It could be corn cobs rather than carrots that have the best prospects – thanks to the abundance of lignin and cellulose found in the crop – to improve night vision. Researchers in China have used the materials to produce near-infrared (NIR) transparent optical filters for advanced imaging applications that highlight nature’s growing appeal to device makers.

“Lignocellulose-based bio-sourced materials are abundant, renewable, nontoxic, and mechanically strong candidates for optical materials,” explains the team in a paper published recently in Research – a Science Partner Journal.

READ NEXT

Could biomining turn electronics green?

NIR filters are crucial to the success of night vision cameras, as we shall soon discuss, and designs are typically made using two approaches. One option requires expensive glass materials that – while effective – can involve complicated fabrication steps. Alternatively, developers can use ultraviolet-visible absorbing dyes, which are easier to work with.

However, neither option has the environmental or economic appeal of using waste corn cobs. Plus, the performance – based on prototypes tested by the group – could be superior to conventional night vision components.

Why night vision cameras use NIR filters

To be effective, night vision cameras need to maximize the available light, which – once the sun has gone down, or is blocked indoors – is to be found in the NIR portion of the electromagnetic spectrum. NIR filters isolate this usable illumination band, while preventing interference from other wavelengths.

Without an NIR filter, night vision cameras would be easy to blind using a torch or a smartphone flash. Imaging systems would be similarly affected by other artificial light sources such as vehicle headlamps.

READ NEXT

Fungal machines: building computers and sensors from nature

Regular digital cameras have an NIR blocking filter that stops photos and video from appearing washed out and makes sure that images match the optical response of the human eye.

As an aside, removing the NIR blocking filter from a digital camera can allow users to peer inside electronic devices that otherwise appear to be opaque – for example, if the case material is transparent to NIR light. Vein viewer technology uses near-infrared light to visualize major blood vessels beneath the skin, which also exploits the sensitivity of commercial imaging sensors outside the visible spectrum.

Eye-tracking in the near-infrared

Night vision style cameras are particularly well-suited to eye-tracking, as the NIR images provide strong contrast for algorithms to respond to. And there are a number of applications that exploit this opportunity. For example, several chip designers such as Qualcomm and Analog Devices have offerings that focus on driver and occupant monitoring for automotive applications.

Eye-tracking solutions, which operate at NIR wavelengths, can determine where the driver is looking at any moment in time to ensure that attention is being paid to the road ahead. Systems can also spot if the driver appears sleepy or is using a cell phone while the vehicle is in motion, and issue a safety warning.

Also, eye-tracking persists even if occupants are wearing sunglasses, as regular lenses are designed to block harmful ultraviolet rays and are transparent to NIR light. However, it’s possible to purchase privacy-focused spectacles, such as products sold by Reflectacles, which are fitted with an IR blocker.

READ NEXT

Ambient light sensor exposes screen privacy issue

In this case, the wearer’s eyes will remain obscured to 3D infrared facial mapping software and 2D facial recognition systems that use infrared light as their illumination source.

Returning to the researchers’ corn cob-derived NIR filter, the combination of cellulose and lignin appears to produce a high-performance and practical film.

“The captured lignin was fused to fill the gaps in a cellulose network, which then held the fibers tightly and created a homogeneous dense structure,” comments the group. “Both the lignin and the dense structure provided the biofilter with unique optical properties, including strong UV-vis light blocking (~100% at 400 nm and 57.58% to 98.59% at 550 nm), low haze (close to 0%), and high NIR transmittance (~90%).”

The post Corn cobs have night vision prospects appeared first on TechHQ.

• Apple labels PQ3 as “Level 3” security, highlighting its robust properties for iMessage.
• PQ3 adds a post-quantum key to Apple device registration for iMessage.
• PQ3 adds a rekeying mechanism for iMessage, enhancing security.

The imperative for impregnable security measures has reached a crescendo in the ever-accelerating march toward quantum computing dominance. Today, as the quantum supremacy specter looms, the clamor for steadfast cryptographic shields has amplified. So, in a groundbreaking move, Apple has unveiled PQ3, a cutting-edge post-quantum cryptographic protocol tailored for iMessage. Touted by the tech giant as possessing “unparalleled” security features, PQ3 represents a paradigm shift in communication security.

READ NEXT

Companies consider post-quantum cryptography options

At the heart of Apple’s embrace of post-quantum cryptography (PQC) lies a deep understanding of the evolving threat landscape. Simply put, as quantum computing advances, traditional cryptographic methods face unprecedented challenges, making the integration of PQC imperative for safeguarding sensitive data and preserving user privacy. 

For context, with their exponential computational power, quantum computers can potentially render existing encryption algorithms obsolete, posing significant risks to data security. Recognizing this, Apple has proactively invested in research and development to pioneer cryptographic solutions capable of withstanding quantum attacks.

That’s where the latest addition to Apple’s cryptographic arsenal, the PQ3 protocol, represents a paradigm shift in communication security. By introducing a new post-quantum encryption key within the iMessage registration process, Apple ensures that data exchanged through its platform remains protected against future quantum threats. PQ3 also incorporates advanced security features, such as a rekeying mechanism within iMessage conversations, designed to mitigate the impact of critical compromises and bolster overall resilience. 

“To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world,” Apple’s Security Engineering and Architecture (SEAR) team stated in a blog post a week ago.

PQ3 for iMessage integrates post-quantum key establishment and ongoing self-healing ratchets. Source: Apple

A quantum leap in messaging security

Traditionally, messaging platforms rely on classical public key cryptography like RSA, elliptic curve signatures, and Diffie-Hellman key exchange for secure end-to-end encryption. These algorithms are based on complex mathematical problems deemed computationally intensive for conventional computers, even with Moore’s law in play. But the advent of quantum computing poses a new challenge.

