 Coming up on DTNS, location tracking is more precise than you think. Airbnb isn't a real estate broker, or is it? And a win for everybody who hates robocalls. This is the Daily Tech News for December 19th, 2019, from Studio Redwood, I'm Sarah Lane. I'm Shannon Morse from Studio Snubs. And I'm Roger Chang, the show's producer. Producer. Roger Chang. Roger Chang, everybody. Before the show, we were just talking about flight plans and landings and Shannon Morse's ham radio name and all sorts, all sorts. It's called a call sign, Sarah. A call sign. Yeah, well, I've got a lot to learn, clearly. Lots of good stuff happened on Good Day Internet before the show. You can join in on the fun by becoming a member at patreon.com slash DTNS. A quick reminder that Tom Merritt is out. He's on vacation starting today. We're missing you, Tom. But we've got a great show ahead. Let's start with a few tech things you should know. A regional court in Frankfurt has banned Uber in Germany. Taxi Deutschland, the plaintiff in the case, had argued Uber does not necessarily have a licensing to offer passenger transit services and rental cars. Drivers aren't returning to Uber's headquarters after accepting a ride request. And drivers received jobs directly in the app without at first being received by the company. Taxi Deutschland seeks provisional enforcement followed by fines starting at 250 euros per ride, up to 250,000 euros per ride in the case of repeated offenses. Yeah, that's a lot. In 2015, a German court forbid Uber from letting drivers use their own cars. Uber did not respond about whether it intended to appeal the ruling. Yeah, Taxi Deutschland saying you're not acting like a taxi company. Ooh, you should be fine. Tevo announced a $3 billion merger with Xperia. If you haven't heard of it, it's an audio, imaging and computing company. The Xperia name will stay, but will also sell entertainment services under the Tevo brand alongside Xperia's own DTS, HD radio and IMAX enhanced brands. The new company will hold over 100,000 patents. So you can see where the merger comes in handy. Also patent applications with minimal licensee overlap. CEO of Xperia, John Kirschner, will be the new CEO of the new company. Tevo CEO, David Hull, will continue as a strategic advisor. Prior to the announcement, Tevo had said it planned to split itself into two separate companies. Well, it's another day in another breach. No surprise there. Around 170 million Zynga users may have been compromised by a September password breach, according to have I been pwned, which would rank the Zynga hack as 10th in all-time largest hacks of user information. Back in September, Zynga did tell affected users that login information for certain players of draw something and words with friends may have been accessed, but the size of the breach was not disclosed. Yeah, a couple words with friends, friends. I know who's still playing. I was like, better change that password. Not kidding. Google Stadia has acquired Montreal-based Typhoon Studio, a game development house. Stadia wants more internally produced talent to create exclusive content for the Stadia platform, which launched in November for early adopters. All right, Shannon, let's talk about Facebook wanting to build its own OS. Yeah, so interesting. The information reports Facebook is working with a co-author of Microsoft Windows NT, Mark Lukowski, to build a new operating system for its hardware like Oculus and its augmented reality glasses and get them off of using Android. Facebook's smartphone apps will remain available on Android's though, so they're not cutting Android out. And Facebook's VP of hardware, Andrew Bosworth, said the company needs to make sure that the next generation has space for them. And quote, we don't think we can trust the marketplace or competitors to ensure that's the case. And so we are gonna do it ourselves. So in other words, Facebook does not want any future issues with Google to derail development in their space. Yeah, and it doesn't sound like they're really mincing words. I mean, they didn't say, hey, if we go to war with Google, it's going to hinder our VR plans and make it hard on us. But that's essentially what Bos was saying. And I think that makes a lot of sense. I'm not sure why they've chosen, the person that they've chosen to helm the operation, but he certainly knows what he's doing. I wonder, yeah, what that operating system is gonna look like, how Facebook will build its own other services, you know, and also offshoot brands like Instagram, you know, and its own messaging app and its various privacy settings into stuff like this when it has complete control over its own OS. But it makes a lot of sense that the company would want to do it. Whether or not it's going to come off without a hitch, yet to be seen. Yeah, definitely yet to be seen. It's not surprising that they're choosing to do this since they do want to kind of get off of Android. And it's also not the first time we've seen a company decide to build their own operating system. So this shouldn't stress anybody out if they are really in tune with the Facebook development or they're really interested in developing with Facebook on top of their own brands because it's likely that they will still use some kind of backend that we've already seen like Unix or like Android SDKs or something that's very similar. So hopefully when it comes to a consumer market for consumers, at least the user interface will be something that will be easy enough to use. Yeah, and our developers, I wonder, you know, how much this kind of scares somebody who's gotten pretty deep into the Android way of life. Exactly, yeah. So we'll