 Coming up on DTNS, did Apple make a good move with Siri? The cyber attacks you should be worried about, and cyber gendarmes to the rescue. This is the Daily Tech News for Wednesday, August 28th, 2019 in Los Angeles. I'm Tom Merritt. And from Studio Feline, I'm Sarah Lane. From Salt Lake City, Utah. I'm Scott Johnson. And I'm the show's producer, Roger Chang. We were just talking about metro lines, subway lines in Los Angeles of all places on Good Day Internet. We were also talking a little bit about Wi-Fi and night mode on the Mac. Get all kinds of cool content when you become a patron and get the full Good Day Internet experience at patreon.com slash DTNS. Let's start this show with a few tech things you should know. Nikkei reports it has sources who say Google is planning to move some production of the pixel from China to Vietnam. Reportedly a plant in Bac Ninh province that used to make products for Nokia is being converted to pixel production. The report also claims that Google aims to double production to 8 to 10 million smartphones by the end of 2019. Sources tell the Wall Street Journal that Team Telecom multi-agency paneled by the U.S. Justice Department is objecting to the almost complete 8,000-mile undersea Pacific light cable network connecting LA to Hong Kong. Team Telecom reportedly cited fear over possible threats posed by China to the U.S. national security. The project is backed by Google, Facebook, and private Chinese company Dr. Peng Telecom and Media Group. Team Telecom is said to question Dr. Peng's ties to the Chinese government amidst ongoing protests in Hong Kong. The undersea cable's temporary permit for construction expires in September. Telltale Games, which shut down last year, is maybe finding a new life after assets were purchased by LCG Entertainment. The new company will sell some of Telltale's back catalog and says they're going to work on new games and licenses based on Telltale properties like the Wolf Among Us, Batman, and Puzzle Agent. Previous Telltale licenses included Borderlands, Game of Thrones, Guardians of the Galaxy, and Minecraft. Those weren't announced. Telltale's previous plans to release a game based on Stranger Things are off. Netflix owns those rights, so maybe they'll come back up. Who knows? ZTE back in the U.S. market with the Axon 10, which starts at $550, a little less than the 600 euros that it costs in Europe, for a 6.47 inch, 2340 by 1080 ammo lead screen, minimal bezels, in-screen fingerprint sensor, triple rear cameras, and a pair of USB-C headphones and a USB to 3.5 millimeter adapter to make up for the fact that it doesn't have a headphone jack. The Axon 10 is designed to support GSM network, so AT&T and T-Mobile are good, CDMA networks like Verizon and Sprint can't really make use of it. Pre-orders start today direct from either ZTE or third-party retailers like B&H with shipments mid-September. All right, let's start with MIT Technology Reviews. Patrick Howell O'Neill posting a story yesterday titled, The Middle East is already a cyber war hotbed. Things just got worse. Now, sometimes I look at these titles and I get a little, you know, raise my eyebrow and say, well, that's overdoing it. This is one of those cases and I talked about this on my editor's desk that went out to the patrons this morning, where I don't think it is overdoing it. This is definitely worth you paying attention to. Security firms Dregos and Dell SecureWorks have both published reports on a group code named Hexane. The group has similarities to known Iranian groups and seems to align with Iran's political goals, but the reports do not conclude that Hexane is an Iranian back group. They can't tell, but it seems like they might be. Hexane emerged in 2018 and is using spearfishing against human resources and IT departments to gain access to a medium range potential for espionage. So we know they're trying to get into networks. It looks like they want to try to steal stuff. We don't know what else they want to do. It's unknown if the attacks aim to get at operational technology of oil and gas companies, which are the targets. So it could be that they want to go after SCADA systems and stuff like that, but we don't know that. There's a lot of stuff we don't know in these reports, but we do know that oil and gas companies in the Middle East are being targeted by this group and others. Disruptive attacks are rare, though they do happen. O'Neill notes the case of a 2012 attack on Saudi Arabia's Aramco and Qatar's Rosgos that used Shemun malware to delete files and cripple tens of thousands of computers. So Hexane might be after some sort of disruptive behavior like that. O'Neill points out there are many groups of such attackers in and around the Persian Gulf. They are attracted to the oil and gas industry there. And earlier this year, a group called Magnalium was discovered targeting U.S. government, financial and energy companies. The U.S. itself has called for attacks on Iranian weapons systems, as well as believed to be involved in the Stuxnet worm attacks on Iranian nuclear energy development. So this is not a, oh, there's an Iranian group targeting oil and gas industry. This is, there are multiple groups. Some of them look like they might be