 Coming up on DTNS Tumblr sells for tech pennies on the dollar will snaps newest spectacles find their market and a DEF CON a wrap-up extravaganza This is the Daily Tech news for Tuesday August 13th at 2019 Tom Merritt is out for Worldcon this week from studio feline I'm Sarah Lane from San Francisco. I'm Shannon Morse and I'm the shows producer Roger Chang Before the show started Shannon and Roger and I were talking about our favorite kinds of ice cream And what ice cream does not deserve our time we talk about all sorts of wider conversations on our expanded show Good day internet and you can join in on the conversation by becoming a member at patreon.com slash DTNS Let's start with a few tech things you should know In a blog post microsoft's mojang development team announced the super duper graphics pack for minecraft was cancelled Siding that the pack was too technically demanding to implement across devices The update was originally announced at e3 in 2017 and promised to add dynamic shadow and light models screen space reflections Material based lighting with 4k resolution support while keeping the games raw underlying assets untouched A recent FCC filing hints at an upcoming release of a wireless super nintendo controller for the nintendo switch Discovered by reset era user link 83 the filing contains an image that looks like the back of an s nas controller And has a model number that seems in line other with other nintendo switch model numbers Oculus co-founder nate mitchell announced on reddit today He's leaving facebook after seven years and is going to take some time off to spend it with family calling it Bitter sweet news mitchell most recently served as head of vr product at facebook His oculus co-founder palmer lucky was reportedly fired from facebook in 2017 And cbs is merging with via com the two companies split up in 2005 and have been in negotiations over the last few months The new company will be rebranded via com cbs and bob backish Current ceo of via com will become ceo of both companies via con cbs now owns showtime Nickelodeon mtv bet comedy central in paramount network and of course cbs Somebody on twitter called it a conscious recoupling of the two companies. That's great. I like it On monday the wall street journal reported that verizon had agreed to sell tumblr to wordpress owner automatic for an undisclosed amount Axios originally reported that the deal was well less than 20 million dollars Within a few hours though that reported number had fallen to a reported less than three million dollars Now that's significant because back in 2013 yahu paid 1.1 billion dollars or people were saying 20 million dollars What in the heck now within a few hours of that initial 20 million number the reported number Dropped to a reported less than three million dollars. It was 10 million dollars somewhere in the middle there So we went from under 20 million to a real fire fire sale at under three million dollars again yahu paid Over a billion dollars for tumblr back in 2013 and verizon acquired tumblr when it purchased yahu in 2017 So verizon was the current owner until yesterday verizon then banned adult content on tumblr back in december of 2018 You might recall it led to some angry users and actually Fewer users as well a lot of people left the platform for others Automatic ceo matt mullen waggs says that he doesn't plan to reverse the adult content ban So anybody who was excited about that not happening not at the beginning anyway mullen waggs tweeted on monday about that quote I think the internet and adult content seekers will be fine life finds a way if people want big policy changes here Put pressure on app stores of apple and google no one else has any leverage mullen waggs also said that tumblr will serve as a complementary site to wordpress Well, okay besides the fact that it sold For such little money, which really points to yahu running it into the ground shana I mean, were you had you been active on tumblr lately? You know, what are your thoughts on on on this huge price drop from just six years ago? No, um, I have never been an active user on tumblr It's always been something kind of on the outskirts that I was just kind of looking in on as Sometimes a reader sometimes a follower of content, but generally was never an active user I did have a lot of friends that were on there as community members either posting their own personal fan art or works of art Tons and tons of like, uh, like anime people in that anime community. They were a part of the tumblr scene So a lot of them were very upset because some of them like drew adult content and they were taken off of the tumblr website So I can speak kind of as a third party watching how upset they were Uh noticing the changes in tumblr and seeing how it kind of just died after that ban Uh, I'm not too surprised about the price changes here three million dollars That is not a lot of money at all. And I would and it's barely less I mean, you don't hear it. You don't hear numbers that low even with platforms that were once huge that That kind of gets sold off to other companies in their dwindling twilight years. This is low I mean, you can't buy a house in san francisco Three million dollars at this point. I mean, it's it's sort of shocking It is it's very shocking. Um at that point it just seems like they were just trying to get rid of it Just giving it to whoever would give them money to I don't know pay the bills at that point And after that they were just done with it I really hope that they do bring it back to life though because tumblr did have a very big community Especially for those people that I had mentioned So I know that they are still there and I know that they want to find a platform that would work for them Uh, he he mentioned of course mollin wag did mention that he's not going to bring back the adult content As you mentioned, uh, it's still going to be banned. So we're just going to have to see what happens Yeah, I I I used to be a very active tumblr user. I haven't for some years So there's probably some some some cool features that that I didn't even know about because I probably haven't logged in in two years But I do think that you know if we take the price tag aside A company like wordpress is probably