see. It's going to be pretty interesting. Not that I will use it necessarily, but I do want to make sure that Oculus survives because I have been a long time friend of Oculus itself. Well, there you go. And yeah, Oculus has definitely been named in something that's it's going to enjoy the new operating system when it drops. In other Facebook news, but this is very different, Facebook responded to an inquiry from Senators Josh Hawley. He's out of Missouri and Chris Coons of Delaware about why the company tracks user's locations even when the user's tracking services are turned off by those users. Facebook's letter explained in response that it can estimate user's locations used to target ads based on what they tag in photos, where they went, or the device's IP addresses, even when those users have chosen to reject location tracking through their mobile OS. So not even within Facebook through the OS itself. The company said this information is helpful. It can alert users to when their accounts have been accessed in an unusual place somewhere that they probably might not be. Also helps to cut down on the spread of false information. The lawmakers now say, no, Facebook should give users more control over their data. This is not a sufficient explanation and are urging Congress to take further action. Shannon, what do you think? I mean, I think Facebook, they make a couple of points where you go, okay, that would come in handy, but this sounds more like they just wanna keep tracking people and be left alone. Oh, of course they do. As somebody who does not have Facebook installed on their phone and chooses to only use it from a desktop when I'm at home, their location tracking is something that I have definitely had a concern about. But with that said, I'm also very aware of the fact that they use face matching when somebody takes a picture of you. So if my sister has Facebook on her phone and she takes a picture of us while we're out at a restaurant, Facebook will probably be able to tag me based on my profile and based on the fact that I was with her and figure out where my location was as well. So just because Congress is looking into it doesn't mean that Facebook is already going to be doing some of that backend type of processing. But I'm glad that they're taking this step and taking that initiative to kind of put Facebook in their place when it comes to collecting so much data, especially if it's not extremely clear to users what they're doing with it and how that data is being collected. Yeah, it sounds like Facebook wants, hopefully the argument to fly that listen, the IP addresses and people tagging themselves in various places, those are just things that we can know. We're not doing anything illegal here. However, when it comes to Facebook and the size of the company and the fact that there have been so many privacy issues with the company in the past and the fact that the government really wants to pin Facebook on as much as it can, certain people in the government anyway. It is not surprising to me that the folks who had opened the original inquiry do not think that this is a good enough excuse. I hope they keep pushing it, to be honest. Airbnb has avoided more regulation by city authorities after the European Court of Justice ruled that it acted as an information society service and not a real estate agency. The court said the company did not need an estate agents license to operate in France since it was mainly providing a tool for presenting and finding accommodation for rent, not acting as a broker. The Association for Professional Tourism and Accommodation, that's AHTOP for short, had previously argued that Airbnb should face the same accounting, insurance, and financial obligations as traditional providers of real estate under the French ho-get law. Hopefully I said that correct and can lead to criminal sanctions for violations of real estate rules. This is kind of fascinating. Airbnb has had all sorts of legal troubles in various regions for different reasons. San Francisco, great example. The fact that European courts had ruled that it is an information society service and not a real estate agency. And again, this is the association that you mentioned, Shannon, was using a French law. So this predominantly applies to how it's going to go forward in France. But to me, and this is, I am somebody who has been an Airbnb user, staying at owner's places. And pretty soon I'm going to be somebody who will welcome people to my place. So I'm gonna be kind of on both sides of this. It is a little, I don't know if I buy the whole like, we're not a broker. All we're doing is just connecting Shannon and Sarah together because Shannon wants to stay at Sarah's house and then you guys just go off and do your thing. The whole thing goes through Airbnb. I understand the argument that this is merely a platform. The two humans will figure it out from there. Airbnb, all of your correspondents has to go through Airbnb. The insurance goes through Airbnb. The payment goes through Airbnb. It's not as if this is merely a platform that connects people, there's more to it than that. So is Airbnb, should Airbnb be treated differently than like hotels.com, which links you up with a hotel room to stay in? Because through that, your processing is also going through hotels.com, isn't it? I think it would be different, at least in the sense that it's two individuals rather than an individual in a company, whatever that company that owns the hotel would be. That's a good question. And I'm not necessarily saying that this ruling is wrong. I'm just saying to me, I'm surprised that Airbnb would not be considered a brokerage, especially