 Coming up on DTNS, can many apps make Snapchat a super app? We know more about how bad the Twitter attack was, and Caitlin Bowden is here with info to help teens stay safe online. This is the Daily Tech News for Monday, July 20th, 2020. I'm Tom Merritt. And from Studio Redwood, I'm Sarah Lane. I'm the show's producer, Roger Chang. And as I mentioned, Caitlin Bowden, CEO of Badass Army, is here with us. Welcome, Caitlin. It's so good to have you. Thank you for having me on. I'm excited to be here. Thank you for tolerating our dentistry talk on Good Day Internet right before the show. If you want to get that wider conversation, you've got to become a member. Patreon.com slash DTNS. Let's start with a few tech things you should know. GM reports it's on track to deliver 20 electric vehicles by 2023 across the Cadillac, GMC, Chevrolet, and Buick name plates. Most will be built by on GM's modular EV architecture called Ultium. Wall Street Journal sources say eBay is in talks to sell its classified ads business to Norway's digital marketplace provider, Adevinta. eBay operates its classified business across Canada, parts of Europe, Africa, Australia, and Mexico. And the business generated $1.1 billion in revenue in 2019. Candelus estimates that smartphone shipments in India fell 48% in Q2 from 33 million to 17.3 million units. Candelus sites lack of supplies, a cause of the large decline. 96% of smartphones are produced domestically in India, and India shut down most much of its manufacturing from March to mid-May. The Economic Times reported in June that Oppo and Vivo were both importing smartphones from China to bolster Indian supplies. The Ant Group, which operates the mobile payment system Alipay, announced it began discussions on a dual stock listing. One on Shanghai's Starboard and the other on Hong Kong Stock Exchange. Alipay processes all payments for the e-commerce giant Alibaba, and also offers loans, travel services, and food delivery to 900 million active users. The game platform Roblox launched a new beta feature called Party Place, providing a place for users to gather online for specific events. Roblox says that it will make private Party Place servers available for free. Google Maps will incorporate bike share locations into its directions. Maps will route users to bike share pickup and drop-off locations along their route, providing walking directions for the remainder of the trip if necessary. Feature will be available in Chicago, San Francisco, Washington, D.C., New York City in the United States, as well as London, Mexico City, Montreal, Rio de Janeiro, Sao Paulo, and Taipei, as well as New Taipei City. Results from an early trial of the COVID-19 vaccine from AstraZeneca were published in the Lancet Medical Journal July 20, showing increased levels of protective neutralizing antibodies and immune T-cells that target the virus. That vaccine is one of three in phase three trials with manufacturing expected as early as this September. A separate article in the Lancet showed a vaccine from Canacino demonstrated an immune response in a mid-stage trial as well. That vaccine is in phase two trials and has been authorized for use by the Chinese military. So good vaccine news. Like we said, when it's there, we're going to keep delivering it to you. Let's talk a little more about the rapper Logic, a.k.a. Sir Robert Bryson Hall II, signed an exclusive streaming partnership, not with SoundCloud, not with Spotify, with Twitch. It's the service's first exclusive streaming deal with a musician. In an interview with The Verge, Hall said the deal was worth seven figures. Didn't give the exact amount, but said he's been active on Twitch since 2015 or 2016. His first stream as part of the deal will be July 21st with a premiere of his self-proclaimed final album called No Pressure. But he said he also plays video games, so he's going to be doing that on there as well. I think it's interesting, Sarah, that we're seeing Twitch make some deals with non-video game purveyors or players as we see Facebook and YouTube try to sign people away from Twitch. Yeah, no kidding. I mean, Logic is, whether or not you're familiar with his music, he's a big artist. This is somebody that's going to get a lot of attention for Twitch. You know, whether he's a huge gamer or not, I mean, he says he's familiar with Twitch, he's been hanging out on Twitch for the last four or five years kind of thing. You know, that probably helped the deal become that much sweeter. But I wonder how, yeah, somebody like a musician who is supposedly retiring, at least from what we consider the traditional music route. I don't know, people retire all the time and then they come back to the music industry, but yeah, like, what does, you know, what is this kind of exclusive access to a person and they might do all sorts of things besides what you know them for and Twitch being one of those things and it being this live kind of thing because you get that on Instagram, you do get that on YouTube. You have a variety of places to do this, but the exclusivity part is very interesting. Yeah, Caitlin, I don't know if you follow any of the big Twitch streamers or not. A little bit here and there. I've used the platform. I've watched some shows and really all