 Coming up on DTNS, Google catches out another exploit this time in, oops, Android. Disney is fighting with Netflix and Amazon. And why this time when the government asks for weakening encryption, it's still a bad idea. This is the Daily Tech News for Friday, October 4th, 2019 in Los Angeles. I'm Tom Merritt. And from Studio Feline, I'm Sarah Lane. From Studio Snubs Tover, I'm Shannon Morris. John, the top tech stories from the shores of Lake area. I'm Len Peralta. And I'm the show's producer, Roger Chain. Oh, Snubs Tover. I like that. For the video people, I even decored the decorations in the background just for you. It's an apple cider, maple, pumpkin spice sort of feel. I like it. It is a boots and flannel type of day. Hashtag snubtober. Well, folks, if you like this kind of conversation, we were having a lot of it, talking about our favorite actors and actresses and all kinds of stuff on good day internet. You can become a member and get access to that show at patreon.com slash DTNS. Let's start with a few tech things you should know. Apple told the Financial Times that it's acquired UK motion capture company, iKinema. The company makes animation technology for games, VR, and more. iKinema specializes in real time procedural animation from real life people and also animals. Microsoft issued an out of band update for all supported versions of Windows through Windows Update to fix an IE scripting engine flaw, as well as a zero day Chrome exploit. The flaws were originally discovered and disclosed by Google's threat analysis group, and Microsoft released a patch on September 23rd to address it. This required a manual install, but the fix is now being pushed out automatically. This out of band update won't replace the scheduled October patch Tuesday on October 8th. Nikkei reports that sources say Apple told suppliers to increase production, increase production of iPhone 11s by 10%. That's about eight million more units. Suppliers speaking to Nikkei said Apple's original supply orders were conservative this year, initially placing orders lower than last year's. The increased production is reportedly mainly due to the iPhone 11 and iPhone 11 Pro units, with revised orders actually a little bit down for the bigger iPhone 11 Pro Max. Quibi founder Jeffery Katzenberg and Quibi CEO Meg Whitman will deliver a keynote presentation at CES on Wednesday, January 8th, 2020 at 9.30 a.m. in the Park Theater at the Park MGM Hotel. We at DTNS will be there, but we're somewhat disappointed that they won't be several 10 minute keynotes strung over the entire week. Commit to the bit. Come on, Quibi. Let's talk a little bit about Google's Project Zero, what they find, Shannon. All sorts of fun things. Google's Project Zero research group published details about an Android zero-day exploit being actively exploited in the wild. The exploit gives attackers full control of a device on at least 18 different Android headsets, handsets including several Pixel 1 and 2 models and Samsung Galaxy S7, S8 and S9 models. The local privilege escalation can defeat local sandboxing and be delivered through the web if chained to a renderer exploit. It can be delivered on its own as well through a siloed app. The Android team says a fix is coming in the October Android security update due out in just a few days with patches already delivered to partners. Google's Project Zero team said it appeared the exploit was being actively used by exploit developer NSO Group or one of its clients. NSO Group of course denied its involvement in a statement to Ars Technica. It appears the vulnerability was patched in Linux kernel 4.14 in 2018 and it made its way into Android after that, but it was never issued a CVE number so it was not retroactively applied to older versions of Android. That's why it's only showing up in Pixel 1 and 2 and the older Galaxy S7s. Yeah, this is something that probably most Android users, especially because it only applies to older models, need not worry too much about being a victim of. It's very specific. It has to be targeted and it's a pretty sophisticated one, right? Yeah, exactly. It is very sophisticated. That's one of the reasons why they are looking at NSO Group as being the attacker behind this is because of its sophistication, so it's most likely being something that is run by a state sponsored group or a state sponsored attacker. I do want to give credit to Maddie Stone, who is one of the people on Project Zero who reported this. It was her first zero day bug that she reported and she runs in my, I guess, info set community, so mad props to Maddie Stone on this. They do say that it is a high severity flaw, but luckily it is targeted, so chances of us regular consumers being targeted in this is very minimal. With that said, though, that's not a reason to just not update your phone if you have a Pixel 1 or 2. It does include XL models, but 3 and 3 XL and the 3A models are not included in this, so those are safe. I'm a little curious about what happened when it didn't get a CVE number, when they found this back in 2018. I can see where not having a CVE number would cause