because in so many cities, particularly in Europe, the cities are pushing back saying, you're taking up real estate. You're not acting appropriately and you have too much power. I know some places just don't even allow Airbnb's to exist because they don't want to have to deal with the insurance issues and accommodation issues and everything like that. So it is pretty interesting that they're treating it as a completely different service as opposed to a broker. And yeah, I kind of agree. I'm not sure if this was the wrong choice, but it's an interesting one to make. Yeah, absolutely. All right, the US Congress approved a bill on Thursday to better fight robocalls. Yes. Yeah. I love a good robocall story, especially when they go down. The telephone robocall abuse criminal enforcement and deterrence or traced act allows the Federal Communications Commission to find robocallers up to $10,000 per call going forward. Hallelujah. Trace would require major carriers like AT&T and Verizon and T-Mobile to deploy stir shaken into their network. Some of them have already done that in knowing that this is probably going to happen, but now they'd be required to, letting consumers know if those consumers are receiving a call from a number that the carrier knows to be spoofed. The carrier would know that because the technology allows the carriers to cross verify numbers on their networks to ensure that a call is coming from an authentic number or not. This is awesome. It's awesome. We've talked in the past on the show about the fact that Congress was trying to get this into place. The FCC has been very vocal about trying to get this into place. I would like to think that any robocaller that deserves a $10,000 fine and they all do because I'm sick of them are easily tracked down. Totally sure how that part works, but this is definitely a win for all of us who get eight phone calls a day from numbers that look a lot like ours, but are from people who want to sell us vacuum cleaners and insurance. And when it comes to letting consumers know if they're receiving a call, it's not obtrusive when that happens. Google Fi androids have been doing this for a little bit of time and I use Google Fi, so I'm aware of it. And it just tells you this might be a spam call and then you can choose to block it or not. And it's a very unobtrusive way, a tactic to make sure consumers are allowed their privacy and they don't have to be forced into dealing with a spammer, which nobody wants to deal with. So I'm happy that the FCC is making this happen. We've heard like inklings of rulings coming into place for robocalls, so they've really been focusing on it for the past couple of years and this is great, $10,000 per call. I know I would not want to be a spammer at all. I wouldn't even if I wasn't getting fined. But yeah, I went through the House of Reps, passed the Senate, expected to be signed by the president in the next week. Yep. All right, so California's new statewide earthquake early warning app sent out its first public alert for a magnitude 4.3 earthquake that took place in central California on Tuesday. More than 40 people received the warning, said makers of the My Shake app, which was created by UC Berkeley and released in October on Android and iOS. My Shake uses information calculated by the US Geological Survey's Shake Alert system, which gets earthquake sensing data from a network of hundreds of ground sensors along the West Coast. Earthquake early warning systems are able to send warnings about shaking faster than the seismic waves can move through rock. In Tuesday's quake, the system took 8.7 seconds to issue an alert, and the main issue is that people close enough to the epicenter generally don't have enough time to receive an alert ahead of time. Oh, Shannon. This is great. Well, I mean, it's a step in the right direction. It's a wonderful, I would say like a wonderful test of the system since it is a first time running and so far they've had a good response. So it seems like this is an excellent thing to do. I know myself like even the most recent earthquake, both myself and Sarah live in California and we both experienced earthquakes. The only reason I knew one was coming is because both of my cats stood up and they stared out the window and I heard nothing until it finally came. So previously cats were the only app you had. That was my app. And even then you didn't know if they were just being weird or not. Exactly. Yeah, growing up in California, I had been through lots of earthquakes, some very small, some kind of major. And the fear was always, well, you just don't know, it just happens, right? And there's no warning, there's no hurricane, you know, evacuation option. And that is still, I mean, the window of a few seconds. And again, as the LA Times pointed out in the story, you know, that we got this information from, if you're close enough to the epicenter, the earthquake's gonna hit you before the alert does, but it does kind of ripple out over time. And so if you're not close to the epicenter, but it's big enough that it's something that you should care about, you might get that a few seconds ahead of time and it was a couple of really good ways that you could think of like, okay, well, if you really only have a couple seconds, like what can happen? Let's say a dentist is drilling into someone's mouth. Yeah. Or you have just enough time to maybe get away from an electric wire. Or get kids out of a classroom or under a desk within a classroom. That kind of thing you think, all right, this is worth it. Even if it's not gonna get everybody, if it gets some people, when I say gets means save some people, then that's