I have to say about this is that it's really interesting to see the music industry kind of change its ways because it had to, it had to update. People aren't going out and buying CDs anymore. You know, people aren't buying full albums. They're buying songs individually. So they had to figure out some different ways of generating revenue and seeing them, you know, partnering with, you know, artists, partnering with Twitch or seeing what Fortnite has been doing with their concerts and watching this video game slash music crossover has been really interesting and frankly, I like it because it's introducing my kids who are more into gaming than they are into music to different things. Yeah, and I mean, it's kind of a Renaissance move, right? And I think it's really smart for logic too to say like, I don't want the pressure despite the name of my final album to always be on me to, you know, actually that is the name. It's no pressure. He's like, I don't want the pressure to be on me for music. He doesn't say he's going to stop making music but he's not going to feel pressured to always be putting out an album because now he's got a direct pipeline to his fans and I think that's really interesting aspect of this is they creator saying, I don't want to be just a musician, just a video game player. My question is, are we going to get mixtape logic or album logic? And that remains to be seen. But yeah, I mean, that's a really good point for an artist to be like, okay, well, I've been super successful in one arena but I want to do some other stuff but it's not super clear what those streams are going to be yet. And it was just logic playing video games. Okay. Well, that would that would sort of ring true with the Twitch audience, but it might not be and it might open up a lot of other opportunities for other artists as well. I think we're at an interesting time right now where a lot of our celebrities, a lot of our big names are people that are simply known for the cult of personality. They're not necessarily known for being musicians, being actors, doing things. We have the reality stars. We have people that are famous just because of who they are. So it's really going to be interesting to see these people make the, you know, people that are established and want to rena make that transition to see if they can kind of cut it being famous just for being them. Yeah. Well, moving on to some Microsoft news. Back in May, Microsoft announced that Windows 10 X, also known as light Santorini would show up first on single screen devices. ZD Nets marriage of fully now reports that Microsoft will target business and education devices in spring of 2021 with wider uses and dual screen devices coming in spring of 2022. Fully sources also back up a Windows central report that the initial release of Windows 10 X won't support running Win 32 apps in containers as originally planned and may instead rely on cloud PC virtualization or Win 32 apps. Fully says that Microsoft is now aiming Win 32 apps on Windows 10 X for 2022 as well. Fully sources also say that Microsoft is considering changing release rhythms to be Windows 10 X in the spring and then Windows 10 just once a year in the autumn. Yeah, I hope Microsoft doesn't give up on Win 32 because if they want to compete with Chrome OS I think relying on cloud containers would be difficult for people to accept in a lot of cases. But more important, I think to the general Windows user is this idea that your feature updates would go down to just once a year which may be a good thing. If you just get all the good features once a year rather than having buggy releases that you kind of are worried about whether you should wait and see if what the fallout is if they get them right once a year. I think that could be an advantage. Earlier this month, both security researcher Bob DiCenco and a team over at VPN Mentor independently discovered an unsecured Elasticsearch cluster used by seven Hong Kong-based free VPN providers which included more than a billion log entries including IP addresses, VPN server, connection info, session tokens, plain text passwords, the affected services included UFO VPN, fast VPN, free VPN, super VPN, flash VPN, secure VPN and rabbit VPN. All of them using the same white label VPN service and all claiming not to record any user activity. Well, they did. DiCenco alerted UFO VPN on July 1st and reached out to UFO's hosting provider about the data on July 14th. That bucket of data was removed on July 15th but was available on the search engine Shodan for about 18 days. UFO said staffing disruptions due to COVID-19 impacted its network security and said the logs were anonymized and used only for traffic performance monitoring. Well, the anonymization is belied by the data that was discovered. There is non-anonymous data in there and even if you're using it for traffic performance monitoring, you can't say you're a no log service then because you're keeping logs, right? I mean, Caitlin, what do you think of this? I think it's really disappointing to see that these people that are making these promises as far as the security of the users and stuff. I mean, it's a perpetual thing to be disappointed by people not doing what they say they're going to do. Companies not