backed by Iran. There's also efforts that are backed by the United States and other nations. We've got a mess of different groups trying to attack oil and gas industry interest in the Middle East. And whatever you feel about the oil and gas industry, the way the world works right now, that is a major supply of energy for the world. And if one of these groups were to gain an upper hand and cause disruption, that could cause a widespread impact on your life worldwide and it could cause worse things, possibly a war. Today is the day I officially wish that I was in multinational security business when it comes to cybersecurity. Because I just feel like with every one of these stories, both the ones that are maybe a little bit out there and those that are a little closer to the bone like this one, just keep reminding me that there is a huge future for better security. And that means everywhere. And I think that's going to be a growth business within the tech sector for a while. It already has been. I mean, who are we kidding? But I feel like it's about to take on new life. You're starting to see parts of the country or parts of the world that they weren't known for cyber attacks. They weren't known so much as a place. We're a hotbed for this sort of thing. And we're running out of places like that. It's getting to the point where security is paramount across the board all the way down to what I have on my phone. So this is a good reminder of that. This is not a panic and run for the hills, folks. If you want to pay attention to the region of the world where the most significant cybersecurity issues are happening, don't look at the headlines. Look at the Middle East. Oh, look at this back in May. Remember May? May was this year. Elegram canceled its initial coin offering of cryptocurrency called Graham GRAM. However, if Telecom does not launch Graham by October 31st, it has to give up the $1.7 billion it raised in pre-sales of the coin. Now the New York Times reports Telegram plans to deliver the first batches of Graham coins in the next two months. Sources told the New York Times that Telegram will continue, sorry, will create a digital wallet for the Telegram users to store their Graham coins. So canceling an initial coin offering when you clearly have raised $1.7 billion from private investment investors, that's a legitimate reason to be like, we don't actually need an ICO right now. So the fact that if they miss a deadline of October 31st and all the private investors get their money back, they can still revert back to that ICO plan. It doesn't mean that Graham is dead in the water at that point. Well, I think that may be more difficult than it sounds because the pre-sale of $1.7 billion was like venture capital, right? The idea is I'll put some money in here because the stock I'm getting privately will become public stock and I'll be able to sell it for a lot of money, right? The idea here is not stock, it's coins. I will pre-buy your coins before your ICO, then you'll do a really fancy ICO, the coins will shoot up in value and I'll be able to make a bunch of money. So if telegrams- Right, without that valuation based on the investment, it's a harder sell to the public. And telegrams using that $1.7 billion to build the coin. So it's easier said than done to give it back too, I think. I mean, what I'd like is for, I apologize to the world for what I'm about to say. I hope that they back it with gold so that they'll be called golden grams. That's all I had to say there and I apologize. The rumors that this will be tied to gold are not true as far as we know. There will be no golden grams. Way better than my doing it for the gram joke that I made in our preparation show. Yeah, a lot of stories are comparing this to Libra. This is not comparable to Libra at all. This is an in-house currency. It's not tied to basket of currencies. It's not meant to be used widely outside of telegram. It's meant for telegram users to use it. And yeah, it's private like telegram is, but so are most cryptocurrencies. So that's not even unusual itself. I think because people are freaking out about Libra, anytime you just bring up somebody coming up with a cryptocurrency, it makes people freak out, especially if they got a social network tied to it like telegram does. Well, assuming that telegram really, really, really wants to keep that $1.7 billion to build out a lot of infrastructure, and the fact that a source is telling the New York Times, yeah, the companies think that they'll meet that deadline. I'm sure it's in telegram's best interest to do so. Yeah, they don't want to give that money back. I think you're absolutely right about that. Let's talk about smart watches. Got a new one from Fitbit. Fitbit's new Versa 2 smart watch now includes an onboard microphone for that Amazon Assistant you might know and love. Yes, supports her. At 1.4 inches, the successor to the original Versa is 0.05 inches bigger. With not really a smaller bezel, it's quite a bit bigger, at least from the reviews. Although Fitbit also upgraded the screen from an LCD to an AMOLED for deeper blacks and brighter colors, easier to read outside. The Versa 2 also has a single physical button used to have three. Now includes an always-on