 Coming up on DTNS Yelp and Grubhub pull a fast one on phone numbers cyber attacks increase against manufacturing and Google's promise to use recycled materials This is the Daily Tech news for Tuesday, August 6 2019 in Los Angeles on Tom Merritt and from studio feline I'm Sarah Lane and from studio sailor snubs. I'm Shannon Morse and I'm Roger Chang the shows producer We just finished figuring out how to solve all condensation on mugs And cups in the pre-show you can listen to that and more We have extended conversations about all kinds of things at good day internet patreon.com slash DTNS gets you access to that Let's start this here round up with a few tech things you should know Google is shutting down its trips app and adding the functionality into its maps app and search features Notes and saved places from trips will still be available in search as long as the user is signed into their Google account Google updated its travel site back in September of last year and users will soon be able to add and edit notes from Google trips in its travel section to access things like save attractions flights and hotels for upcoming and past trips and Two or three of you are very excited that Apple's new credit card is now in preview rollout The rest of you will get excited when general availability comes to all iPhone owners in the US later this month Apple says it randomly invited some people who signed up to be notified about the Apple card to sign up early sign-up process Requires you to have iOS 12.4 a physical address birthday income level and last four digits of the social security number But then you get real-time approval apparently if approved the card just shows up in your Apple wallet And then eventually you get that free titanium version as well Let's talk a little more about what's going on with the help and grub hub Shannon Vice reports that when customers tap on a phone number listed in Yelp to call a restaurant a Different number is dialed that forwards to the restaurant The hidden number is a grub hub number used to track marketing calls grub hub can bill Restaurants a commission of up to 30% for that referral according to the verge in June new food Economy found that grub hub referral numbers were also listed on dummy websites about restaurants grub hub told the verge that its Contracts with restaurants allow for that behavior and the practice is similar to referral links to websites, but for phone numbers Yeah, so if you're you're trying to figure out what this means you'll see the number 618 664 1010 you'll tap it and it'll dial 314 6 6 8 2020 and you'll be like wait that's not the number that I tap but it will still ring the restaurant because it's referring through this number that grub hub can track and And and that allows them to charge the restaurant now the restaurants know this is going on They know they're paying for these referral numbers, but they may not know that Yelp is Doing it which may mean they're losing a lot more money in referral commissions than they might have expected Now grub hub does have a partnership with Yelp. So as you said, this is totally legal They're completely allowed to do it But unfortunately it feels so shady just for the fact that this is allowing them to take up to 30% Which is a very very high fee Especially if you're considering smaller restaurants like mom-and-pop type restaurants You have such a very minimal scale with which you can be a profitable business at that point It's that's a big fee Yeah, the vice in the vice article that Where the reporter explained how this is happening the the person who was at the restaurant on the other line when you said Well, what was that kind of like middleman message that I got about the call being recorded? She was like, I don't even know what you're talking about So I think that you know the biggest problem I have with this is yeah 30% commission fee is huge some restaurants might be like well still worth it in the end if we get more business this way But I would guess that most restaurants have no idea that this is going on and so that's why it seems so shady Yeah, my guess and again I'm just guessing here is that the restaurants sign up for this and they say look It's gonna be a 30% commission on referred phone numbers, but that's coming out of grubhub's own marketing And so it'll be worth it because we'll refer a customer to you by phone and then they're more likely to eat in They'll eat there more, you know more often and that's why we have this higher percentage because a referral to the grubhub Delivery app is only 3% right? However, if grubhub is going and populating a bunch of fake websites, which they do and they're populating Yelp Which they do suddenly that restaurant's gonna get a lot more phone calls Then they would have thought because when I'm a restaurateur agreeing to this I think oh so they're gonna go find some people that I wouldn't normally reach well Yelp reviews are a place Where you normally reach people and so this I don't know if you could make a legal case But it's definitely Changing the premise under which you made the original agreement Grubhub definitely argues that it is because of their marketing efforts that a lot of these companies have seen an increase in Sales and perhaps that is true But I'm kind of in the same boat where I have always used Yelp and now I use Google Maps Like I have never even gone to any of the grubhub platforms So if I didn't know that this was happening and I found out that