A powerful enough quantum computer could solve these mathematical problems in novel ways, potentially jeopardizing the security of end-to-end encrypted communications. While quantum computers capable of decryption aren’t yet available (as far as we know, supervillains notwithstanding), well-funded attackers can prepare by exploiting cheaper data storage. They accumulate encrypted data now, planning to decrypt it later with future quantum technology—a tactic called “harvest now, decrypt later.”

When iMessage launched in 2011, it became the first widely available messaging app with default end-to-end encryption. Over the years, Apple has continually enhanced its security features. In 2019, the iPhone maker bolstered the cryptographic protocol by transitioning from RSA to elliptic curve cryptography (ECC) and safeguarding encryption keys within the secure enclave, increasing protection against sophisticated attacks. 

READ NEXT

Post-quantum cybersecurity picking up the pace in US

“Additionally, we implemented a periodic rekey mechanism for cryptographic self-healing in case of key compromise. These advancements underwent rigorous formal verification, ensuring the robustness of our security measures,” the blog post reads. So, the cryptographic community has been developing post-quantum cryptography (PQC) to address the threat of future quantum computers. These new public key algorithms can run on today’s classical computers without requiring quantum technology. 

Designing PQ3

Designing PQ3 involved rebuilding the iMessage cryptographic protocol to enhance end-to-end encryption, meeting specific goals:

1. Post-quantum cryptography: PQ3 protects all communication from current and future adversaries by introducing post-quantum cryptography from the start of a conversation.
2. Mitigating key compromises: It limits the impact of critical compromises by restricting the decryption of past and future messages with a single compromised key.
3. Hybrid design: PQ3 combines new post-quantum algorithms with current elliptic curve algorithms, ensuring increased security without compromising protocol safety.
4. Amortized message size: To minimize additional overhead, PQ3 spreads message size evenly, avoiding excessive burdens from added security.
5. Formal verification: PQ3 undergoes standard verification methods to ensure robust security assurances.

According to Apple, PQ3 introduces a new post-quantum encryption key during iMessage registration, using Kyber post-quantum public keys. These keys facilitate the initial critical establishment, enabling sender devices to generate post-quantum encryption keys for the first message, even if the receiver is offline.

PQ3 also implements a periodic post-quantum rekeying mechanism within conversations to self-heal from crucial compromise and protect future messages. This mechanism creates fresh message encryption keys, preventing adversaries from computing them from past keys.

The protocol utilizes a hybrid design, combining elliptic curve cryptography with post-quantum encryption during initial critical establishment and rekeying. Rekeying involves transmitting fresh public key material in line with encrypted messages, with the frequency of rekeying balanced to preserve user experience and server infrastructure capacity.

PQ3 continues to rely on classical cryptographic algorithms for sender authentication and essential verification to thwart potential quantum computer attacks. These attacks require contemporaneous access to a quantum computer and cannot be performed retroactively. However, Apple noted that future assessments will evaluate the need for post-quantum authentication as quantum computing threats evolve.

Apple iPhone 15 series devices are displayed for sale at The Grove Apple retail store on release day in Los Angeles, California, on September 22, 2023. (Photo by Patrick T. Fallon / AFP)

Why PQ3 on iMessage matters for iPhone Users

Integrating PQ3 into iMessage signifies a monumental leap forward in privacy and security for iPhone users. With the exponential growth of data and the looming specter of quantum computing, traditional encryption methods face unprecedented challenges. PQ3 mitigates these risks by providing quantum-resistant protection, ensuring that your conversations remain shielded from future threats. 

In essence, PQ3’s implementation in iMessage demonstrates Apple’s interest in safeguarding user privacy and staying ahead of emerging security threats. Beyond its robust encryption capabilities, PQ3 introduces a host of additional security features designed to enhance the overall integrity of iMessage. These include secure fundamental establishment mechanisms, cryptographic self-healing protocols, and real-time threat detection capabilities. 

By incorporating these advanced security measures, Apple ensures that iMessage remains a bastion of privacy in an increasingly interconnected world.

When can iPhone users expect the update?

Support for PQ3 will begin with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. Already available in developer previews and beta releases, PQ3 will automatically elevate the security of iMessage conversations between devices that support the protocol. As Apple gains operational experience with PQ3 globally, it will gradually replace the existing protocol within all sustained conversations throughout the year.

The post Apple updates iMessage to protect iPhone users from quantum attacks appeared first on TechHQ.

• Blink security cameras are currently available at extremely low prices, given their reputation.
• But Amazon cameras and video doorbells have a history of serious privacy concerns.
• Can Blink security cameras be hacked?

Amazon’s range of Blink home security cameras are at their all-time lowest prices, attracting new customers to these popular devices. These cameras are renowned for being cheaper than most of their competitors, but these latest price cuts take their affordability to a whole new level.

With competition on the home security camera market stronger than ever before, these price reductions seem to be a ploy to attract new customers. You could be forgiven for thinking the cameras must be low quality given their low prices, but Blink security cameras are renowned for being reliable wireless security devices with excellent battery life.

There must be a catch…right? Well, according to some reports, there are growing concerns regarding the privacy of these (and other) cloud connected devices.

Blink security cameras also come in the form of video doorbells, featuring HD video, motion detection, night vision, two-way audio, and local storage. There is also the option to subscribe to a cloud service storage if required. There is a downloadable Blink Home Monitor app, so homeowners can keep track of everything when they’re away. And, being Amazon, it’s no surprise that the cameras are compatible with Alexa. As Amazon says, “Blink and you’re home,” though we’re not sure what this slogan has to do with home security. According to some, a more appropriate slogan would be, “Blink and your data may be hijacked.”