the best company to buy A you know a platform like tumblr because wordpress and tumblr work very differently But they achieve the same goal and perhaps wordpress feels like there is a need with its user base or its potential user base To have something that's a little more simplistic. Maybe there's some social networking capabilities that you know that that get bundled in that wordpress doesn't really Take advantage of now that can that can make them that that could be more attractive for automatic as a whole It could definitely be pretty cohesive for both of them A snap announced spectacles three a limited release redesign of its ar sunglasses The glasses come in either carbon, which is black or mineral, which is a beiges gold color Feature a sleeker look than previous spectacles and add a second camera to add depth perception Snap added in some new 3d effects and says the glasses can capture 70 videos and more than 200 photos on a charge And offers four gigs of storage Spectacles three also comes with a 3d viewer similar to google cardboard for viewing 3d creations on your phone Spectacles three goes on sale in november for $380 Last year's model was $150. So we're seeing a Pretty definite increase in price on the new ones, but they also seem to come with a lot of nice new features Yeah, new features, but double more than double quite a bit more than double the price of last year's model is My my my first takeaway from this is okay. They look pretty nice I know there's only two colors and it's a very specific style. This is a style that I personally don't look very good in because I've tried on sunglasses that kind of have those You know the the the roundness sort of with the flat top But I I think that they they look pretty sleek. However, for this price point Let's think about the people who are going to buy spectacles snaps the majority of snaps user base Is is young folks, right? Right when we occasionally talk about What young people are doing the most on social network snap is always like number one or number two among people between 16 and 24. So when you match that with this price point, you're really pricing the majority of snaps user base out of buying spectacles. I mean $390 that's a lot, you know at any age, but certainly if you're a teenager Who in that market point in that price point age is actually going to be able to afford these glasses And what's also it seems limiting. Okay. They look nice. Okay. Maybe snap is saying well, we're trying to Appeal to an elite group of people who are very fashion conscious, which snap actually said that they were Which might which might give them an out if they don't sell a lot of them Like well, we only sold them to people who consider themselves very fashion forward But the the spectacles while they do have some new features they also don't do things that the people complained about in In previous models such as you can't upload anything from the spectacles directly into snapchat Which is something that you would want to do right? That's the whole point of it You got to get them into your iphone mess with filters on the iphone and that or on android device And then and then go to snapchat from there. So it's as cumbersome as it was before You know, it would be like the apple watch Continuing to need an iphone paired with it at all times people get sick of that after a while So it seems like it's they're making inroads in places that people didn't necessarily ask for I think it's kind of fun how fancy they look nowadays compared to what we originally saw with like google glasses back in the day True I think that this is also going to help change the perception of of people's view of surveillance When it comes from somebody's glasses and kind of Compare it akin to smartphones Which we say day day to day and don't necessarily consider to be surveillance as somebody is holding one of those in a public place So it will be pretty interesting to see how these Are are perceived from the public Especially at that price point and given that they look so much better than originally like google glasses Well speaking of surveillance for dating apps grinder, romeo, recon and three fun I have heard of one of those four Collectively claim 10 million users So a lot of people using the platforms when you put them all together We're found to expose users exact locations in near real time just by knowing a user name Researchers at pen test partners created a tool that used spoof latitude and longitude locations To receive distances to user profiles from multiple points Then triangulated the data to return the almost precise location of a specific user using publicly Accessible apis in grinder's case the location can even factor in Altitude, huh? So if you know what building someone's in you might know what floor they're on to when uh contacted by threat post Romeo the app said it allows users to reveal a nearby position rather than using gps Though that isn't a default setting which is important recon move to a snap to grid location policy after being contacted by the researchers That's where an individual's individuals location is rounded or snapped to the nearest grid center So it's not as precise grinder didn't respond to the researchers at all at least at the time of this recording And three fun the researchers dubbed a train wreck of leaked locations pics and personal details This is horrible. It is from so many privacy standpoints. You think about dating apps, especially The fact that you are meeting new people and they are generally going to be pairing you with people that are Near you in some kind of sense. So you're already having somebody that's nearby What if for example, this is totally up in the air, but what if you go on a first date and You completely upset the person you go on a date with Technically they already know your username and they might have social engineer to other information out of you They could easily find you with this location data And that's very very scary Well, and it sure because I mean if they they would know your username if you met them on the app Right, but this could also be used if for some reason you could figure out someone's username Even if yeah, even if you weren't you hadn't gone on that horrible first