restaurants were being charged a fee because of grubhub Then I would feel bad as a customer and I would do more due diligence to call them directly as opposed to using some kind of marketing number Not to mention they're recorded to Part of this is that when you're looking at Yelp you assume. Oh, that's their phone number because that's what you see And you assume when you tap that number it'll dial that number not some other number I think that's where this really breaks down and it's really creepy too that in in the article They explained that grubhub does record these phone calls and they do censor personal information However, they have had a slip-up according to one of the restaurantiers in the article that we read And this allows for restaurants to dispute the charges Grubhub did change that they changed it from up to 60 days that you can dispute it to up to 120 days So for restaurant C's that somebody called and they didn't actually make an order But they were still charged by grubhub for that phone call then they can dispute that charge, which is good Yeah, what a hassle and how How are they gonna have the time to do that? I mean if you're working at a restaurant Especially as an owner you don't have time to sit down and go through every single charge. It's way too much work Yeah, I mean it's a hassle for the restaurants It's a hassle for us to be like wait if I tap this number on yelp Is it really gonna dial that number or am I gonna go through some recording thing and they're they're they're letting you know right up front That the call is being recorded. They're not doing that on the sly But you might not have expected that when you tap that number and you're also not going to have the real number in your call Log now it's it's bad UI. It may not be illegal, but it's bad UI. Yeah, that's that's well It's probably gonna be more to the story soon enough. Good on you grubhub IBM's X-Force iris incident response team that published research showing cyber attacks designed to cause Industrial damage have doubled in the past six months with 50% of the attacks targeting Manufacturing majority of cases take place in Europe the Middle East and the US the attacks may include locking systems crashing PCs rendering services inoperable and deleting files infection vectors include fishing emails and credential theft and Watering whole accidents and third-party compromises recovery time for enterprises can range from one to two months in a related report Microsoft's threat intelligence center said that a Russian group called strontium also known as a PT 28 or Fancy bear is targeting IOT devices in order to breach corporate networks as well more coming from Microsoft on that at Black Hat later this week Yeah, if you're wondering what a watering hole attack is that's where The the attacker figures out like oh all the people at Ray the on Go and visit this pub website because it's near their their Workplace and they all go there for happy hour and they want to see what the drink specials are And so you go and you attack the pub website and infect it and then that gets the malware on the people at Ray the on Computers because they're all visiting that that's it's that kind of thing But yeah, this is and we hear all the time about credential attacks Rather information attacks where they're trying to get information But we're seeing a huge rise in these more serious attacks These are like Stuxnet where the malware isn't trying to steal information the malware is trying to get on to Machine software and make the machine's malfunction in a way that damages them could be computers The simplest version is locking up the computers that you no longer can use it because it's it's encrypted and there's it's not even ransomware The you know it becomes hard to use because it's been locked up But but it could be in scota systems. It could be in all kinds of things and this isn't even just like locking up computers Which is definitely a physical damaging attack Especially if it ends up like burning out components or something but it can also cause a life-threatening issues with these Industrial systems and businesses because if you're working there and for example if a some kind of safety Infrastructure is taken down by this machinery or by this malware then something else might occur that ends up You know causing a fire or something like that in an industry So it's really really scary and I have seen this trend not personally but just working with threat wire stories I have been seeing a trend of hearing about these stories almost every single day And it's very very tough to read them because it is dangerous and it affects everybody Not just the people that work there But like if you go through if you have stoplights on your way to work like that could be something that causes Infrastructure failure for you like it it it affects everyone. Yeah, we're in a hospital Certainly has the potential to yeah, and yeah, I these are targeting targeting manufacturing because they tend to be advanced persistent threats They they tend to be state sponsored So it's a question of trying to damage an opponent in a negotiation whether that's a country Whether it's corporate espionage or something like that, but we're not talking about script kiddies We're certainly not even talking about organized crime That that's trying to get credentials that they can go and use to to run up credit card bills Uh, these these are much more serious and much more sophisticated