READ NEXT

Will Amazon’s AI cameras improve driver safety – or are there privacy gaps?

Security vulnerabilities reported by some Blink users

There have been some reports of security issues with Blink cameras, but most have been swiftly dealt with by firmware updates by security researchers.

These vulnerabilities, though, have raised concerns, with some worrying their information and video footage could be hijacked. Then again, this is a concern with most security cameras, particularly those connected to the cloud.

When we look into Amazon’s history of security cameras, it seems the concern is warranted. Ring, another brand of security camera acquired by Amazon in 2018, has experienced a wide range of security and privacy problems over the last few years. And it’s not just the owner’s privacy at stake.

In 2021, Mr. Jon Woodard of the UK was told he had to pay his neighbor £100,000 after a court decided his Ring doorbell broke data laws and caused harassment. His neighbor felt she was under “continuous visual surveillance,” leading to the substantial claim. The lesson here is to never point your security camera at your neighbor’s bedroom.

Amazon has also had to pay out large settlements in Federal Trade Commission (FTC) settlements over Ring and Alexa privacy violations. Totaling $30 million, Amazon had to pay $5.8 million to settle with the FTC over Ring privacy violations and $25 million for Alexa privacy vulnerabilities.

READ NEXT

Amazon and Microsoft both fined millions for violating children’s data privacy

The FTC alleged that Ring gave third-party contractors access to customer videos, compromising customer private information. It was also alleged that fundamental security measures were not implemented by Ring to protect a user’s information from online threats, such as “brute force” attacks. One Ring employee is said to have watched thousands of videos of over 81 female users, who were identified through cameras designated for use in private or intimate settings.

Amazon acquired Blink almost a year before Ring, and, although Blink says is “is not in the business of selling [its] customers’ personal information to others,” it does collect data on users (it’s run by Amazon, after all).

The main question is this – can Blink cameras be hacked? Theoretically, yes – because these devices are wireless, they come with the risk of being hacked, as they can be accessed through the internet. The good news, though, is that there have been no official reports of this happening – yet.

Blink security cameras – are they more secure than Ring was?

The fact that Blink cameras have a local storage option means users don’t have to store videos on the cloud, providing better privacy than many other cloud-based security systems.

Further protection comes in the form of encryption. As Blink cameras typically stream footage using a wi-fi connection, Blink uses WPA2 wi-fi channels for encrypted streaming of videos, in the hope to prevent hacking through wireless devices. Information is further protected with Advanced Encryption Standard (AES), too.

As we mentioned, though, Blink security devices can still be hacked. A leading cybersecurity firm, Tenable Inc, experimented with the Blink ST2 model, finding several vulnerabilities and unsafe pathways within the wireless camera.

Such flaws could give a hacker access to the camera – and the live audio feed. Not only that, but Tenable Inc discovered hackers may also be able to hack other smart gadgets through a Blink camera. Out of the seven privacy issues, two were critical, including command injection flaws CVE-2019-3984 existing in Blink’s cloud communication endpoints, and CVE-2019-3989, existing in the device’s helper scripts. Amazon has responded to these privacy vulnerabilities, rectifying the severe security flaws.

READ NEXT

The Amazon device strategy to power your smart office

How a Blink security camera can be hacked

There have been no official reports of Blink cameras being hacked through the internet, but, like any loT device, they can be hacked either remotely or locally.

Blink cameras – too good to be true?

When hacked locally, the hacker gains access to the wireless network the camera utilizes, getting access to the local network. Sometimes, they will use a jammer to block the real network or use security breaches before using a fake network to get access to the camera. Fortunately, a hacker typically needs to be within close range, so this type of hacking is rare.

Remote hacking is the most common type with devices like Blink security cameras. A hacker will use a method known as “credential stuffing,” and scan for login details via data breaches or security gaps. From here, the hacker can view the camera password and username, spying on a camera without the owner’s knowledge. They may even change the camera’s settings, locking the owner out.

Blink cameras remain one of the most popular security devices out there, and Amazon’s recent price reductions may be a move to attract new customers, and move on from worries and threats of hacking.

The post Amazon’s Blink security cameras at their lowest prices – but how safe are they? appeared first on TechHQ.

• Vietnam is set to collect an enormous amount of biometric data from its citizens.
• Security in the system will obviously be paramount.
• The development seems likely to generate whole new waves of crime by bad actors – biocrime.

Biometric data is increasingly used in technological security systems, yet retina scans and voice recognition still call to mind the hi-tech lairs of fictional villains. Face ID seems a lot less glam when you’re trying to pay for a bus ticket with your phone.

Minority Report speculates on surveillance systems in 2054. Tom Cruise is there, too.

In Vietnam, citizens can now expect to give the government a slew of their biometric data, per the request of Prime Minister Pham Minh Chinh. Collection of biometric data will begin in July this year following an amendment to the Law of Citizen Identification passed in November 2023.

The amendment allows the collection of biometric data and record of blood type and other related information.

The Ministry of Public Security will collect the data, working with other areas of government to merge the new identification system into the national database. The new identification system will use iris scans, voice recordings and even DNA samples.

Vietnamese citizens’ sensitive data will be stored in a national database and shared across agencies to allow them to “perform their functions and tasks.” We’re sure the sharing of highly personal data won’t encounter any issues – accidental or otherwise.