date The whole idea with dating apps is we know that apps have Data privacy issues across the board talk about them all the time on the show But dating apps specifically they always you know, they they they're there's so much more cringe worthy because there is an expectation Or at least an implication that you are Maybe looking for love. Maybe it's physical. Maybe it's emotional There's all sorts of ways that we can define this but this is You're going to get more creep factor With someone who knows where you are what your habits are you know, somebody's somebody knows where you are one time No, that's you know, it's that's That that would make me uncomfortable but if somebody kind of Could follow me around throughout the day and I didn't know it and I wasn't totally sure of the settings Which a lot of these dating apps they don't make a big deal about how you can protect yourself more because the whole point is is Location information helps the app get stronger. It's uh, it's a real issue And I'm not totally sure what the answer is besides people just being more aware of how how these apps work But it's also on the app too When you first sign up be super upfront about You know your personal safety because it's going to come back to the app eventually You should have the option to opt in give your consent to a lot of this this accessible information in dating apps I mean think about the potential for stalkers or for harassers to be able to like like you said follow you around It's a very very creepy Vulnerability and it puts a lot of people at risk So I am glad to see that some of these apps are making changes But they they should have done it in the first place It shouldn't have come down to researchers doing this research for them. Yeah So moving on the information reports apple and spotify are in talks to allow iphone users to control spotify playback of songs playlists and albums through syria The new integration would come from new apis and ios 13 Which opens up the syria framework to third party music podcast audio book and radio apps in march spotify filed a complaint With the european commission over the app store and apple music saying quote apple won't allow us to be on home pod And they definitely won't let us connect to syria to play your jams That language has now been removed from a website spotify launched at the time spotify for podcasters is also out beta today Now giving all of its podcasters data on their listeners music taste age gender location and duration of episodes listen to Around 100 000 of the 450 000 podcasts and spotify's catalog signed up for the beta program when it launched last october The dashboard is available globally, but only in english for now yeah, so Spotify being able to be played Uh through syria I I don't have a spotify account. I I I use apple music So this was not an issue that i've had but boy do i know a lot of Complaining folks who have wanted this feature for some time. So that's cool. Um, it sounds like spotify and apple Are playing nicely together you mentioned shannon that spotify had not so long ago Just a few mere months ago complained that apple was not going to let them do this So the the you know, it might just be uh new apis and ios 13 and everybody's happier Um, might be a little bit of a handshake deal between the two companies hard to say We don't have any evidence of that But uh, but in any case the users win spotify users anyway If you want to use syria, but i'm more excited about these podcasting tools because as podcasters Anybody who's a podcaster really knows that getting data on your listeners is a is a hunt and peck operation at times It is so hard. I mean one thing that i've always been curious about is The average view duration for my threat wire podcast the audio and video version that i upload Uh, mostly because on youtube, I know exactly how long people are their average view duration of Is in in episode and that's extremely important If you want to have advertisers on your videos or if you want to make some money through sponsorships So having that same kind of data through podcasts, which is quite booming as an industry right now Would be so important and I feel like this is going to potentially help a ton of podcasters make this more of an income Generating content platform as opposed to kind of an extra thing that you offer to people Yeah, I I've been uh, so frustrated with The itunes connect. I think it is version of the podcast connect via itunes Version of how I can try to get data on the podcast that I produce some of them Anyway, because the data is really limited, you know, you got streaming data versus download data It's you know, apple will only give you ios device data Uh, and some people Definitely listen to stuff on desktop. It's it's uh, it's it's frustrating to the point where sometimes I don't even I don't even want to use the data because I know that it's missing so much information And I'm not getting a super clear picture although any data is good better than none But it does sound like yes potify is is going the extra mile and the fact that 100,000 of its 450,000 and it's invite only I believe it was last time I checked Um had already signed up for the beta shows that you know, they're a lot of interested folks So now that it's a public uh feature at least public for people who are on the platform already I can see a lot of people taking advantage of it Me too To get all the tech headlines each day in about five minutes subscribe to daily tech headlines dot com All right, shannon. You were at defcon. We were not a lot of news came across our desks Sounded like it was a pretty interesting year It was yeah, um, I did notice some trends this year I love the fact that y'all covered the election voting village Yesterday on the show because that was very very fascinating. Um, the fact that I think that is gallowee's I think that's how you say it That they brought a open source Platform there for the voting hacker village was very very cool And it was really nice to see that there is some growth in that community because that is a very very important Uh, uh platform that we need to make sure there's no attack vectors in So even though there was a lot of downtime in that open source platform that