types of attacks. Yeah the US department of justice Has accused a 34 year old Pakistani man named Muhammad Fahd with paying more than one million dollars in bribes between April 2012 and september 2017 to several AT&T employees in order to illegally unlock AT&T phones So not each of them got a million dollars. It was a million dollars total in bribes spread out Over the five years spread out over many employees at first AT&T employees were given lists of ime i numbers Uh to unlock But then eventually those employees either left or got fired And after all but one of the bribed contacts were fired Fahd got a contact to install malware at the Bethel Washington call center That let him unlock phones remotely himself Fahd also got employees to install rogue wireless access points in the call center when the malware started to become hard to control Fahd used the unlocking scheme to charge customers who wanted to unlock their phones and leave AT&T before the contract allowed Or if the phone was not allowed to be unlocked So they would go around and sell these unlocking services to to folks who wanted to leave AT&T Three AT&T insiders have pleaded guilty to taking the money Fahd himself has been arrested in hong kong in february of 2018 And was extradited to the united states just a few days ago on august 2nd Well, I've wanted to get out of an AT&T contract in the past so I kind of get what's going on here and My first reaction was like wow one million dollars. That's a lot of money But but if he's getting incremental money from however many customers really are actually looking for the service and figuring out who can be bribed over at AT&T then Then it's not really that much money that Make a million dollar million dollars in bribes worth it, right? So it must be pretty lucrative Also the fact that the AT&T employees were apparently contacted either by phone Um got their phone number or facebook messages I just think I cannot imagine anyone calling me and being like all right. Hear me out This is my idea and i'm going to give you some money. Can I bribe you you'd be like what bye? What's going on here? It's it's uh, it must have been a very convincing operation Yeah, it must have been i'm sure you didn't didn't start by saying hey, can I bribe you? But yeah You know what I mean Yeah, getting cold cold. We're something like that when when you're working at a call center for AT&T Is uh, is it is an interesting one but but Shannon you were gonna say Uh as somebody who's a big fan of like fixing everything yourself and having the ability to you know Just do at home fixes and jailbreaking and stuff. I feel like we need to make jailbreaking a lot more accessible So people aren't paying Somebody randomly so that they can get out of their contracts. They can do it themselves This is yeah, it is. I mean there there is no doubt that this man broke the law and uh, and and I'm not Excuseing what he did But it does show the lengths that people were willing to go In order to control the device that they bought Right, I mean, uh, and and in some cases maybe they hadn't fully paid it off Maybe there's some fraud involved where they they like Stole the phone from AT&T before they had finished paying off their contract Especially in the days when you didn't buy the phone you got the phone free as long as you were on the contract for two years I'm sure that was part of this but probably not all of it Wonder I would if you have to unlock iMEI codes one by one because that sounds like painstaking work Yeah, I think the amount of phone you can just run a script That was the whole point of the malware is that he was able to just punch him in and do him really fast sure Well, moving on uber and lyft released a joint analysis of the effect of TNCs or transportation network companies on urban traffic Transportation consultancy fair and peers led the study in boston chicago la san francisco seattle and Washington dc uber and lyft account for 1 to 3 percent of vehicle miles traveled in the wider metropolitan regions But in san francisco county uber and lyft make up for 13.4 percent What was found in a 2016 study by the county in central boston 8 percent in washington dc was 7.2 percent la seattle and chicago were all lower than that also of note on average in all six cities 54 to 62 percent of miles were done with a passenger and by the way they didn't make any mention of whether The non-tnc traffic had declined which i assume uber and lyft would have been touting that quite a bit So it is it is certainly reasonable to assume that all of this extra traffic, especially in the city centers is increasing congestion and therefore The promise of uber and lyft that like you won't even need to own a car and the roads will be more navigable because of us Is not working that way, especially when almost half of the traffic isn't even carrying a passenger It's just drivers riding around waiting for the next Rider although we're still in the first decade of all of this, right? So this is something that you know, maybe I won't have a car in another five years I still feel like I need it now because I I haven't it hasn't really been proven to me that it's going to work with My lifestyle, but I think that people are becoming more comfortable with that concept than they were When when when uber launched there's an ideal version of this system where all the cars are autonomous And they just sit in a parked spot when they're not being used And an algorithm is is reallocating