display, so you can tell the time, even when the watch is asleep, nice. Spotify integration is now included. There's some new sleep insights. It has over five days of battery life, used to be over four. An upcoming smart wake function rounds out some nice new specs from the previous model. The Versa 2 order starts on September 15th. They start at $200, which is the same price as the original Versa. There's also a special edition bundle. You get two watch bands, and you also get 90 days of free Fitbit premium for $230. I would seriously consider this. When I've heard about the screen, these are the two big selling points. The screen and the use of Amazon's assistant support, those are huge for me, because that's kind of what I use my watch for now. That price is a lot lower than what it costs for me to get a new watch from Apple, an Apple Watch. I'm going to have some of the same integrations that I already use for texting and other things, notifications. I like the focus on fitness, and I really like Fitbit. They really actually kind of sold me with this. I thought they were going to come out of the gate with a much higher price for some of these features. To hear that it's still at $200, I would consider this. Maybe even this year, I'd consider it. It seems decent. Yeah. I think it's interesting. Fitbit's not the only company we've seen doing this. Peloton comes to mind as well. The new watch is better in every way as the same price as the old one. But if you want a spring for the $230 version, we'll throw in three months free, a Fitbit premium, and they're hoping that you'll like it so much that you'll keep paying after those 90 days are up. That gives any company really a way to say, okay, hardware upgrades, yes. But now you've got this whole other subscription thing where we can lock you into getting money from you for a longer period of time that might be totally worthwhile for you, depending on your fitness goals. Fitbit premium has customized workouts, depending on what your goals are and more in-depth sleep analysis. And it seems like a pretty cool package if you want to make use of everything available. It does feel like wearables, at least the Versa 2s, have got to the point where the hardware isn't changing much. There's not something revolutionarily and new about the form factor, about the hardware, about the specs. It's all about the features. And we've gotten to that point with phones recently. Feels like we got there much faster with wearables. Maybe that's the nature of wearables, though. Maybe I'm reading too much into that. Well, I think wearables are, I mean, they're really just extensions of the iteration phones have been seeing over the last few years. And I think they got there quicker because we were already sort of there. So now it's about battery and length of battery life and features are dependent on phones more than they are on the watches these days. Like, I just think they got there quicker. But you're right. We're kind of in that space where we've gone as just about as far as we can with these things. But overall, now it's just like fancy looking designs, but not new functions, really. That's true. Well, it's kind of like when everyone, well, not everyone, many of us just sort of put down the digital cameras finally, and we're like, okay, the digital cameras are great in our phone. And it's an all in one thing. And wearables are kind of, it's kind of the opposite where it's like, there's something like the versus two where you're like, Oh, it's everything to watch. It's a fitness tracker. It's everything. But then you have just simple fitness trackers to that are less money and are more acting like feature phones where it's like, Okay, well, it does last, but I don't need it to do all of those things. You just have a lot of choice at this point. Yep. We'll see how it goes. Facebook announced Wednesday that starting in mid September, political advertisers will need to provide more information before their ads will run on the service. Commercial businesses, nonprofits and NGOs will have to number or sorry, provide their tax ID number. Government and military will have to have a domain name and an email address that ends in dot gov or m i l for military and political action committees and parties will have to give their federal election commission identification numbers. Seems like stuff they should have done in the first place. Anyway, as that run under this program will include an I button that can be clicked to verify who paid for the ad. Smaller ad buyers will have to submit name, address, email and phone number for their organization, which Facebook will verify without this information, ad buys will not be able to sorry, will not be able to use an organization's name. So as a user, you should look to see if that button or disclaimer is there with an organizational name exists. And if you have that, then you got to provide it if you want people to see your political ad. I again, I feel like this should have already happened. I don't know why just Well, because there you don't need to do this for advertising in other arenas. This is Facebook going the extra yard to say, you know what, we want 100% verify that, you know, you are who you say you are, and