machine that was brought They were still able to use it on the very last day However, we're not going to see any kind of coverage from the election Voting machine village at defcon for a couple of weeks until they finally get all of that research done on those Machines and the people that were there the hackers that were there Hacking on those machines all weekend are able to release that content once they find all of the information that they want to put into reports So we'll probably see more information in the future. What I thought was really fascinating about the election village Was the fact that there were a lot of representatives that decided to come out And work alongside a lot of these hackers to see how these voting machines were being hacked and what kind of vulnerabilities were available So for example, us representatives ron widen from oregon was there ted lew and eric swalwell from california They were all there a lot of them were kind of meandering with the hackers trying to figure out what was going on In the hopes that they would be able to strengthen cases that they could take to legislation to congress For this proposed legislation regarding election security We do know that there was a election security legislation that did get to mitch mcconnell, but it was turned down A couple months ago. So i'm really hoping that with the election village We start to see some changes and hopefully some actual proposed legislation that does get passed Before election season comes in 2020. So they still have a year. We still have one more defcon Hopefully politicians kind of showing up at defcon and Walking around with hackers and and being seen is that new? Is that something that's been done before? Uh, it is kind of new in the past like five to six years. That is a fairly new concept Back in the earlier 2010s We there was still this game called spot the fed that was played at defcon where feds weren't necessarily welcome at the hacker conference So if you spotted one it was kind of a play-by-play like hey We can take you in the back room Both of you get challenge coins since you're a fed and this hacker was able to spot you and you both get t-shirts So a hacker would get a t-shirt that said spot the fed and the fed would get one that says like i am a fed or something like that You don't have to wear it It's kind of a silly way to call me out to the gym We're around the house So we didn't we didn't just see a whole bunch of like election village type of like ics machines and stuff like that there But we also saw a lot of consumer devices that were being hacked on as well For example, I did want to throw a couple of out there the canon eos 80d There was a whole talk that was on this canon dslr camera Which apparently has several different vulnerabilities, which were found by checkpoints el itkin He was giving a talk about how he was able to Find vulnerabilities on canon firmware that would allow him to put malware on it And eventually allow him to ransom images. So for example In iot we see a lot of vulnerabilities that would allow somebody to Hack into a network through some kind of pivot point and ransom your computer Just basically like shut it off and make you pay money make you pay bitcoins most likely In order to gain access to your information again, and we're seeing a lot of cities being hit with ransomware as well So apparently you can also get hit with ransomware, which will hold the images on your camera Even if they're on an sd card ransom How crazy is that? Well, I mean it's it sounds like Yeah, man picture transfer protocol That's it's it's something that it's it surprises me that we're just now hearing about it Yeah, you know honestly me too because uh cameras have been wirelessly or wired connected to computers for a very very long time And that's exactly what this researcher was trying to focus on was the fact that you can As long as a thing has some kind of connection. There's likely a possibility that you can hack it Even moving on from there. We saw other iot devices like leapfrogs leap pad ultimate A researcher at check marks was able to figure out that these little children's rugged tablets This is not the first kids iot connected device to be hacked These are usually used for education in games and stuff like that learning For children. Well, apparently it can also be used for attackers. So they can figure out the device's location They could send messages to kids and do man in the middle attacks and find location data about the You know the age and the name of the children that are using these tablets The messages to kids uh when I was looking through the research on this didn't seem too bad Because it was based off of an app that only allowed you to send already Like already spelled out messages so auto generated auto generated messages back and forth between other kids That are using these but if they were able to gain access which they easily could within the vicinity if they had the information on this device They could send one that said like hey come outside. Let's go out to play And if a child got this they could eventually abduct a child So there is a little bit of There's there's some fear going on there because that is a potential for you know a child's safety Luckily in this case leapfrog did Interact with checks marks or check marks really really quickly and they were able to fix the vulnerability However, some of the older tablets still have that vulnerability built into them. So they're hoping that Lots of parents will be able to update their devices in the near future Enterprise printers was another hack that I thought was hilarious This involved lots of different brands hp riko xerox xerox Lexmark kiosara even brother, which we've even used in our office spaces They have flaws allowing attackers to crash the entire printer or they can also spy on print jobs And since these are enterprise printers that means that oftentimes there's a lot of very secure Sensitive information. They have information that is being printed out on these machines So the the researchers in this case They were able to work with all of these different printer manufacturers and get them updated each of the vulnerabilities have patches Which is great They also brought to mind