them to places where they anticipate high demands So the wait times are short where few people own cars And therefore it could reduce congestion There's a lot of what ifs and and when when they happens in what I just said and that's just not the way it is right now Even with places with public transit like san francisco, for example with the bay area rapid transit the bart I find myself personally if I have the option between bart or uber and lift I'm going to take uber or lift because one it feels safer and two I feel like I'll get there much faster without less as many delays That's funny because here in los angeles. I often take a lift to the train station Because the train station is going to be much faster than being in a car because our roads are just already that much more congested rush hour is a different different story Forbes reports that at black hat apple will announce an invite only bug bounty program for mac os Along with a plan to give security researchers in its ios bug bounty program special iphone The research phones may be less locked down than a consumer version But not as open as an apple employee version in order to let researchers better inspect the os or specific components Such as memory to find vulnerabilities This is interesting Because I was telling shannon before the show there there have been some studies showing that private invite only bug bounty programs are sometimes found to be a little more effective Because the company doesn't have to spend as much time chasing down bug reports that don't go anywhere When when it's open for everyone You do end up Valid you're validating a smaller percentage of the bug reports as actual bugs, right? Because people will report a duplicate bug or or they think they found a bug and it's not or something that's already being fixed Whereas the invite only programs tend to have a higher level of researchers involved in them And therefore each each bug report is more valuable on its own It is good to hear that apple might be Starting a bug bounty program for mac os even if it is invite only shannon What do you make of this idea of giving the researchers because it's invite only giving them a less locked down version of the iphone? Uh, I think it's actually kind of cool I think it's a really nice way to get people interested in being in the invite only bug bounty program And i'm sure over time they'll probably release how many researchers are allowed to be a part of that program as well And I also found it it was very interesting to know that it was invite only I didn't know about the public versus invite only Differences that you would see with bug bounty programs as you know given that i'm very much an advocate for open source I'm afraid of like the bug crowd people who who basically like give you a huge list of Companies that do public bug bounty programs I've always been very much attuned to the idea of community efforts to find these bugs But if you're just one researcher off on your own and you're trying to find something It totally makes sense that they would have duplicates getting entered and things like that that would in turn Uh, give them a lot more labor that they would have to put into a program like this So I think it's exciting. I'm glad that they are incentivizing people by giving them the free phones That's a really really smart idea. Uh, and it's cool overall Yeah, I mean at the downside of course is like you say, uh, there are people who might find a legitimate bug And not be able to report it because they haven't been invited in because they're they're a newer system So you you lose that open advantage there, uh, when you don't do it that way, but um, yeah I'll be interesting to see what what's going on with these actual iPhones once they're announced Uh, and and and we start to see some researchers talking about if they can talk about, uh What's different about them Folks, if you want to get all the tech headlines each day in about five minutes Be sure to subscribe to daily tech headlines.com Google is promising to include recycled materials in all hardware by 2022 Now that doesn't mean all of their hardware will be made of recycled material 100 by 2022 But in the next couple of years, google wants to make sure that every piece of hardware they make at least has some Recycled material and they promise to maximize that as much as possible. Although that's left a little nebulous That includes pixel phones pixel books google home speakers nest Phone cases charging stands all that kind of stuff google does already use recycled plastic in the chromecast And there's a lot of details about them Going to a length great lengths to use plastic bottles to help create some of the fabric that's on your google home Or in some of the cases Google also announced they want to be 100 carbon neutral in shipping by 2020 That could involve uh purchasing credits, but it could also involve shipping to cargo instead of air air carriers where possible And this is google just announcing this today samsung has already pledged to use sustainable material in its product packaging Apple has an initiative to use recycled material in its product. So google is not the only company doing this But it's the most recent one to announce something Yay, good job google. Although I do have a lot of questions when it comes to this story For example, they say that you know by 2022 all the made by google products will include recycled materials But they don't say how much of those