you can't have a disclaimer that says paid for by the Republicans who love dogs, unless you are literally registered as a political action committee of the Republicans who love dogs. If somebody submitted an ad that said, we make a widget and this widget will, you'll never have another back itch ever because our widget fixes that here's the ad for it. They want to have some kind of verification. No, no, they don't. I mean, maybe they want They should is what I'm saying. You, you don't advertisers don't want that they want to be able to just buy the ad and put whatever they want on and there's certain speech issues around that. Yeah, that's why I bought a terrible dog bed. Right. So, you know, the First Amendment plays in here, but political speech has different rules in the courts have ruled that you can be a little stricter with it. So they can put a few more breaks in the way. It's a complex issue. I'm sure what I said already is not technically true. And there's some political lawyer out there going, well, Tom, that's not exactly right because this is really complex stuff when it comes to the rules around politics. But the upshot of this is not Facebook finally deciding to figure out who's spending money on political ads. It's Facebook saying we want to make it clear who paid for the ads. And now we're going to get even more documentation about that. It's a verification system that yes, you as the end user who is absorbing information, it's still on you to like try to weed out the the real from from something that that may not be. But because we're all very busy, having something like what Facebook has built for a political ad when you're scrolling quickly and maybe doing a bunch of other things is really helpful. And if something is legitimate and doesn't have that, you go, well, why not? Because Facebook being the police, right? If I buy ad time and I say something that's not true, you don't sue the television company that I bought the ad time from you sue me and say you shouldn't have been saying that Facebook stepping in and going, you know what, we're just not going to wait for that to happen anymore. A French team of cyber gendarmes has destroyed a virus that infected more than 850,000 computers worldwide. Avast, the virus antivirus makers security company alerted France's C3N Center last spring of a possible private server that was sending a virus called Retadoupe to Windows machines in 100 countries, mainly in Central and South America. The virus created a botnet used to control computers without the owner's awareness. That's usually the way botnets work. The botnet would mine cryptocurrency Monero in most cases, conduct ransomware operations, even steal data from hospitals and patients in Israel. C3N chief Jean Dominique Nollay told France into radio the team located the command server and made a replica server that would render the virus inactive. Got some cooperation from the United States FBI to help block traffic and redirect virus activity to that replica server. This is a big botnet at 850,000, may not be the biggest effort, but it's a big one. So taking it down avoids a lot of harm that it could have done potentially. And it's a credit to France's C3N Center. We see these kind of botnets come down from time to time. But in the past, it's been Microsoft and the FBI shutting down dark bot in December 2015, or the FBI and the Spanish police cooperating for that huge botnet arrest in April 2017. A few other countries were involved in that as well. Of course, Marcus Hutchins, a.k.a. Malware Tech led an effort to stop WannaCry in August 2017 by registering a domain name. So this is not unprecedented, but it's really interesting to see more than the usual suspects involved in taking this down. It's not just a security company or the US FBI. Francis C3N showing some skills here. Do people who are part of a botnet ever get notified? This is such a weird side question. They often do. Yeah. Okay. So if I look at a computer that I've not kept up to date and is totally exposed and is a zombie in this botnet thing, I might get told? You might. It depends. It's different every time. And I don't know in this case if this server, they are leaving the server up for a while so that if someone turns on a Windows machine that hasn't been on for a while, that was infected, it'll be able to fix it. But yeah, I know you're, you're personalizing it and saying, wait a minute, could my machine have been part of this? Because you always hear about these huge botnets. I'm like, am I ever been one of those and not known it? Yeah. Yeah. It's kind of like those notices you get in the mail sometimes like that you could be part of a class action lawsuit and will be awarded $2.50 cents. If they were actually part of it. I haven't been in Darkbot where the FBI did push a notification, but sometimes they don't want to do that because that's more intrusive than they feel comfortable being. It's more passive to just replace the server. And then that fixes it. Yeah. To get all the tech headlines each day in about five minutes, be sure to subscribe to DailyTechHeadlines.com. All right. Back on August 1st, if you recall, in the parade of revelations that Voice Assistants were recording you, shocking, and