a very critical Mention that printers should be thought of as iot devices A lot of times we don't look at them as such We update them once when we plug them in and get a brand new one and then we don't update them after that So they made it very very important And they made it very clear that we should be treating everything that gets connected even these older devices like printers As iot devices that have these vulnerabilities Interesting year. Yeah The iot device vulnerability conversation It seems like it's continuing to expand As as as as more and more folks are are getting on the train of iot devices because they're fun and they're convenient It's cool But but but there's a lot of vulnerabilities Which also leads to that goes back to the voting machines the idea of having secure hardware That's local to the device that can protect you in situations. And yeah, we need to throw kids devices in there It's just such a such another layer of Of people really needing to understand how the stuff works and and the company's being responsible for making sure that That uh, especially young people are safe Absolutely. I'm really happy that we have def con as available to hackers and penetration testers because This time of year is when we see a lot of vulnerabilities come out and a lot of these companies Fix them too so that they can give these talks about these problems So we're very lucky that we have this available to us and um, I'm looking forward to next year too and seeing how the election village Takes off from there. Mm-hmm. Yeah, I'm sure that's probably why politicians continue to go to def con too because your politicians historically Not always the most tech savvy crew, you know, if you're hanging out at def con You can kind of get your persona into Into something that might help your platform in the future not to name any names Hey, thanks everybody who participates in our sub reddit submit stories and vote on them at daily tech news show dot reddit.com we're also on facebook join our group facebook.com slash groups slash daily tech news show In the mailbag today rami wanted to weigh in on our chrome incognito discussion from yesterday's show rami writes I agree that websites should not be able to detect that a person is using incognito mode But websites are able to know the browser session is coming from the same person who used a different browser browser Fingerprinting is easy rami then links us to an eff article that explains more He says not to mention that isps can know the sites that you visit not the single pages if the website uses tls or ssl But we don't need to confuse incognito with vpn The main reason for incognito mode is for the browser not to use or save cookies and session data I use incognito mainly to stop ad tracking youtube tracking and news discovery for google products Rami says google tracking is the most aggressive and annoying If I open up a couple of websites about a topic where I watch a couple of videos On a channel then google starts suggesting that topic in video everywhere rami says I also use incognito when someone wants to check their email on a shared computer Because the incognito browser won't see logged in sessions and won't save new ones shannon Where do you stand on incognito mode because we were kind of talking yesterday? tom and roger and I uh about you know, some people use it Religiously, um, you know, I'm sort of a you know on and off kind of person depending on what I'm doing Um, I'm kind of on and off as well and I realize that I am sacrificing some of my security for that convenience I do want google to give me the correct recommendations when i'm on youtube There are certain sites that I prefer to support Whenever I know that they are You know tracking my my location or my information whenever i'm visiting their website Not many but there's a few that I want to support So I do use incognito mode when for example I'm traveling and I do need to connect to wi-fi. I will use that alongside a vpn So I have kind of that double security And he's right We we shouldn't be mixing incognito with vpn because they are used for separate entities just like he said And i'm sure y'all have discussed before so yeah, I I could definitely understand his point of view and um, there are parts of it that I absolutely agree with But I am definitely not a religious incognito mode user at any in any sense. Yeah Well, Sharon, we're glad you made it back from defcon in one piece and we look forward to doing this all again next year Let folks know where they can keep up with all your fabulous work. Well, thank you. Yes. I lost my voice But I'm here on patreon.com slash threat wire I will be releasing a defcon wrap up over there as well Which will cover a ton of information about defcon including some of the stories that we talked about here today on dts So definitely check it out and i'm really looking forward to it Thanks to our patrons as well You're wonderful folks You can become a dts member and then you're a page and and get an ad-free rss feed You get special episodes how we make the shows and behind the scenes stuff Sometimes we look back on tech news of the past over the last week tom's most recent editors desk covered public Key cryptography rogers weekly newsletter covered productivity tips for file management And you can get all of that along with dts and gdi as a patron sign up today patreon.com slash dts reminder tom married is out because Well, he's going to world con but there is going to be a Dublin at dts meetups So if you are in Dublin on saturday august 17th at 6 p.m At laguna, which is right in front of mayor square the stop anyway on the red line Uh, you know go go say hi. Bye. I'm a beer and please peruse our fine selection of dts stuff Have you been there lately? Maybe you need a new t-shirt. Maybe you need a mug daily tech news show dot com slash store Our email addresses feedback at daily tech news show dot com and we're live monday through friday at 4 30 p.m Eastern 2030 utc you can find out more at daily tech news show dot com slash live back tomorrow with scott johnson talk to you then This show is part of the frog pants network frog pants network get more shows like this at frog pants dot com Simon club hopes you have enjoyed this bro