products will increase One percent of the product exactly you can sort of say that without doing a whole lot We maximized it and he maximized it at 1% I have seen a lot of stories about businesses Especially this past couple of years that are working towards getting more sustainable Which is wonderful and I praise the companies for doing so much work to do that But I see so many companies also coming out and saying oh, but we can only use you know 10 percent Recycled products in this in this in this uh new device that we are coming out with or whatever it might be So knowing that number is very important to me Now it does make sense from a business mindset why you can't replace the entire product with recycled materials You have to test the durability you have to test the safety There's there's a whole list of specifications that they have to go through for the manufacturing process in order to make sure that it is You know That's even something that they could feasibly do and if it's something that they could actually afford because it will end up being More expensive in the long term for those recycled materials But from a consumer standpoint personally I would love to see it. I would love to see more companies doing this kind of thing But I feel like it's just going to take a long time And potentially the the more companies that do it The the more scale you reach in recycling and that could bring some of the cost of those parts down I would also like to see companies committing to more like like samsung did with their product packaging more sustainable Creation of products so products that don't use as much Of material recycled or not From the beginning so that so that they are they're more efficiently produced this This is that's all good for all of us because it reduces the use of materials in the first place and it reduces the cost of making them Google's been on the sustainable kick for for a few years now. Um it back in 2016 It sort of touted that six of its data centers Had diverted 100% of waste from landfills and you say well, I mean, okay 100% really of of waste from a data center A lot of it has to do with reusing Certain components of what's inside a data center in certain ways more power efficiency They they noted in this blog post about About this that at one of the data centers these kind of high tech trash compactors had, you know um Lessened the need for as much genitorial work and made it easier for the people who are picking up the trash to Come at the right times and the exact weight management and a lot of stuff that I hadn't really thought about before So, you know, you can kind of say well, it's a big company. Some of this is lip service And that might be true, but a lot of this does point to google really carrying and moving in the right direction Yeah, I think you're right. I mean I I don't want to dam with faint praise. Uh, it's it's a good move First of all, it's it's more efficient to use recycled products Then then it is to to always be having to scavenge new products in as a principle anyway Sometimes that's not true in practice, but but generally speaking It's it's better to reuse and recycle things than it is to have to go out and acquire new things, especially Uh situations like rare earth minerals, which may or may not be what we're talking about here But you know, those are those are harder to acquire and if we could come up with a better way to reuse and recycle those then That would be a great help. So I I appreciate the step towards this. I appreciate the rhetoric toward this I I don't I don't want to come off as unappreciative, but like say Shannon. There's lots of questions there I have so many questions It's it's all in the it's all in the how you do it and what those percentages end up being and I Actually do believe that google will be fairly transparent about that and there's plenty of people to audit what they say and see if they really are doing that Yeah, I also think that you know, would people go like, wow recycle plastic And you think of like a garbage bin filled with plastic bottles How's that going to be part of a cool speaker that I want to buy you'd be surprised how how that how the stuff can can look Very much not like an old plastic bottle on the other side. Look at the google home cloth There's Make shoes out of recycled plastic The onus the onus is definitely on the consumers as well Not as much as it is on businesses to change their the the way that they manufacture the products, but um as consumers We definitely need to consider Recycled products may not be as beautiful as something that is completely not recycled But it's definitely a lot better for the environment. So it's something that we should Definitely purchase if that option is available and apply pressure on companies to follow through absolutely and change your standard of beauty Yeah Recycled people are pretty too Thanks to everybody who participates in our sub reddit if you're recycled or not We love y'all submit stories and vote on them at daily tech news show reddit.com join our facebook group as well facebook.com Slash groups slash daily tech news show All right, let's check in with the amateur traveler chris christensen who's got some potential good news For those people, you know who you are who don't like sitting in the middle seat on a plane This is chris christensen from amateur traveler with another tech in travel minute I don't know if you have done a long flight stuck in the middle seat I