Regarding the method of collection, the amended law says:

“Biometric information on DNA and voice is collected when voluntarily provided by the people or the agency conducting criminal proceedings, or the agency managing the person to whom administrative measures are applied in the process of settling the case according to their functions and duties whether to solicit assessment or collect biometric information on DNA, people’s voices are shared with identity management agencies for updating and adjusting to the identity database.”

Well, obviously.

Chairman of the National Defense and Security Committee, Le Tan Toi, has expressed the belief that a person’s iris is suitable for identification as it does not change over time and would serve as a basis for authenticating an identity.

As things currently stand, ID cards are issued to citizens older than 14, and aren’t mandatory for the six to 14 age range – though they can be issued if necessary. The new ID cards will look much the same but undergo several changes, not least the addition of holders’ biometric data.

They’ll incorporate the functions of some other ID documents too, including driver’s licenses, birth and marriage certificates, and health and social insurance documents. All of your personal information stored in the same place… What could go wrong?

Biometric data must be secured

Fingerprints on the ID card will be replaced by a QR code linked to the holder’s biometric and identifying data.

READ NEXT

Sesame seed-sized, anti-counterfeit tag gets smart glue upgrade

There are roughly 70 million adults in Vietnam, so the task of collecting the huge amount of data from them all will be no mean feat. In case you hadn’t got there yet: security will be paramount. The data on citizens is prime for identity theft; we might expect to see an increase in bad actor activity, including skimming to collect fingerprints from ATM machines.

Technology is always evolving, but it’s not necessarily guaranteed to evolve for the better. A group of researchers from China and America recently outlined a new attack surface, proposing a side-channel attack on the Automatic Fingerprint Identification system: “finger-swiping friction sounds can be captured by attackers online with a high possibility.”

Ensuring that the personal information of Vietnamese citizens is secure at every level is a responsibility the government must be prepared to take on.

There’s also the sticky issue of government surveillance that almost doesn’t bear thinking about. We’ll leave the tinfoil hat within reach.

From airport services to citizen ID…

The post Vietnamese government starts collecting biometrics appeared first on TechHQ.

RFID tags and other product identifiers such as barcode labels are useful in keeping track of goods across supply chains, but they have their limitations. You can put an RFID tag or barcode label on the outside of a product or box of supplies, but what about the smaller items inside? Paving the way for many more components to be securely labeled is an anti-counterfeit tag that measures just 2 x 2 mm (about the size of a sesame seed) devised by researchers in the US.

The approach, which was first unveiled in 2020, uses terahertz radiation to read cryptographic codes stored on the tiny chips. Similar to RFID designs, the data transfer process can be powered by energy emitted from the scanner, which means that the anti-counterfeit tag needs no battery and should last for years.

What is terahertz radiation?

Terahertz radiation has been described as light that is almost heat. And the terahertz range of frequencies sits at the far end of the infrared band, adjacent to the microwave band, within the electromagnetic spectrum.

READ NEXT

Five ways to improve supply chain performance

Not only can these submillimetre waves pass through clothing and plastics to image hidden objects, terahertz radiation can also be used to identify materials in its path based on spectroscopic fingerprints.

Given these properties, it’s no surprise to learn that the terahertz portion of the electromagnetic spectrum is ripe with security scanning applications. What’s more, unlike X-rays, terahertz radiation is non-ionizing – meaning that it won’t damage living cells.

So far, so good, but – as observers have highlighted – the original design of the MIT group’s anti-counterfeit tag shared a security vulnerability common to mainstream technology such as conventional RFID labels. By simply removing the security ID from a genuine product and attaching it to a fake item, counterfeiters would be able to easily defeat the authentication system.

Embark on a journey into the realm of invisible signatures, a game changer in brand protection.

Uncover the impact of our covert technology in redefining the battle against counterfeits: https://t.co/nwoTQXZLj0#Ennoventure #BrandProtection #AntiCounterfeiting #Technology pic.twitter.com/ZMrRmQ3kzu

— Ennoventure Inc. (@ennoventure) January 23, 2024

To combat this, the team has come up with an ingenious solution, which centers on the glue used to attach the anti-counterfeit tag to the host product. Small metallic particles are added to the adhesive during formulation and their final pattern when the tag is deployed is used as a security property.

“These metal particles are essentially like mirrors for terahertz waves. If I spread a bunch of mirror pieces onto a surface and then shine light on that, depending on the orientation, size, and location of those mirrors, I would get a different reflected pattern. But if you peel the chip off and reattach it, you destroy that pattern,” explains Ruonan Han – leader of the Terahertz Integrated Electronics Group.

The team is presenting its latest design at the 2024 IEEE International Solid-State Circuits Conference (ISSCC), which is taking place this week in San Francisco, CA. To incorporate the new security feature, users would take a reading of the anti-counterfeit tag when it was first attached to an item and then use that pattern data for verification.

Collaborating with colleagues at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL), the researchers have shown how a machine learning model can be trained to match glue patterns with more than 99 percent accuracy.

READ NEXT

Self-powered Bluetooth sensors support circular economy

The MIT project is by no means the only effort to secure supply chains. Quantum Base – a spin-out from Lancaster University in the UK – uses nanoscale quantum physical unclonable functions to assert that labeled goods are authentic. The anti-counterfeit solution is said to be impossible to copy, clone or fake and authenticates in seconds using a regular smartphone.

As Quantum Base points out, there are multiple reasons why firms would want to invest in anti-counterfeit tag technology. Companies that are unable to validate critical elements of their supply chain put their reputation at risk and expose themselves to substandard products.

The firm’s solution is based on carbon nanomaterials that – when applied to surfaces – can be used to generate security fingerprints, which are reported to be more unique than DNA.

The post Sesame seed-sized, anti-counterfeit tag gets smart glue upgrade appeared first on TechHQ.