then in some cases, the companies were using some of those recordings to review, Apple suspended the review of its less than 0.2% of Siri Voice recordings by contracted companies. Usually it's a company that they contracted to review these things in order to improve the virtual assistant. So Apple since August 1st has not been doing that. Apple has now announced it will reinstate reviews later this autumn. They're not reinstating them now. They're reinstating them later this autumn when a software update comes out. And that software update will leave audio recordings unavailable for Apple to review by default. So it's opt in if you want your recordings to contribute to the improvement of Siri. Well done, Apple. This is the right way to do it. I don't have to opt out. I can opt in. So they're going to leave them off, but they're going to add a software update that will allow you to go, you know what? I don't mind. I would like to contribute my voice recordings potentially to this. And there will definitely be a prompt. It's not like you have to like go hunting for that because Apple would like you to say, yes, I'm willing to do this. And even if you opt in, it doesn't mean your voice recordings will be reviewed. 0.2% were used. I don't know that percentage might go up, but they're not going to review every single one. They don't have that many people. So it doesn't even automatically mean they're going to hear what you said, but you have control over it. That's good. Apple also announced that from now on, only Apple employees will review the recordings. So this will not be a contracted out behavior anymore. Apple's going to say only our full-time employees only are, well, maybe they're part-time employees, but our employees will review the recordings and they will delete ones or they will make an effort to delete ones anyway that they determined were inadvertent. Now, one of these things that I know this bugged Marco Armin a little bit, computer-generated transcripts of what you say will continue to be used to improve Siri. So when you talk to Siri, Siri turns your voice into text. That text is stored and that stored text will continue to be reviewed to see how well Siri did with it. But that's not your voice. That's not the sounds in the room. It's the same thing that you're seeing on your screen when you're voice to... Yeah, I guess maybe there might be some personal information in there, but I'm already sharing my email with this device. I'm already sharing so much personal information with this device. I guess maybe I don't want that to be reviewed and I would like to opt out of that if Apple wanted to be perfect. Which would mean Siri would have to be some sort of, I don't know, a list of local common questions and commands where it wouldn't be completely useless, but if you really wanted to, you could lock it down. The perfect way to do all of these voice assistants would be to say the model is trained and then we deploy it onto your phone and then what you say to it never leaves your phone. But right now it's not possible to do that well on device. Someday it will be. I worry or I don't worry. I wonder if they've already got more than they could expect to get out of learning enough. In other words, I'm actually where this is going to hurt Siri. I don't think Siri will benefit from less... I might say how would you tell? There's no way to know exactly, right? So I feel like on one hand I'm like, well then Apple, I like that you're letting me opt in. I'm always asking for this from everybody. I want to opt in, not opt out. And now that they've done it, I'm like, oh yeah, but what did we lose for that? I think about that for a minute. We've lost a lot of people who aren't going to bother to figure that out or don't know and never will or just skip through the prompt and don't even know what it asked. I'm actually less concerned about the number and more concerned about the selection bias. So suddenly now you're introducing a selection bias that says you're going to be trained on voice from people willing to be heard. Maybe that may, I don't know, but that may be people who make fewer mistakes because they know Apple's listening. And that's a great question. I don't know. I'm going to be the first to turn it on because I would like the service to get better and I don't really care what it hears. But now, I don't know. I don't know. It's a weird thing because I want it both ways and that you can't. It's the kind of thing you can't have both ways. I do care what Apple gets from me, but I will also opt into this because Siri is horrible, let's be honest. And I use Siri more and more because for a while I was just like, eh, I just, I don't know. I'll go about it the other way. The Google Assistant is so heads and shoulders better about understanding what I'm saying, almost 100% accuracy and Siri is always wrong. But because I have a car that supports CarPlay now, I actually do use Siri quite a bit when I'm, when I'm in transit and I kind of, it's so convenient for lots of reasons that I'm like, just get better, make my life better. So I think Apple's doing a good thing here. I think the only thing I ever ask Siri for is to set the timer for two minutes. I don't think I've ever