doing what they promise. When it comes to VPNs, I always recommend that, you know, you're going to get what you pay for when it comes to those. Free VPNs are never really a great idea no matter what promises they're making. It's definitely worth it to get a subscription for a good one and not have to worry about these sorts of things happening. Yeah, I mean, I hate to say it, but if it's free, they have to be making their money somehow and that way they're making it is likely going to be you somehow. So if they're not keep, if they're saying they're not keeping logs, it's going to be difficult to understand how they're going to be making their money. Obviously, all of these VPNs were using a central service that got breached and that's why they're all part of this and they're all part of that same white label situation. And I think that's good to know too is when you're buying a VPN or even using a free VPN, you may not realize that it's not coming from them. It could be somebody rebranding service. So it's better to find something well vetted out there. Yeah, I mean, I know for a majority of our audience, that's like no brainer. Everybody knows that, but it is a good reminder that yes, nothing is truly free. And so if, you know, there's a service that you've been using and you just go like, great, it wasn't $5 like that other one that was my other choice. But oh crap, my data is now being sold to who knows where. I mean, that happens all the time and you wonder, you know, why do all these companies want to do this? Because they get money for it. So that doesn't, it doesn't necessarily mean that a free service is ever crappier service than something that you pay for. But yeah, you gotta kinda, you know, you gotta look through the fine print. At its partner summit in June, SNAP announced that it would be bringing bite-size apps called SNAP Minis into chat on Snapchat. SNAP released its first four SNAP Minis today, including the Meditation and Mindfulness app Headspace. Also out prediction master, which poses questions to you and then lets you see your accuracy on the leaderboard. Customizable flashcards for studying and SNAP's own, let's do it to help friends make a decision as a group. SNAP Minis are built with HTML5, so they work on all the devices running the Snapchat app and don't need to be installed. Yeah, they just kinda show up as features. I did a search for the Headspace one, you just search for Headspace and you get, you know, in the list of results, you'll get the Headspace Meditation app, the mindfulness app and you launch it and suddenly you're just, you know, able to swipe through and pick a program and do like three or four minutes of meditation. Headspace, you know, one of the big ones out there along with Calm for this sort of thing. So it's a logical choice for SNAP to partner up with here. It is, it was seamless. It didn't feel like an app. I think when we say app, it makes people think, oh, I'm gonna have to go into an app store, I'm gonna have to install something. It's just a thing that runs within SNAP, but SNAP is make, or within Snapchat, but SNAP is making it easy to deploy for these companies. I mean, they can add more of these kinds of features and games and useful things. Caitlin, have you used any of this sort of stuff either on Snapchat today or elsewhere in the past? Not really anything that's similar to this. I am excited to see what they're gonna do with this as well as, I don't know, Snapchat really, I'll get more into Snapchat later, but we have beef. Okay. I see, I see. So I mean, all these platforms though wanna become the platform. Like that's the next move is to try to figure out whether it's WhatsApp, Snapchat, they wanna figure out how to bring you in and keep you in more often so that you can do everything, payments, games, social networking, all of it within one. So this is just the first baby steps of Snapchat trying to become that for people. I like that these are not just games. I like that they went towards things that are entertainment as far as prediction master goes, but not just a game and also some useful stuff, even like health and meditation stuff. Yeah, I mean, listen, Headspace saying kick the panic, get out of a funk, press play four minutes of your life. I'm like, this is pretty cool. And like you said, Tom, it is pretty seamless. Some of this is, you know, kind of like that quasi stuff. I don't really use any of those services, but they can be fun, you know, somewhat mindless. I don't use Snapchat ever anymore, but there was a time a couple of years ago that I was pretty active on it. And I continue to be interested by what inroads the company's making in places I wouldn't have thought of. And this is another one of those places. All right, so let's catch you up on some of the latest with the Twitter social engineering attack. Twitter announced that as part of that attack that compromised several high profile verified accounts, attackers attempted to download the My Twitter data archive of up to eight unverified accounts. So those are the ones we know they got DMs from because they went and downloaded the My Twitter data archive. That's a service Twitter provides where you can download all your past posts. So eight unverified accounts had