• If you need to go bias-free, you might need a disposable browser.
• A disposable browser also stops tracking cookies and caches attaching to your search.
• What happens in a disposable browser stays (and dies) in a disposable browser.

We all know what disposable vapes are by now, but you may not have much clue about disposable browsers. Designed so users can undertake secure, one-time tasks, a disposable browser is an isolated, temporary web browser.

By using this type of browser, cybersecurity risks are lowered, due to the fact that it operates in a sandboxed environment (a Docker container or a virtual machine). That means you don’t need to worry about tracking and malware.

These isolated browsers are typically employed to execute small pieces of JavaScript code on different web browsers. For instance, developers may use one to test or validate processes, ensuring their JavaScript code works consistently and correctly across multiple web browsers.

As the name suggests, the browsers dispose of data from each logged session, ensuring a fresh start with the next session. That improves overall security and privacy, which can be particularly beneficial when entering sensitive data online.

Developers and testers benefit significantly from using disposable browsers, as they create a controlled, stable environment when testing and debugging various web applications. This is ideal as the browser does not allow pre-existing extensions, cached data, or cookies to interfere, providing a safer, more accurate online experience when testing, and/or debugging.

READ NEXT

What is a one-time browser, and why might you need one?

Disposable browser uses

Disposable browsers are ideal for anyone concerned with privacy when using social media. By using this isolated browser, you can prevent tracking and separate your online activities from any personal information. With data collection becoming more extensive on social media platforms, a disposable browser acts as a shield, stopping social media companies collecting your data.

Accessing untrusted or unknown links and sources can put your system and personal information at risk from malware infections and leaks. But a disposable browser creates a safe environment, preventing risks to the main operating system.

Trainees often use disposable browsers to learn cybersecurity skills. These browsers allow users to work with potentially malicious software or websites in complete safety. They prevent any risks to the network and host system, letting learners tackle dangerous threats within a controlled setting.

The internet is jam-packed with scammers, preying on online shoppers anonymously. A disposable browser, however, acts as a crime-fighting tool, enhancing privacy as you shop online. Users can buy goods and services online without leaving any sign of personal information, including their payment details. By using an isolated browser, shoppers can also avoid their shopping habits being shared, with no residual data, like a browsing history or cookies remaining once the session is finished. This results in a dreamy browsing experience with no data profiling or targeted advertisements.

As mentioned earlier, developers utilize disposable browsers to test various web applications on a range of browser engines. The clean environment offered by these browsers helps ensure a consistent user experience – which is crucial for users who engage with content across various browsers and operating system versions.

READ NEXT

Reviewing the new DuckDuckGo browser on Windows

How do disposable browsers work?

Disposable browsers operate on remote servers in Docker containers or virtual machines. When the next session begins, the browser is initiated with a clean slate and predefined image. This ensures a consistent and controlled environment for users as they browse.

When a user finishes a browsing session, the pre-configured image is discarded, isolating the previous browsing session, and enhancing security. No data, including cookies, cached files, and a user’s browsing history is saved, guaranteeing an uncontaminated, fresh start the next time they browse. A disposable browser is essentially a virtual fort or suit of armor, safeguarding a browser’s security and privacy, and deflecting potential threats, so online activities remain confidential and well-guarded.

Defeat data-harvesters in one almost-easy step.

Users receive the disposable browser’s interface in the form of a video feed, guaranteeing all online actions take place solely within the remote environment. Browsing patterns, history, and sensitive data are kept safe by the browser, protecting users from any potential threats, such as phishing scams or malware attacks.

READ NEXT

Help secure your business with a web browser

When using a disposable browser, you are inside an isolated, remote environment. When using a standard browser, your data is stored locally, exposing you to targeted ads based on your browsing history, cookies and cache. Regular browsers leave users open to security and privacy risks, whereas disposable browsers protect you from such harm. Whatever happens in a disposable browser stays in a disposable browser, giving users peace of mind and security. Think of a disposable browser as like Vegas – but without the two-drink minimum.

The modern internet is designed to suck your data like a techno-Riddler. Protect yourself with a disposable browser.

The post What is a disposable browser? Do you need one? appeared first on TechHQ.

• EU’s Interoperable Europe Act comes into force.
• Open standards, reusability and data exchange.
• Latest in range of laws to limit big tech monopolies.

The adoption on February 6th, 2024, of the EU’s Interoperable Europe Act will help ensure that public bodies in the Community use software and systems that can exchange information and technology freely between them. It aims to promote the reuse of data between public bodies, reducing separate silos of what can be effectively the same information, and to actively deploy and use systems that will make sure that happens easily.

READ NEXT

EU eyes technology sovereignty with its European Chips Act

A vital part of the framework rests on open systems and software that will not hinder public organizations from accessing information from others that’s held behind behind inaccessible barriers, such as paid-for API access, or proprietary (closed) data formats and databases. The de facto choice, therefore, for public bodies’ IT decision-makers should be a combination of free (as in libre) software and open standards.

The text of the Interoperable Europe Act contains a clear definition of free software licenses – “solutions that do not carry restrictive licensing terms, such as open source solutions.” The Act also states that public administrations should prioritize open-source software “when [it is] equivalent in functionalities, total cost, user-centricity, cybersecurity or other relevant objective criteria.” That, unfortunately, gives publicly-funded EU bodies an opt-out clause from using free and open-source software. According to the FSFE (Free Software Foundation Europe), the ambiguous wording in the Act means “the Commission is going in the opposite direction of the ‘Free Software first’ approach that this legislation needs,” and furthermore, “It […] shows a lack of ambition which could have led [the Interoperable Europe Act] to become a real game-changer.”