asked him for anything else lately because I just assume he's going to show me web results pretty much every time. I do. I don't do anything that would give the web results, but I have gotten used to doing timers. Like you said, alarms, set a reminder. I can do calendar stuff. What time is it? I do use it for a reminder. That's a good point. A few things like that. But again, at this point, there's nothing that it does that a Versa two won't do for me come this fall. So I feel like maybe I'm less interested in Siri as time goes on, but you know, whatever. I mean, at this point, maybe, maybe they're feeling that way too. And we're looking at a next generation voice assistant out of Apple at some point. I think Siri will get better. And it would, despite whether the training set of data is impacted or not, we'll say that. Well, thanks to everybody who participates in our subreddit, whether or not you Siri, you are welcome. Submit stories and vote on them at dailytechnewshow.reddit.com. We're also on Facebook, Facebook.com slash groups slash Daily Tech News show. Let's check out the mailbag. Yeah, this one came in from Ryan. And this actually is in reference to last Friday's show. Shannon Morse was our guest. Ryan says, you and Shannon, we're talking DoorDash and had a little confusion over the practice of adding a tip before the service has been rendered. At a business conference this summer, I had the pleasure of spending a lot of time chatting with international sales coaches who gave me some insights as to the origin of the word tips. Now this is coming from the coach that talked to Ryan, who said the word actually started as an acronym, T-I-P-S, which stands for to ensure proper service, meaning it was an extra value given to the service provider before service was rendered to incentivize them to provide service above and beyond what might be expected at the normal purchase price. Ryan says to me, this still seems like a practice that has been used alongside a fair wage system rather than the current method used in restaurants of forcing the service payroll onto the customer. Either way, after hearing your conversation about it today, I thought it was an interesting anecdote. Yeah. I mean, I was like, that's what tips I can be pedantic and say like, I don't know that tips originally meant that it might be a background, but that's a good day internet topic. The point Ryan's trying to make is, yeah, your tip is meant to reward someone for good service. And with DoorDash, I don't think you guys were confused. You were just saying, oh, that is interesting that you can put your tip up front. But I know Uber Eats works this way. I think DoorDash does too. You can change it later. You can say, go ahead and add 20%. And then if your service is awful, there's a period of time in which you can go like, actually, no, don't give them 20%. They were bad. But if you don't do anything after a certain period of time after delivery, it automatically goes in. So it's a way to say like, I don't want to forget to tip them. Let me just do that now. Sure. Yeah. Well, we weren't confused, but we did both agree it was a little wonky based on, I think Ryan's point, which is a tip is sort of the whole thing originated to work a certain way. And we're kind of living in a new world now. So with the understanding that everyone wants the delivery folks to be getting their fair share, yeah, it's a concession to make. Thanks to everybody who read into our mailbag. And thanks to Scott Johnson for being with us today, Scott. What's new in your world? Oh, whole bunch of stuff. Go over and check it out at frogpants.com. Lots of new shows and stuff happening. A couple of reworks of a few things. And there's always something to catch. I got more shows today even. So if you're interested in a lot of podcastory and you're looking for a lot of diverse, nerdy type of topics, check it out. It's over at frogpants.com. You can also find me as usual on Twitter at Scott Johnson. Our entire operation here is just us. I'm surprised sometimes how I get people like, well, some interns probably going to read this or like, can your operation? It's like, man, our operation is me, Sarah, Roger most days. And then we have Scott on Wednesdays and Patrick Beja on Tuesdays and Shannon comes in. But this is an independent organization. We're doing our best to help you be the smarter person about technology in the room. And the way we can do that best is to remain independent of any corporate master or big funder. So we take small donations from people who want to support the show and we give them things in return, like my editor's desk today or Roger's column that's going to come out tomorrow. That's patreon.com slash DTNS. We use that to stay independent. So if you want to support us as an independent voice in the technology world, please go check it out. Patreon.com slash DTNS. Here, here. Our email address is feedback at daily tech news show.com. We love hearing from you. So keep them coming. We're also live Monday through Friday, 4 30pm Eastern 2030 UTC. Find out more at daily tech news show.com slash live tomorrow with Nicole Lee as our guest talk to you then. This show is part of the frog pants network. Get more at frogpants.com.