it to not be retroactively added to the Android update just because of the way project management happens. I mean, it would be great if there was some error correcting in the Google flow for that, but I'm wondering why that didn't happen, because theoretically when this was patched in kernel 4.14, it should have been patched in all versions of Android. It wasn't a technical issue that prevented that. It was a procedural issue. I agree. It could have just been a slip up. A lot of times there are vulnerabilities that never get CVEs, and a lot of times it just depends on how major they are. However, given that this one is a high severity flaw, you would think that it would have gotten that CVE in the past, so it might have just been that it was just accidentally never reported. That does happen, so luckily now they were able to patch it in Android. Well, thank you, Matty Stone. We appreciate your work. The Wall Street Journal sources say Disney will not accept advertisements from Netflix on its entertainment-related TV networks. So ABC, ABC Family, or it's not called that anymore, but the ABC networks that show sitcoms and that sort of thing, ESPN will still accept Netflix ads because it does sports. Disney told The Verge it reevaluated its strategy, quote, to reflect the comprehensive business relationships we have with many of these companies, and not quoting anymore. It apparently found a mutually beneficial relationship with Comcast, Amazon, and Apple. It'll still run ads from them, but in Netflix's case, it did not. The Wall Street Journal also reports sources telling it Disney may not end up launching a Disney Plus app on the fire TV because conflicts over how advertising is handled on the fire TV platform. Again, this is probably not Amazon wanting to run or monetize in-stream ads on Disney Plus. It probably has to do with the way things are counted or the way platform interface ads are handled, stuff like that. But it would be bad for both platforms if Disney Plus did not launch on the fire TV. The Netflix one, I think, is a little more understandable. I mean, you don't expect to see NBC advertising on CBS when you watch shows on broadcast. Now, I know a lot of you are snarkily saying, I don't see ads anyway because I don't watch any of that stuff. But you know what I'm saying, right? It is a little unusual. So let a direct competitor advertise your platform. You'd say, well, on the surface, of course, why would any company do that? But so many of these platforms are still in their infancy, really, that you kind of have to be reminded like, oh, yeah, old media wouldn't do this. If Disney doesn't want Netflix to advertise on their new platform, because for whatever reasons that Disney has, it's not that surprising. It's business. And honestly, I can see where they're saying, well, okay, we'll take an ad for Peacock because we're going to want to run an ad for Disney Plus on NBC. But Netflix doesn't have ads. And as far as I know, Disney may not be making any other television programs for Netflix or movies for Netflix, since they dropped the Marvel stuff. So there may be a little bad blood in the production side over there as well. I think you're probably right when you say that there might be some bad blood. It does kind of seem like that. And given that Disney is straight up just saying, no, we're not going to let Netflix advertise at all, do you think that it's going to hurt Netflix in any way? Or do you think that the market is already so inundated and subscribed to Netflix that it won't really mess them up? Yeah, these kinds of things are never make or break, are they? It's not going to sink Netflix to not have ads on ABC, but every little bit helps, and ABC is a big platform. So it is going to hurt them a little bit. They'll have to find other ways to acquire their new subscribers, I guess. Yeah, I think it all depends on how much the Disney folks might be folks that also aren't Netflix subscribers. Because Netflix is enjoying sort of been like top market dog for the sort of thing for quite some time, but there's a lot more competition now. Is there a point where Netflix is like, we need to advertise on that platform. And I don't think the company is there yet. Well, they wouldn't want to advertise on the platform in the first place if it wasn't going to help them somewhat, right? Exactly. Disney or Netflix was spending, I think it was about 13% of their total ad spend in 2018 on Disney owned entertainment network. So perhaps Netflix will find other ways to use that 13% of money and make some more awesome content for us. That's the question, right? Will they spend that 13% on other things that fill the gap well? The disputes don't end there folks. The Prime Video app is no longer available in Apple's App Store and neither Amazon nor Apple have commented on why this happened. The app was removed from the iOS and TV OS app stores in all regions except Australia, Guatemala, Hong Kong, Hungary, Israel, India, Kenya, Kuwait, Lithuania, Luxembourg, Madagascar, and Saudi Arabia. So now the question is, what do these countries have in common? And why did it