a good thing. It's funny, a little funny anecdote. I used to take acupuncture for like, for years, and I loved it. And I eventually stopped going because I couldn't get out of my head that if there was an earthquake, I'd be alone in a dark room with a bunch of needles in my body. You know, cause it's like, that's a real thing. That's like a legit fear. That's a good point. Cause three seconds wouldn't save you. But again, there are definitely examples of this being super helpful. And the fact that it was built by UC Berkeley is, you know, it kind of gives it some cachet, some legitimacy. To get all the tech headlines each day in about five minutes, please subscribe to DailyTechHeadlines.com. Great little companion show. All right, Shannon, I'm so glad you're on the show today because I need your opinion about the New York Times opinions privacy project which had a lengthy write-up today about something that's going to freak a lot of people out and it should. The privacy project obtained a file of more than 50 billion location pings from the phones of more than 12 million Americans that were moving around through major cities in Washington, New York, San Francisco, Los Angeles, to big cities. Precise locations of phones over a period of several months in 2016 and 2017, it was provided to the Times by somebody who wanted to stay anonymous who says they had grown alarmed about how the data might be used. The Times said they spent months sifting through this data, tracking the movements of people across the country, speaking with data companies, speaking with technologists, speaking with lawyers and academics who all study this field and know what they're talking about and everybody said, yes, this is alarming. In the cities that the data file covers, it was tracking people from different neighborhoods, different blocks, people who live in mobile homes to people who live in high-rises. It wasn't just a certain kind of person. It was just a lot of people. Now, the searches could see, you know, you think, all right, well, you know, do I have anything to worry about? The searches included people staying overnight at the Playboy Mansion or going to the estates of well-known celebrities. The data, you might say, all right, well, where'd this come from? You know, maybe AT&T or Facebook or the government or who's doing all the surveillance? Originated from a location data company using software slipped into mobile phone apps. So, I don't, you know, I often laugh about these sorts of things, Shannon, and say, well, at least I don't have anything to worry about. But there is a lot of location tracking that normal people doing normal things say, well, that wouldn't affect me, but what if you're going to the doctor? What if a company knows that you might be sick? What if that would affect your insurance because of that information? And so on and so on. So, what are your thoughts on this? How bad is it? It's very, very creepy. And luckily, there are some things that consumers can do to protect yourselves. But I did want to focus on, you know, breaking down the story a little bit more. When they say it's 50 billion location pings for that 12 million Americans, that's not just people that live in those four different cities that they mentioned in the article. That's also people that may have been visiting the city or may have been just staying there overnight or going to a friend's house in the city. I mean, they mentioned the Playboy mansion, but that's also people that are going to and from their residences to their office spaces every day. And like Sarah mentioned, it could be somebody who maybe is going to see a psychiatrist or this kind of location could be used for abuse. It could be used by stalkers and harassers. It could be used by somebody who is just trying to create blackmail on a person. There's so many ways that location data can be sourced and abused against people. And just the fact that this information was released from somebody who was concerned to the New York Times should be basis enough to tell us that this information is not private enough. It's not being kept in a way that people do not have access to it because obviously somebody wanted to leak it to journalists to make sure that the news was out there. Yeah, I think a lot of location tracking and we talked about Facebook location tracking earlier in the show, you go, well, they want to sell you ads. They want to target the right ads to you to make you click on things so that the company gets more money. This feels very different than that. This feels like I'm going to catch somebody doing something. Now, the location company isn't necessarily interested in billions of what people are doing, but the fact that you've got that power to look up somebody's every move for a period of time, over a period of a year and where they went or maybe catch somebody else. That person went to your house. I saw them. I saw them do it. That kind of thing is the implications are so vast. It's mind-boggling. Now, the companies themselves, of course, they were offered the option to reply to the New York Times article. So we did see some quotes from them and their basis was, well, people do consent to being tracked, which you might in a terms of service, but who reads those? And that's assuming that the application, one knows that there's a location tracker built into their app and they weren't like man in the middle and had some SDK installed on top of it without their knowledge. Or two, they want consumers to even know in the first place. The company has also said the data is anonymous, which not necessarily so if it is linked up with an advertisement ID, which is the