security misrepresentations" in a settlement with the Federal Trade Commission, but the FTC settlement didn't include compensation for users.

As we wrote in November, the FTC said that Zoom claimed it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, in a January 2019 white paper, in an April 2017 blog post, and in direct responses to inquiries from customers and potential customers. In reality, "Zoom did not provide end-to-end encryption for any Zoom Meeting that was conducted outside of Zoom's 'Connecter' product (which are hosted on a customer's own servers), because Zoom's servers—including some located in China—maintain the cryptographic keys that would allow Zoom to access the content of its customers' Zoom Meetings," the FTC said. In real end-to-end encryption, only the users themselves have access to the keys needed to decrypt content.

Article note: That's one hell of a hunt, and excellent process documentation. Because I spend over half the year trying to teach EE/ECE sophomores to design, build, and debug digital hardware, I really respect good process docs for hunting hard bugs.

Article note: ...Nice. Into the "talking to old computers" toolbox.

Article note: So, I'm totally onboard that Americans' weird selectively puritanical attitudes are absurd, and having our hegemonic tech firms enforce them is not a good thing. We've been having this fight forever, go read Nabokov's afterword _On a Book Entitled Lolita_ from 1956 and its the same discussion with better language. ...But also, please don't blow smoke up my ass about intentionally overtly sexualized content being anything other than what it is. It's right there in the handle, it's a highly effective strategy to get those engagement dollars, don't be disingenuous. Let's be civil, throw a THOT tag on the things that use sex to drive engagement, and move on. I know the reason why not is ad dollars, advertisers are major perpetrators of the sexual-but-not-pornographic attention grab, if it puts them off, they're full of shit and we can not let them filter on it.