Lobbying by the FSFE throughout the progress of the IEA succeeded in mandating the Commission to provide an annual report on interoperability solutions for public services. The Act contains what it calls ‘Innovation and Support Measures,’ which include regulatory sandboxes (trial of new services and methods without some of the usual rules applying) to promote policy experimentation and the eventual scaling-up of interoperability solutions for reuse across the EU.

Open standards and interoperability

READ NEXT

Exploring the groundbreaking EU AI Act

Mandatory assessments for interoperability will also become a feature of IT decision-makers’ administrative burden, alongside the existing raft of reporting around data sovereignty, cybersecurity and data usage. To aid choices in technology solutions that use open standards, the Act describes an Interoperable Europe Portal where shared and reusable solutions can be listed and described.

Although, in general, the Interoperable Europe Act is a positive step to engender a more open approach to data exchange and the choice of systems deployed by public bodies, the progress of its implementation will have to be closely monitored. Open standards in technology drive platform agnosticism and vendors of large technology solutions will want to discourage migration away from closed systems to equivalent open-source software and open standards.

The private sector, in the form of big tech companies, has a significant interest in the EU’s public sector procurement processes: the most often-told tale that epitomizes this fact involves Microsoft’s move of its headquarters to near Munich, right around the time when there was significant impetus by city hall to shift its workforce from Microsoft’s platform and services to open-standard formats and vendor-neutral software.

That means that the acid test of the effectiveness of the Interoperable Europe Act will come as public sector technology contracts come due for renewal across Europe.

“European Union Expansion Celebration” by rockcohen is licensed under CC BY-SA 2.0.

The EU is often seen as an area of the world in which large technology companies have a more limited scope to practice compared to, for example, the US. The Digital Services Act and the Digital Markets Act, for example, impose new obligations and potential fines on companies for non-compliance that can amount to 10% of a business’s annual revenue. Under the Digital Markets Act, the European Commission has the authority to break up businesses that are repeat offenders against its legislation. These laws and ensuing powers granted to the intragovernmental body are designed to encourage competition and remove monopolistic practices from the European continent.

With IT playing an increasing and inescapable part of civil life, the EU’s attempts to protect its citizens are inextricably linked with technology, its implementation and use. In the same way as it legislates around drinking water quality, air pollution, and safety in the workplace, its concerns are not anti-business, but pro-people. Its ethos may be not appreciated everywhere in the world, but since the end of World War II, European countries have acted on the realization that peace and prosperity come through unity and collectivism, not unfettered free markets.

Lina Ceballos, FSFE policy project manager, stated, “We will monitor the implementation to make sure that free software reaches its full potential as an enabler of transparent, reusable and shareable solutions. We will also keep a close watch for opportunities where the free software community can engage and by providing its expertise support public administrations throughout the EU in delivering free software interoperable digital services.”

The post Europe becomes data-interoperable – but do its open standards fall short of the mark? appeared first on TechHQ.

• Raimondo warns against unwanted access for China to US cloud technology to build AI.
• The Secretary of Commerce is acting to block use of US tech for AI by China due to “security concerns.”
• The move, impacting players like Amazon and Microsoft, is anticipated to escalate tech tensions with China.

The long-standing rivalry between the US and China has evolved into many facades over the last decade. The intensifying competition underscores economic supremacy and national security concerns, shaping the dynamics of a burgeoning tech war. Last year, the battleground extended into the development of AI, but this year, the US has indicated the desire to control and dominate local cloud computing services. 

READ NEXT

Will US cloud computing restrictions on China have any impact?

Recent proposals suggest stringent measures to curb China’s access to US cloud computing firms, fueled by concerns over the potential exploitation of American technology for AI advancement. In a recent interview, US Secretary of Commerce Gina Raimondo emphasized the need to prevent non-state actors and China from utilizing American cloud infrastructure to train their AI models.

“We’re beginning the process of requiring US cloud companies to tell us every time a non-US entity uses their cloud to train a large language model,” Raimondo said at an event on January 27. Raimondo, however, did not name any countries or firms about which she was particularly concerned. Still, the maneuver is anticipated to intensify the technological trade war between the US and China, and signify a notable step toward the politicization of cloud provision.

The focal point of this battle lies in recognizing that controlling access to cloud computing is equivalent to safeguarding national interests. Raimondo parallels the control exerted through export restrictions on chips, which are integral to American cloud data centers. As the US strives to maintain technological supremacy, closing avenues for potential malicious activity becomes imperative.

Therefore, the proposal mandates explicitly firms like Amazon and Google to gather, store, and scrutinize customer data, resembling the weight of stringent “know-your-customer” regulations akin to those shaping the financial sector. Conversely, China has been aggressively pursuing AI development, seeking to establish itself as a global leader in the field. 

The US concerns stem from the dual-use nature of AI technologies, which can have both civilian and military applications. The fear is that China’s advancements in AI could potentially be leveraged for strategic military purposes, posing a direct challenge to US national security.

Of AI, cloud computing, and the US-China tech war

China’s Premier Li Qiang (R) speaks with US Commerce Secretary Gina Raimondo during their meeting at the Great Hall of the People in Beijing on August 29, 2023. (Photo by Andy Wong/POOL/AFP).

Although the US broadened chip controls in October, focusing on Chinese firms in 40+ nations, a gap remains. That is why it is paramount for the US to address how Chinese companies can still leverage chip capabilities through the cloud. Cloud technology has become the backbone of modern businesses and governments, making it a critical asset in the ongoing tech war. 