get removed from places besides these countries? I mean, they're on the G through M spectrum for the most part, except for Australia and Saudi Arabia. Yeah. Come on, gum shoes. Help us figure this out. Where in the world is the Prime Video app? Well, I think the main weirdness of this is that neither Amazon or Apple even had some sort of a boilerplate response like, hey, we're working on it or, oh, you know, we don't comment on these sorts of things. Nothing. Yeah. I guess if it was a technical issue, you might expect Amazon to say, oh, there's an issue. We'll be putting the app back up later. Sorry. Hang in there. But maybe Apple doesn't want them to say that. On the other hand, if there was like a real issue, you think Amazon might be touting like, well, Apple pulled it and we don't know why, right? But so they're both not wanting to say anything, which makes me think it's not conspiracy oriented. It's not a misunderstanding. But it's something neither one of them want to admit to at this point. Who knows? Well, according to the TechCrunch article, they did place an update that says they learned the issue as technical in nature. But you're right, neither company has said anything in relation to the technical issue. So is it a privacy issue? Right. Is it a technical? I mean, because a technical issue could be like trying to put a subscription thing in there, right? Exactly. It could be that. But I don't know, maybe it's just a vulnerability or something that made it crash all the time. Who knows? Well, hopefully everything's fine and we'll see that app back in place for everybody who's panicking on Twitter right now. I mean, if you have it already, yours will still work. It'll still, it's still there. It just can't get the update. No new downloads. Yeah. Yeah. No new downloads and no updates. All right. Exactly. Well, the first all electric NASA test plane, the X 57 mod 2, arrived at the Armstrong Flight Research Center in California. NASA will test the plane's electric propulsion system with ground tests. The next phases include taxi and eventually flight, likely with the mod 2 and the mod 4 configurations, which will, unlike mod 2, come with wings. NASA will share its finding with companies in the aerospace industry and government regulators. The eventual aim is to develop certification standards for electric aircraft, including urban air mobility vehicles, which you might call flying cars. Yeah. Some VTOL stuff. This is a big step for electric flights. Electric flights big, not only for VTOL and so-called flying cars, but also for reducing pollution. And as Roger pointed out in our prep meeting today, just for reducing cost, because fuel is not only a polluter, but it also costs them a lot of money too. I'm excited that they're stepping into this whole market and this whole appeal, because having NASA kind of be the forefront runner of this is very exciting. I mean, I feel like they know what they're doing. And they're also going to be working on those certification standards too, which is going to be huge for safety when this kind of market comes to consumers, albeit that's going to be very far in the future. But it is very exciting. I think now is absolutely the time to act on this kind of electric aerospace industry, because we do have so many issues currently with climate and all of those kind of issues. We need to save our world. The first A in NASA is aerospace, right? So sometimes we forget that that's a big part of this. And there's some interesting stuff happening even on the ground with NASA right now. So thank you, NASA, for what you're doing. And we'll keep on top of this, because I think electric flight is going to be an interesting space to watch. A quick correction. It's aeronautics. Aeronautics. Thank you, Roger. Palmer Lucky's and Dural Company showed off footage of its Anvil battering ram drone taking down both fixed wing drones and quadcopters. Anvil is designed for short fast flights to take out drones from below. Flight critical components are positioned low to help Anvil land in one piece. Rogue drones and quadcopters are becoming a more common threat. Anvil is being designed for military uses in battle situations for the most part, not for domestic law enforcement at this point. But we know that this technology is often trickles down. And remember, we had the Gatwick Airport situation where they had to shut down the runways because there was a quadcopter that they couldn't find. So this is an interesting development in what I think is going to increasingly be one of those arms races of how do we protect the things we need to protect from quadcopters and drones? And this is a new way to do it and a demonstration that shows it working. Yeah, I try to think of what the equivalent is for something like this that people considered normal. For military operations, I don't know, shooting down a plane or all that stuff is like, okay, well, that already exists. And sometimes it's necessary and will save lives. This is not necessarily going to be that all of the time. But yeah, shooting down drones. Even, I don't know, I read a story the other