that happen. They were also able to see things like personal information, phone numbers and email addresses of all the accounts they accessed. My Twitter data includes direct messages, including those deleted by the user. If they were deleted, if they were not deleted by the other party, that's an interesting part of this too. If you got the direct messages from My Twitter data and the other party you sent the direct message to didn't delete it, it's in there. According to Twitter, the attackers targeted 130 accounts. So those are the ones they could see things like phone numbers and email addresses of. They successfully triggered a password reset and logged in to 45 of those. So it's 130 accounts accessed, 45 of them they got into and eight of them they were able to definitely download the archive data. Twitter also said the attackers successfully manipulated a small number of employees, employees plural and use their credentials to access Twitter's internal systems, including getting through two factor protections. There's lots of ways that if they were socially engineering this, they could get through the two factor protection that wasn't a vulnerability and two factor. It's just a way to steal the second factor while you're stealing access. But I want to give credit to Rob Dunwood who was insisting on Friday. He's like, this has got to be more than one. It's got to be more than one employee and it looks like maybe absolutely he was right about that. Twitter is using the plural here. There's also a maybe that it was a situation where someone got into an employee Slack account. That's what New York Times is reporting and then use that access to trick another employee into giving them some login information. There's evidence that the New York Times saw that that's how they were able to get this account. So that could be how they use two employees. Caitlin, we've obviously been talking about this, the latter half of last week and now into this week. I'm curious what your impression of this attack was. I can't wait to hear what the motive is in this because it feels really strangely political to me with the way that they chose the accounts that they were posting from as well. I feel like the whole Bitcoin thing in a way it almost feels like that is the secondary thing to actually make some money off of this. I feel like there's a lot more to the situation than what just meets the eye. But it is another reminder that social engineering is a really powerful way of gaining access to daddy you're not supposed to have and people like to dismiss that as not necessarily real hacking because they're not typing anything, but when it comes down to it, that is a huge danger for most large companies like this. Yeah, as we were talking about last week, it looks like according to Krebs, this was being talked about on some sim swapping forums and they were trying to sell access and information, but it's still odd that you would just decide to go out in a blaze of glory by posting some Bitcoin links and call attention to yourself. I agree with you there. Hey, folks, if you want to get all the tech headlines each day in about five minutes, be sure to subscribe to dailytechheadlines.com. Folks, teens are going to message each other. They're not going to use the most secure ways all the time and that leaves them open to predatory practices, especially today. All kinds of people and teens are in fact people want to reach out and communicate with each other. It's a time when we're having a harder time doing that. So how can parents and guardians help teens stay safe doing that online? Caitlin, let's start with the term sexting. What do we mean when we say that? You know, when it comes to sexting, there's a lot of different definitions being used here. It's not only just, you know, typing back and forth in the traditional cyber sex. It's also, you know, exchanging images. It's flirting. It is talking about it's basically revealing data that you would want to keep private. I mean, any of us, it's not just, you know, the tip of what you would think of when you think of sex. Intimacy is also, you know, just, it's now being translated online with people not being able to connect in real life. So there, you know, there are kids who are going to want to engage in this behavior online and then there are people who are going to want the kids to engage in it with them when maybe they shouldn't. Who are the targets of sexting? Well, sexting isn't necessarily like an attack. It's, there's no targets. It's going to be on the people that are most in danger, pretty much anyone that's participating in that sort of intimate data sharing. It's going to be adults. It's going to be teens. And as we know, as you know, we all were at some point were teenagers and teenagers are more prone to be making dumb decisions and doing things that they, you know, may regret later on. They don't tend to think of the long-term damage of their actions at the time and they also don't take those steps prepared to protect themselves that adults would. And that's why it is so dangerous for teens to be participating in this. But as we know, teens are going to teen. All right. Indeed. And they seem to teen the most on social media. Why, I mean, why is that? Well, because