have had that experience on more than one occasion There is a new design to try and make a middle seat a better place to be and this is an interesting use of Design and what they're doing is they're making the middle seat a little further back and a little further down Little lower than the seats on either side And they're also changing the armrest to have sort of two levels So that you can have part of your elbows on one armrest and yet the person to either side of you Has a different portion of the same armrest Will it make the middle seat a great place to sit probably not Can good design make it a better experience? I think maybe it can I'm chris christensen from amateur traveler Yeah, I'm I'm I'm very skeptical about this one. I've I've I watched this are this get covered when it rolled out and I I wonder what the unintended consequences of it are right because yeah, uh reclining seats sounded great Probably the first time they decided until everybody's sitting behind the person reclining started complaining about how this person is reclining right into their face So I wonder if there's something with this new middle seat design like that, but I don't know it sounds sounds cool Anything's better than the middle seat as it is now. So I welcome some innovation All right, let's check out the mailbag. Let's do it and wrote in and hosts a knitting podcast And we happened to talk about knitting on the show yesterday and's podcast is called I thought I knew how which is a great name and she's waning on on our story yesterday about inverse knit and cad knit Ann says it is true that you can't copyright the procedure involved in making a knitted item The copyright on a pattern only applies to the actual pattern Meaning you can't email it to a friend or a photocopy it Ann goes on to say some companies have been doing this for years though And then she says my concern overall is that if people can take a pattern from a photo and have a machine then make it for them Then it'll dissuade new designers for me even bothering to try to get into the business And our overall variety of patterns and the richness of the designs will diminish overall And also notes that as long as the inverse knit can only work in acrylic with acrylic Yarn it will really only produce items at the fast fashion clothing level Wool cotton and linen all have special properties and qualities that people are willing to pay for to match their preference for needs Yeah, and they they are working on doing wool and cotton and other other fabrics But but even even then I think Ann's right that sometimes just having something that's hand knit Uh, even if even if there's eventually no other difference people are going to like that idea Uh, and I think hand knit will will always have a certain place for some people just just like, you know Locally grown artisan cheeses and stuff like that Uh as to the the copyright thing though, Ann you're you're reflecting what the music industry says Which is if we don't protect these these copyrights. No one will make music I tend to think that fear is overblown and I think it's probably would be overblown and knitting A lot of people create knitting patterns because they want to uh because it's fun And not because they expect to get rich on it. So I I think Yes at a certain point if it's too easy to to copy it it might reduce the overall pattern But maybe not as much as we fear, uh, I think we underestimate how much people do things Because they enjoy doing it and how in this world where we can all share more than ever How how rich that can be but that doesn't undermine Ann's concern It's it's still a fair concern of like, but are we going to get to a point where it becomes too easy to copy? Well, thanks for listening Ann and we will check out your podcast as well Also, thanks to Shannon Morse for being with us a couple weeks in a row now three even Thanks for being here and let folks know how they can keep up with the rest of your work Thank you. It's super exciting as usual patreon.com slash threat wire That's what i'm going to ping everybody to today If you sign up I have a special offer happening right now for the next five days You will get a personalized video sent to you at any tier level. So just sign up over at my patreon page And btdubs if you are going to duff con this weekend. I'm having a meet up It's happening in las vegas at beer park, which is right in front of the paris casino august 9th 9 p.m Really easy to memorize. So if you go you'll get to hang out with us the hack five crew So i'm very excited to see everybody And don't forget folks, uh, we are funded by you you you are our main source of funding You're our bosses. You are who we are answering to we're not answering to anyone else But the people who support us at patreon.com and to thank you We do all kinds of things when you become a member Including today if you were wondering what's been going on with dragon blood and wpa 3 and wi-fi That story's still going on and shannon covered it in a threat wire cross post Available to patrons at patreon.com slash dtns We love getting your feedback our email addresses feedback at daily tech news show dot com If you can join us live we're live money through friday 4 30 p.m. Eastern. That's 2030 utc find out more at daily tech news show dot com slash live Back tomorrow with scott johnson talk to you then This show is part of the frog pants network Get more at frog pants dot com Simon club hopes you have enjoyed this program