day about more and more drones bringing in contraband to prisons. Will the prison system be looking into something like this in order to circumvent this kind of thing? Yeah, probably. Because who else is going to do it? And of course, most recently, the most famous current story is the allegations that quadcopters or drones were used to cause damage at oil refinery facilities in Saudi Arabia. So that is an actual military situation used for this as well. Folks, if you want to get all the tech headlines each day in about five minutes, be sure to subscribe to DailyTechHeadlines.com. All right, let's get back into it with a discussion of US Attorney General William Barr, UK Home Secretary Priti Patel, Australian Minister for Home Affairs Peter Dutton, and Acting US Secretary of Homeland Security Kevin K. McElene, signing an open letter to Facebook today, asking the company to delay plans for encryption in Messenger. For more than a decade now, under two different presidents, the United States Department of Justice has warned about going dark if end to end encryption is allowed to continue. And this particular letter seems to be responding to comments made by Mark Zuckerberg back in March. If you remember, in a wider announcement about changing the focus of what Facebook does to more private communications, Zuckerberg said, in a few years, I expect future versions of Messenger and WhatsApp to become the main ways people communicate on the Facebook network. We're focused on making both of these apps faster, simpler, more private and more secure, including with end to end encryption. At the time, everybody's like, great, you say you're gonna do it when now you have the government saying, please don't. Zuckerberg also added at the time, this is important to understanding this letter as well. When billions of people use a service to connect, some of them are going to misuse it for truly terrible things like child exploitation, terrorism and extortion. Those three are quoted word for word in the open letter. We have a responsibility, Zuckerberg continues, to work with law enforcement and to help prevent these wherever we can. We are working to improve our ability to identify and stop bad actors across our apps by detecting patterns of activity or through other means, even when we can't see the content of the messages, and we will continue to invest in this work. This is also the talk when Zuckerberg announced the plan to integrate Messenger, Instagram and WhatsApp into a unified messaging platform for interoperation. Now, to the letter today, that was all background you need to understand the letter. In the letter, it starts, we are writing to request that Facebook does not proceed with its plan to implement end to end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content communications to protect our citizens. It comes at the time that the UK and the US is announcing a new agreement for data access designed to remove the barriers to cross border surveillance. So they're saying, we're working to share surveillance data to catch bad guys faster, and so we need your help. The letter adds, companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes, as well as risks to public safety from Facebook's proposals are exacerbated in the context of a single platform. Remember that bit about Instagram, WhatsApp and Messenger, a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children. The bullet points at the end of the letter are many, but the most important ones don't ask for a backdoor by name. They say, embed the safety of the public in system designs, thereby enabling you to continue to act against illegal content effectively with no reduction to safety and facilitating the prosecution of offenders and safeguarding victims. So they're saying, we're not asking for a backdoor, keep things perfectly secure for everyone, but let us access things when we need to. So they're basically asking for something that most people have said might be impossible. The other bullet point is enable law enforcement to obtain lawful access to content in a readable and usable format. So they're saying, you can't get out of this by just handing over the encrypted bits. You have to make it readable. You figure out how to do that. Anyway, in a response statement, Facebook said, we believe people have the right to have a private conversation online wherever they are in the world as the US and UK governments acknowledge the cloud act. Remember that announcement of better surveillance cooperation? That's part of the cloud act. The cloud act allows for companies to provide available information when they receive valid legal requests and does not require companies to build backdoors. So Shannon, I know that's a lot for people to swallow, but the upshot is here we go again. Major government figures asking companies and the new tactic here is asking companies, let us have access to plain text when we want it, but don't weaken encryption. We're not asking for backdoors. It's so hard to look at that and just be like, no, that's basically what you are asking for. They are basically telling