it is a way to connect with other people, especially, you know, if you're only social interactions are going to be with people in high school or the people that are in your neighborhood, you know, when we were younger, our world was very small. We had, you know, our neighborhood friends. We might have our, you know, cousins. We have our people that we went to school with, maybe a, you know, church group, something like that. But now teens have the entire internet. So it's, you know, they're making bigger social circles. They're connecting with way more people at any given moment. As I mentioned, as we spoke earlier, there is a cult of personality in our entire society right now. So that whole desire for fame and attention is a big deal when it comes to online behavior with teenagers. So when does this messaging go wrong? And what can people look for and take steps to do to prevent it going wrong? Well, the easiest way to prevent it is usually to start these conversations extremely early with your kids. And it doesn't necessarily have to be about the word sex or online safety. A lot of what it comes down to is teaching children younger and younger about what it means to have agency over your own body, what it means, what consent means, and how that's translated in a bunch of different ways, whether that's, you know, consent to share this information or consent to share a picture or consent to be touched. These are all really important concepts that we seem to be kind of skipping over. And having those conversations starting really young is the best way that we can possibly prevent people from being victimized online. But the other ways are going to be, you know, to have these important conversations with your kids, you know, talking to them about what, you know, what grooming looks like, what kind of behaviors they should be avoiding when they're online. You know, what does a catfish look like? Shows like MTV's Catfish and things like that are really eye-opening as to what people will believe when somebody speaks to them on the internet. So, you know, you want to keep these in mind when you're talking to your kids about it. Do you talk to them about the security aspect of it, too? Absolutely. And it's really great that, you know, Fortnite has done something really great that I think a lot of people aren't remembering is that they were the first ones that I'd ever heard of to incentivize two-factor authentication. And they, you know, I think that's just a basic tip that every kid should know. They should know about good passwords. They should be knowing about, you know, using two-factor. They should be knowing about, you know, just basic stranger danger. These are, you know, basic lessons that are just translated online. Hey, remember to lock your door. Don't talk to weirdos that you don't know. You know, these are lessons that we also need to remind them are applicable on the Internet. Caitlin, you had said earlier in the show you have some beef with Snapchat, and I'm sure, you know, given your line of work, you would. And we mentioned Roblox coming out with a new feature earlier in the show. I was with a friend who has a nine-year-old daughter and, you know, huge, hugely into Roblox. She doesn't ever run a phone. It was just like begging mom, like, please, I got to get on the server and talk to my friends for another couple of minutes on your phone type thing. It was really fascinating to me because we talk about it, but I'm just not that age. And, you know, yeah, I was kind of asking her, like, so who else is in there? Do you know everybody in there? And what did their accounts look like? And the whole thing seemed very terrifying to me. You know, I don't have children, so it would be much more so for a parent. But even just not even necessarily being like, oh, there are adult predators in the same places with younger and perhaps more vulnerable people, but just that everyone's on all these services and you've got funny usernames and crazy pictures and bios that keep changing all the time and, like, you don't know who these people are. Yeah, yeah, and it's scary, but you also got to realize that back in the days when I was growing up online, I had AOL and there were those chat rooms that we would get into. And, of course, nobody wanted to go in the kids' chat rooms once you hit, like, the age of 12. It was no longer interesting. So, you know, these places are being opened up to kids younger and younger. I mentioned my beef with Snapchat, and a lot of that, the beef I have with them is the beef that I have with a lot of these social media apps is that, you know, there's a false premise of you're safe. What Snapchat is, oh, don't worry, your pictures are being deleted. Nothing's being stored. We'll tell you if they take a screenshot, but in reality, there are so many ways around this. I mean, it's not hard stuff. I'm not a highly technical person, but I mean, these are things that I could figure out to get around that screenshot notification, to get around, even just get into someone's Snapchat account. It is incredibly easy to get into someone else's Snapchat account and to access their photo memories. And a lot of people do store intimate photos, photos that aren't necessarily nudes or even