From start to finish, cloud computing is inherently political, Trey Herr, director of cyber statecraft at the Atlantic Council, told Raconteur. He said that its reliance on extensive physical infrastructure tied to specific jurisdictions makes it susceptible to local politics, adding that conversations about cloud security inevitably take on political dimensions.

READ NEXT

Huawei ends DC lobbying: What’s next for US-China relations?

In October 2023, Biden mandated the US Department of Commerce mandate disclosures, aiming to uncover foreign actors deploying AI for cyber-mischief. Now, the Commerce Department, building on stringent semiconductor restrictions for China, is exploring the idea of regulating the cloud through export controls. Raimondo said the concern is that Chinese firms could gain computing power via cloud giants like Amazon, Microsoft, and Google.

“We want to make sure we shut down every avenue that the Chinese could have to get access to our models or to train their models,” she said in an interview with Bloomberg last month. In short, China’s strides in AI and cutting-edge technologies are a paramount worry for the administration. After all, despite Washington’s efforts to curtail China’s progress through chip export restrictions and sanctions on Chinese firms, the nation’s tech giants resiliently achieve substantial breakthroughs, challenging the effectiveness of US constraints.

Nevertheless, regulating such activities in the US is still being determined because cloud services, which do not involve physical goods transfer, fall outside export control domains. Thea Kendler, assistant secretary for export administration, mentioned the potential need for additional authority in this space during discussions with lawmakers last month.

Addressing further loopholes, the Commerce Department also plans to conduct surveys on companies developing large language models for their safety tests, as mentioned by Raimondo on Friday. However, specific details about the survey requests were not disclosed.

What are cloud players saying?

As with previous export controls, US cloud providers fear that limitations on their interactions with international customers, lacking reciprocal measures from allied nations, may put American firms at a disadvantage. However, Raimondo said that comments on the proposed rule are welcome until April 29 as the US seeks input before finalizing the regulation.

What is certain is that the cloud will persist as an arena for trade war extensions and geopolitical maneuvers. Nevertheless, this tech war has broader implications for the global tech ecosystem. It prompts questions about data sovereignty, privacy, and the geopolitical alignment of technological alliances. As the US seeks to tighten its grip on the flow of technology, China is compelled to find alternative routes to sustain its AI ambitions.

The outcome will shape the future trajectory of technological innovation, with ramifications extending far beyond cloud computing and AI development. 

US Commerces Secretary Gina Raimondo confirms the full on economic war on China (and US businesses).

The goal of the US is to slow down China's tech advances. US gonna double down on its sanctions on China pic.twitter.com/7MTyq5IpFO

— Carl Zha (@CarlZha) December 7, 2023

The post Biden weighs blocking China’s access to US cloud tech, fearing AI advancement appeared first on TechHQ.

• The Kia Challenge on social media has seen a 1000% rise in thefts of particular vehicles since 2020.
• Who’s to blame? TikTok, the thieves, the manufacturers?
• TikTok has tried to remove challenge videos, but the trend has already spread to other platforms.

READ NEXT

Cyber-Attack Vectors in the Automotive Sector – Part 1: Signal Attacks

The so-called Kia Challenge has caused a huge increase in car theft. In 2021, a hack appeared on TikTok: how to hijack vulnerable Kias. More often than not, lifehack videos are fodder for ridicule or far-off aspiration; hot glue gun shoes or an automatic toothpaste dispenser.

But at the end of 2023, Morgan Goldwich found her Kia Optima had been stolen – by people following the trend. After filing a police report, she was amused to hear mention of the Kia Boys, perpetrators of a trend that involved stealing Kias and Hyundais, taking them for joy rides and dumping them.

Unlike most bigtime crime gangs, the Kia Boys post most of their illegal activity online. Goldwich was surprised that she had been a target, though: her car was old (2015) and scuffed, certainly not worth enough money to appeal to the average car thief.

Enter: the Kia Challenge, which surfaced in 2021, showing how to hijack vulnerable cars using just a USB cord.

The Kia Challenge – how it works

READ NEXT

Tesla hits the brakes, recalling over 2 million cars due to autopilot misuse

Kia models manufactured between 2011 to 2021, and Hyundais from between 2015 to 2021, lack electronic immobilizers. The security feature requires a unique chip in the key for the car to start. Without it, thieves can break a window, unscrew the steering column, plug a USB into the ignition and, hey presto, they’re the lucky new owner of the car.

TikTok did attempt to remove videos showing the simplicity of the process, but the trend had already spread. A recent report found that thefts of Kias and Hyundais have increased 1000% since 2020.

The stolen cars are generally taken for a spin and then dumped, so are likely to be found shortly after the theft, with some damage. Goldwich’s showed up in a parking lot a week after being stolen.

Although she was lucky to find her car, she owed a $1000 deductible for the damages. When she phoned her insurance company, however, they informed her that Kias and Hyundais were no longer being insured in her area. Why? Well, because they keep getting stolen!

In the UK, similar ‘crimetoks’ have caused mass involvement of teens in robberies. In this case, an organized robbery on Oxford Street was arranged via the app, with videos showing dates, times, and even dress codes for the event.

What’s interesting is the fact that, despite almost two decades of teens having access to social media, TikTok is the first platform ton which users appear to encourage widespread crime. That’s not to say that MySpace was never used to discuss a plan of attack – and we’ve all been reminded of the Facebook posts Gypsy-Rose Blanchard wrote after her mother’s murder.

Blame the manufacturers?

Car theft – the latest social media trend.

It’s easy to point fingers at social media, but the car manufacturers are also at fault. The failure to add immobilizers to their vehicles is the grounds of a lawsuit that will see Kia and Hyundai pay out millions of dollars to theft victims.