Facebook, hey, we really don't want you to take away that security for everybody, but we want a special key that just allows us to unlock the information and have this in plain text. That's what a back door is. That's exactly what they are asking and how insane to assume, well, okay, let's keep the bad guys out, but the government should have access to this. Like you said, Tom, it's like borderline impossible. Well, here's the thing too. And StoicSquirrel asked this question just now in the chat, does encryption preclude the government from getting a warrant for specific data? No, it doesn't, but it precludes properly encrypted communications from allowing the company receiving the warrant to comply. If Sarah and Shannon have a conversation that is end-to-end encrypted on my platform, and the government comes to me and says, hey, you know what, they were planning crimes. We have a warrant from a judge. You need to give us their conversation. I can't. I can hand over the encrypted bits and say, hey, good luck. But that's not what they're asking for. They're asking for readable text. And I'm like, if it's end-to-end encrypted, only Shannon and Sarah can give you their conversation. I can't, even though it's online. And that's the whole point of it. And that's why Facebook has been touting this as a more private way for people to trust the company and talk on the platform. And the fact that this was sort of a letter of like, hey, Facebook, we'd like you to do this stuff. We're not always making you do anything yet, but we want to voice our concerns and kind of get it out into the sphere. Okay, well, that's one thing. What you're asking for doesn't make a lot of sense. And also, is it because you think that there are bad actors who will decide to use Messenger and WhatsApp who wouldn't have already understood that there are other platforms that they could be using this for where you can't read anything that's going on there either? I'm glad you mentioned that, because there was even a tweet which was sent out by a guy named Ryan Single, a fellow at Stanford Law School Center for Internet and Society. He tweeted that 1457 federal criminal wiretaps in 2018 of all of those, only 74 federal were reported as being encrypted and only 58 of those could not be decrypted. So it sounds to me like a lot of criminals aren't even using encrypted end to end platforms for these criminal acts that they are using. Either they don't know they exist or they have not figured that out yet, which is perfectly fine with me. I mean, there are going to be those certain number that don't use the encryption anyway. There are going to be those certain number that if you say, hey, Facebook, hold off end to end encrypted on Messenger, because there's some criminals that are still using it. But over time, the serious criminals are going to move to Telegram. They're going to move to Signal or WhatsApp if it stays end to end encrypted, at which point you're not going to be able to do anything. Now, I suppose the plan could be, well, let's get Facebook not to do it in Messenger. Let's get them to roll it back in WhatsApp. Let's get Apple to change it in iOS. And then we'll go after Telegram and Signal next. But the fact is it's math, and somebody can roll their own encryption somewhere that you won't be able to get to. So it's a game of numbers anyway, you're never going to get all the information. And so the question is, is adding the risk of weakening encryption for everyone worth the number of people you'll be able to catch by doing that? I have a friend who works in criminal justice in the Midwest who has his full-time job was basically fighting criminals who were targeting children. And he had mentioned to me several times that one of the things they use in a lot of the cases is metadata. So you don't necessarily need to decrypt the plain text information to get that metadata, which Facebook is going to have anyway, even if they have an encrypted platform. The times that you are logged in, the people that you are connecting with possibly your IP address, information like that, they can still use in those kinds of cases. So while I can understand, and I do emphasize because there's a lot of kids in my family, while I understand that there's a reason for that, it's not necessarily the thing that you have to have to make sure that these criminals get put in jail where they belong. Right. Weakening encryption for everyone will also cause other crimes to happen. So that's the other thing. It's like, well, okay, if we weaken encryption, maybe we catch a few more people doing these bad things, but we also allow these other people to do all these bad things that they wouldn't have been able to do in the past because you've weakened encryption for fraudsters to be able to get into Messenger and do things that they couldn't have done otherwise. Well, I hope this letter doesn't set a precedent for other companies, like you had mentioned, Tom, to have them go after more than just Facebook because I believe that encryption is something that we have a right to have. Yeah, maybe that should be something that