ID that's sent out to like marketers, et cetera, et cetera from your phone, you can disable that in the settings. But a lot of times people just don't know how and if that data is linked to the location data, it's not necessarily anonymous anymore if they are figuring out what profile, what Facebook profiles link to that location for that residence and that office. So it's very easy to link that information together. So it's not anonymous anymore. And they also said the data is secure. And well, I mean, it was shared with the New York time. So obviously it's not to mention employees could be financially capable by some outsider to take that data and siphon it out for them. There could be phishing attacks on employees. There's so many different ways that this information could get out there that the location data service companies should not be doing it in the first place. That's how I feel about it. And LDR, they shouldn't be doing it. Yeah. And you mentioned, you know, people not reading the terms of service and sure, it's your duty too. And if you don't, well, there might be something that you agreed to that you didn't know because you didn't read it because they're too long. But it is your duty to read it. However, I don't think even if somebody was like, yes, it's okay that such and such company is tracking me because, you know, it's gonna help, you know, with my, you know, how many steps I took today kind of thing. Like there's certain location things where even I am like, yeah, that's fine. You can follow me. But the location tracking apps or location tracking companies that get data from these apps that is not disclosed to us would cause me to think much differently. And that is not something that you get upfront. Yes. It's that convenience over security and how much security is worth your, the convenience in your life. Well, thanks everybody who participates in our subreddit. Lots of security stories there every day because we know you care about this as well. Thanks for submitting stories and voting on them at dailytechnewshow.reddit.com. Also, a lot of security talk in our Discord. You can join by linking to a Patreon account at patreon.com slash D T N S. All right, in the mail back today, Franklin from Chicago, Illinois wrote in and he was talking about our gift guides from Tuesday's show. He said, on a recent episode, you mentioned the value of extra charger cables as gifts. In fact, I think that was Tom. Chaffin, I hope I'm saying that right, Franklin. Chaffin says available through Amazon sells a variety of inexpensive charge only cables with multiple ends. So you can have a single cable that has a mini and USB-C connector, lighting connector, sometimes more than one of each type. They're nice cloth-bound cables and as charge only you avoid the need of grabbing a USB condom, he calls it, to protect your device from hacks hidden in public charging stations. I have several that I keep in my go bags for use when I'm on the road. Yes, they are USB condoms and yes, everybody should have one. Stay safe, everyone. Condom dongle, you know, I guess these terms can be a little borderline sometimes. Hey, thanks to Shannon Morris for being with us today, Shannon. This was, it was a perfect day for you because there are so many security stories happening right now right before the holidays, kind of strange Thursday, but you know, it's right up your alley. So thanks for being with us today. Let folks know where they can keep up with the rest of your work. YouTube.com slash Shannon Morris is the place to go. If you are interested in security and privacy with consumer technology, if you're interested in staying safe while you travel, especially during the holidays, definitely check out my channel. I've been doing a lot of privacy work over there, as well as snubsy.com slash threat wire for the news every week on security and privacy and internet freedom. Very good. Hey, want to thank everybody who is a patron of ours. All patrons, we love you. Big hug from us. DailyTechnewshow.com slash support is where you can learn more about joining our Patreon community. Hey, we wanted to remind everybody that Ritual Misery Productions and DiamondClub.tv are presenting the fifth annual Diamond Club New Year's Eve streamathon. Gosh, it's coming right up. We're ringing in the new year and every time zone with 27 hours of games. Well, they are anyway. I wasn't invited, but that's okay. I'm going to be watching because that's what I do on New Year's Eve. Live podcasts, talk shows, lots of good stuff. They're raising money through extra life to benefit the children's miracle network hospitals. So good cause. So if you're around, you want to come have some fun, help a great cause. The streamathon starts at 4.30 a.m. Eastern. That's 9.30 a.m. UTC on December 31st. That is New Year's Eve. Twitch.tv slash DC streamathon. Join the folks. We also have new Patreon Reward merchandise. We're celebrating six years of DTNS and Len Peralta. Our friend who will be on the show tomorrow created a six year anniversary DTNS logo. If you back certain levels at patreon.com slash DTNS for three months, you can get stickers, posters, mugs, or a t-shirt. Get the details at patreon.com slash DTNS slash merch. And our email address, if you've got feedback for us and I know you will always do because I read them every morning is feedback at dailytechnewshow.com. We're also live Monday through Friday, 4.30 p.m. Eastern, 21.30 UTC. And you can find out more at dailytechnewshow.com slash live. Tomorrow I am out, but Rich Strafolino and Amos are taking over DTNS and joined by Justin Robert Young. See you then. Well, I hope you have enjoyed this program.