sexual, just stuff they don't want people to see in there. And that's kind of what my beef is with them and with TikToks terrify. Don't even get me started on TikTok. But they are skipping over these huge security flaws and performing a lot of theater to make you believe that it's way more secure than this. And yet these are things that are relatively easy to fix. Other companies have done it to a much bigger scale, and they aren't taking these steps yet. They're creating Snapchat minis. I mean, just, I don't know, add a couple sentences to your password login. That would be great, but no, now you have to go develop all more, all this unnecessary stuff when you're not doing the very basics of keeping your user safe. Yeah, indeed. I think this false sense of security is another part of that parental conversation that you need to have, right? And to let people know that even if they're saying this and this and this, it doesn't mean, you know, how do you impart that to kids? I guess that's my question, is when you're a teen, you feel invulnerable and you're like, yeah, I know all this stuff. Like how do you make sure they know like, no, this is the real risk? You know, just having that ongoing conversation is a great thing. Opening those doors for those kids to have these conversations. Hey, Mom, someone's saying something in this chat room that I don't really like. I don't feel comfortable being that parent where they feel comfortable coming to you with these questions is a huge deal. And I guess that's kind of the goal for every parent. We want to be somebody that our kids are going to talk to whenever they have an issue. But when it comes to online safety, this is gonna be, realize that you are opening up a huge world to these kids. And while that is a great thing, they're able to Google, they're able to learn, they're able to connect with other people, make friends from across the world, they're also opening their doors to every horrible person that's on the internet which someday feels like everybody on the internet. Yeah, any given Sunday, right? Right. I mean, one only has to go to Twitter to see how horrible the internet can really be. I've also, you know, before we move on, I always had to chuckle almost at the, oh, well don't worry, someone, you'll know if somebody takes a screenshot of this embarrassing or perhaps more intimate photo that, you know, that you sent. I mean, that doesn't keep them from having it. It just creates a lot of strife between two or more people but, you know, it's a very strange way to be like, don't worry, you'll know. Yeah, it's very strange that they would be making, you know, this promise without discussing the many, many ways to get around it and they're also kind of ignoring, that kind of brings up the whole, hey, if you don't take these photos, internet risk thing, but, oh, God, I mean, I remember being a teenager. I'm sure we all remember listening to our parents and just, you know, hey, don't drink, don't smoke, don't do drugs, don't do this, don't do that, don't have sex. And we're like, okay, kids are getting, teenagers are gonna do whatever we tell them not to do. And that's a fact of life. And it's not one that I'm gonna pretend is anything else. We have to address it. We have to teach them how to make sure that they can make these bad decisions and it's not going to destroy the rest of their life. They're gonna learn a lesson. And that's kind of the point. Well, a lot of these lessons are kicked around every day in our Discord. We have a great community in there where we try to help each other, better understand all sorts of new ways that technology is leading us in life. You can join my linky to a Patreon account at patreon.com slash D T N S. We also want to give a shout out to our patrons that are master and grand master levels, including Degrassia A. Daniels, Tony Glass and Steve Aya Darola. Also, very, very special thanks to Caitlin Bowden. Caitlin, it was so nice to have you on today. Let folks know where they can keep up with all the stuff that you're working on. Absolutely, if anyone ever needs help advice or just wants to check out what the Badass Army is up to, they can always visit our website at www.badassarby.org. And as long as they're not easily offended by language or just random awful things, they're always welcome to come hang out on my Twitter. Badass Bowden. Yes, you have to be very careful using Twitter. Put it that way. Hey folks, if you want to support us and make the show happen, there's one great direct way to do that. Most of our budget, most of what we pay ourselves and feed our families with comes from you at patreon.com slash DTNS. So big thanks to everybody who supports us there and there's some perks to supporting us as well like the Discord we just mentioned. Go check it out, patreon.com slash DTNS. Our email address is feedback at dailytechnewshow.com and we'd love to hear from you. We're also live Monday through Friday for 30 p.m. Eastern. That's 2030 UTC. And you can find out more and tell a friend at dailytechnewshow.com slash live. Back tomorrow with Trisha Hershberger as our guest. Talk to you then. This show is part of the Frog Pants Network. Get more at frogpants.com. Diamond Club hopes you have enjoyed this program.