people push for from their candidates. Give me a right to end encryption. Well, thanks to everybody who participates in our subreddit encryption stories, very popular there as well. Submit stories and vote on them at dailytechnewshow.reddit.com. Thank you and advance love your feedback. We also have a Facebook group. Come on in facebook.com slash groups slash Daily Tech News Show. I mean, we call it a mail bag, but it's increasingly less bag and even less mail. This time we got a video. Yeah, that's a modern world. We live in. Tom, Ophir sent in a video clip in response to a story that we discussed the other day about automation and the idea, well, if robots take the human jobs, what do humans do so that everybody is happier and more fulfilled? Ophir says, just want to give my two cents on that topic of automation productivity and the future of work. Hi, Tom and Sarah. This is Ophir here from lovely Tel Aviv, Israel. A huge fan of your show for a while now and I wanted to bring up a topic that you guys discussed a couple of days ago. When you talk about automation, it's important to also talk about RPA, robotic process automation. When we talk about automation, it's not always those huge robots that we see in factories, assembling cars and stuff like that. It's oftentimes also robots that work on software, so automating, mundane, repetitive tasks that employees do on their PCs. Just something I wanted to point out, it's a huge market and it's taking a huge part of that, the whole notion of productivity and efficiency at the workforce. If you want to learn more about that topic, search for robotic process automation on Google. Tons of companies that are doing amazing stuff in that regard. Keep on doing your great job. Take care. That's fantastic, Ophir. That's a really good point. Automation, we make it equivalent to robots, but it's not always robots. It's sometimes just automation, software process automation. That's fantastic. Thank you so much. I'm glad to see that you kept your eyes on the road while doing that. Yeah, thanks, Ophir, and thanks to all of our patrons and Tom. Our patron tiers have shaken up as of late. Yeah, we're doing shoutouts to patrons at the master and grandmaster level. This episode, big thanks to Tony Glass, Philip Shane, and Miss Music Teacher for their support. Let's check in with Len Peralta, who's been drawn up a storm this entire show. Len, I cannot wait to see what you've chosen. I try not to put an editorial spin on these things. I just show what I take something out of there. When I took something out of the articles was the line that Facebook said that people have the right to have a private conversation online. That's what this image is. You can take it how you want. It's two people having a conversation and a big microphone type I coming in listening to everything that people are saying. I'm not saying it's good one way or the other. I'm just saying this is what I took out of that entire discussion. I mean, it's such a good image because you're such a good artist. I think people should go look at it on that. But then pay attention to the words that Len put in the background, because they're perfect examples of that sort of shady ground of like, well, maybe they're good. Maybe they're bad. I don't know. Do they rise to the level of something of a crime? We know who knows. It's up to you. But yes, definitely check it out at my Patreon. You get it right now if you're a Patreon. Patreon.com. Or at my online store, LenPeraltaStore.com. Thank you, Len Peralta, as always. And thank you to Shannon Morse for being with us today. Shannon, let folks know where they can keep up with the rest of your work. Well, thank you for having me, youtube.com slash Shannon Morse. It is the beginning of October and October is techtober. It's snubstober. I have so many different reviews that are coming out this month that I can't even talk about yet. And I am so excited to post the videos on those. So now's the time to subscribe. Check out all my back catalog of tech reviews and travel vlogs on that channel and be looking forward to some very exclusive and interesting reviews on some consumer products coming up very soon. That is fantastic, folks. Go check it out and also don't forget that we have new Patreon rewards. Become our member of DTNS and get a peek at our show rundown as we develop it behind the scenes chats and more. And on November 1st, everybody who's at the $2 level, you have until November 1st to get to the $2 level and you'll get a PDF copy of the official DTNS Good Day Internet cookbook with recipes from the show host and some listeners. Cover art by Scott Johnson. You can sign up right now at patreon.com slash DTNS. We love your feedback. Have I mentioned that before? Hey, we even have an email address where you can send in feedback. Feedback at dailytechnewshow.com. We're live Monday through Friday. Hang out with us if you can for a 30 p.m. Eastern 2030 UTC and you can find out more at dailytechnewshow.com slash live. See you Monday, everybody. Good night, Rob. This show is part of the Frogpants Network. Get more at frogpants.com.