Both are issuing free software updates to affected owners to help curb the issue, and some law enforcement agencies provide free steering wheel locks, which could come in handy too. Hyundai owners can buy a personalized security kit at their local dealers.

So, the usual preventative measures plus some, seems to be the advice to car owners. We can’t wait to see the launch of the first car insurance company to offer TikTok Kia Challenge cover.

EDIT January 25: References to the Kia Challenge broadened to include social media as, although the hack first appeared on TikTok it wasn’t the only platform that the trend appeared on.

The post Steal a car with just a USB cord and a TikTok account appeared first on TechHQ.

• The intimidation of the Steiners by eBay is the stuff of movie legend.
• A campaign of harrassment was intended to “take down that woman.”
• The parcels sent to the Steiners verge on the psychotic.

eBay has agreed to pay a $3m criminal penalty after being convicted of the harassment and stalking of a Massachusetts couple, Ina and David Steiner, who had been subjected to threats and intimidation in the form of unpleasant parcels.

The Justice Department charged eBay with stalking, witness tampering and obstruction of justice after employees, who have already been individually prosecuted, ran an extensive scheme to intimidate the Steiners.

The Steiners received packages containing live spiders, cockroaches, a funeral wreath and a bloody pig mask – vacuum-packed and no doubt terrifying after the Steiners had to reject delivery of a foetal pig. But why were they targeted?

Ina and David Steiner run EcommerceByte from their home. Photo via Boston Globe/Getty Images.

The birth of EcommerceBytes

When eBay launched in 1995, the Steiners were fascinated – they were keen second-hand shoppers already, so the online format was an intriguing change. The clunky website and not-so-savvy internet users of the time gave rise to an idea: the Steiners launched their website in 1999 and EcommerceBytes was born.

Today, the site has some 600,000 monthly users and most of its subscribers make a living selling items on eBay. In the world of ecommerce, EcommerceBytes is akin to The Times. But sellers aren’t the only readers.

Former US Attorney Andrew Lelling said the plan to target the couple, a “campaign of terror,” was formed in April 2019 at eBay. Devin Wenig, who was CEO of the company at the time, shared a link to a post Ina Steiner had written about his annual pay.

Chief communications officer Steve Wymer responded “We are going to crush this lady.”

About a month later, Ina wrote an article about a lawsuit brought by eBay accusing Amazon of poaching its sellers. Half an hour after it was published, Wenig sent a message saying “If you are ever going to take her down… now is the time.” Wymer later texted eBay security director Jim Baugh: “I want to see ashes. As long as it takes. Whatever it takes.”

According to investigators, Baugh then dispatched a security team to Boston, about 20 miles from where the Steiners live.

Jim Baugh was sentenced to five years in jail in for his harrasment of the Steiners on behalf of eBay in 2022. Image: the Boston Globe via AP.

“Senior executives at eBay were frustrated with the newsletter’s tone and content, and with the comments posted beneath the newsletter’s articles,” the Department of Justice wrote in its Thursday announcement.

Wenig, who was the company’s CEO at the time of the stalking campaign, resigned from eBay in September 2019 with a $57 million exit package. He previously told 60 Minutes that he was appalled at what happened and would have stopped it had he been aware of it.

READ NEXT

How to prosecute an IT system: the Post Office Scandal in short

He hasn’t been criminally charged in the case and denies telling anyone to do anything illegal; his lawyer claims that “take her down” was taken out of context and referred to “lawful action” not the “series of bizarre criminal acts.”

Upon the announcement of eBay’s payment of the $3m fine, the Steiners wrote an article titled Victim Impact Statement in United States of America vs eBay Inc. and published it to EcommerceBytes, which is still active; Ina writes up to four articles for it daily.

“We were targeted because we gave eBay sellers a voice and because we reported facts that top executives didn’t like publicly laid bare,” Ina and David write.

“Since the government first arrested some of the perpetrators and filed charges in June 2020, we have heard from sellers who are fearful of communicating legitimate concerns to us (or to eBay and other marketplaces) because they fear retaliation.”

eBay vs the Steiners – an indicative case?

During 2023, we witnessed near enough every big-name tech company you can think of – be it social media giants Meta or good old Elon Musk’s Tesla – face allegations in court and pay out huge fines. Most recently, the Horizon scandal left the UK scandalized and only after decades has it been suggested that Fujitsu make pay some kind of reparation to the many sub-postmasters let down by its technological faults, and the subsequent horrifying practices of the UK Post Office.

To spell it out: just because giants like eBay and Meta need people to be successful, doesn’t mean they have anything but their own best interests at heart; in fact, because they rely on having a userbase, they’ll stop at nothing to ensure it continues to grow.

That means encouraging social media addiction among teens and silencing anyone who dares question the company’s practice. These huge corporations have the money to shoulder huge financial repercussions – as well as run terrorist-style intimidation campaigns, apparently – so is a fine really enough?

We’ve reached the point of holding tech companies accountable, but when will preventative bodies be formed? Who is ensuring more scandals like the ones being tried years after the fact aren’t currently happening in new forms?

Can we also address the insanity of someone like Jim Baugh being employed in eBay’s security division (while we’re at it, why does eBay have a security division?)? Known within the company as a loose cannon, Baugh claimed to be ex-CIA and had a reputation for demanding his team be on high alert at all times.

He offered to “neutralize Ina’s website in two weeks or less,” setting his team to work in Boston. The tactics used against the Steiners seem perfectly representative of a team, attuned to the possibility of constant attacks as if at war, finally being put to action.

So, perhaps the first step is not hiring sadists to uphold the security of a website made for reselling antiques.

The post eBay in the wrong after stalking and harrassing critics appeared first on TechHQ.