 This 10th year of Daily Tech News show is made possible by its listeners, thanks to all of you, including Jeffery Zilx, Kriya Ardham, Tony Glass, and one of our top lifetime supporters, Alan Stearns. On this episode of DTNS, the EU officially names the gatekeeper companies under the DMA. Google starts testing playables in YouTube, and remember that last pass breach? Cause crypto hackers sure do. This is the Daily Tech News for Wednesday, September 6, 2023, in lovely Cleveland, Ohio. I'm Rich Strafilino. And from the middle of the state of Ohio, I'm Rob Dunwood from Columbus. Scott Johnson here from Salt Lake City. And from some remote locations, Southern California on the shows producer, Roger Chang. Real quick here, yesterday, Tuesday, September 5th, Google came to a tentative agreement to settle a class action lawsuit alleging the US Google Play Store violated US federal antitrust rules. Details of the settlement, not disclosed, we don't know the details, and it's still subject to approval by the court. Enough with that, let's get on with the rest of the quick hits. According to Mozilla's Privacy Not Included project, every major car brand that Mozilla tested, and there are 25 of them, failed to adhere to the most basic privacy and security standards in new internet connected models. BMW, Ford, Toyota, Tesla, and Subaru all collect data about race, weight, and health information. Nissan, the worst offender, even collects information about sexual activity and genetic data, that is so nasty. What's worse is Mozilla could not determine if collected data is encrypted and many brands engage in privacy washing, a practice making customers think they don't have to worry about privacy issues when the opposite is actually true. Wow, it's ironic that Nissan Leaf barely covers you if you know what I'm saying. According to documents filed by ARM ahead of its initial public offering, the company signed a new deal with Apple to provide access to chip technology that extends beyond 20 to 40, is the quote. This agreement was mentioned in ARM's previous IPO filings, indicating it was signed in the last three weeks. Apple was among a number of large technology companies that, well, on Tuesday invested $735 million in ARM's initial public offering. The register reports that Google began expanding user rollout for Chrome's new Enhanced Add Privacy, which will eventually replace third-party cookies. Pop-ups announcing topics API started appearing to some users all the way back in July with Chrome 115. Of course, the topics API allows for personalized ads based on anonymized browser history directly. It's not sending out any third-party cookies. It's talking directly to the browser to get topics of interest to serve ads. Users can opt out of using the topics API in Chrome settings. Google, this is all relevant because Google plans to drop support for third-party cookies next year. Oh, the Pixel 8 Pro. Is there nothing you can't leak? Google temporarily added the still unannounced device to its 360-degree simulator, confirming a number of features. There's a physical SIM slot, a new temperature sensor, and three color waves, blue, porcelain, and black. Google has a launch event scheduled for October 4th, presumably to announce the Pixel 8, among other things. Moving over to Apple, Apple made more forays into the classical music market. This is how they did it. They acquired a 50-year-old Swedish classic label, this, or VIS. This is a big deal in the classical music world, bringing over VIS's extensive catalog with founder Robert Von Barr now working in the Apple Music Classical Division. Von Barr said he was drawn to Apple and their belief in, quote, preserving audio quality, unquote, as well as expanding recording to support tech-like spatial audio. All right, well, remember last year's LastPass breach? I mean, who can forget where they were when they heard about it? You know what happened, more than 25 million users. Had their password vault stolen? Good times were had by all. Well, the founder of the popular software cryptocurrency while at MetaMask, Taylor Monahan, is definitely marking that on his calendar, for sure. Well, and a report to Krebs on security, Monahan, along with other researchers, have identified a pattern among recent strings of crypto thefts affecting more than 150 people and with a loss of at least $35 million in crypto. According to tweets from Monahan, all of the victims that you'd LastPass to store their, quote, seed phase or phrase, rather, unquote, the private key that you need that to unlock your cryptocurrency. Krebs believes this points to the thieves using stolen LastPass data to access the crypto wallets. Both Krebs and Monahan strongly suggest anyone affected by the LastPass breach rather change their master passwords and enable multi-factor authentication, not tomorrow, not today, immediately. So, Rob, is this change how you think about that breach or about LastPass style services in general? It doesn't change how I think about it because it sucked. It was horrible. LastPass didn't handle it well and they handled it poorly. But here's the thing with this. Folks who are losing crypto on this is not because something new is happening with LastPass. We need to be careful of that. This is because of the breach that has already happened. And it would have been a lot of work, but one of the ways this could have been mitigated is if folks would have gone into their wallets, basically created new ones, moved their stuff over, and then re-encrypt that stuff and get basically new pass raises because you're just never sure. So what's happening now is it looks like, potentially, these hackers are actually cracking these keys, which no one thought was gonna happen. But like I said, this isn't really a new thing. It's just a thing that was just horrible when it happened with LastPass back in the day. And I think this kind of points to a trend. We've definitely seen this in the enterprise over the last couple of years, but I think we need to start bringing more of a consumer awareness to this. And I say this knowing that we're just convincing people to really seriously lose password managers and stuff like this certainly doesn't help. But the whole idea of instead of erecting a giant wall and saying, okay, you can't get past this wall. If you ever get past this wall, everything's SOL and you just lose everything. We really have to be thinking about how these kind of systems can fail gracefully. And certainly LastPass did not. I mean, some of the details of this breach, again, these are not new disclosures to this particular thing, but the fact that they weren't kind of re-encrypting their passwords kind of regularly that older accounts had really weak re-encryption on these master passwords so that if they were to leak in this situation, some of those could be very trivially brute force in a lot of instances. So but this idea that we can't just say, okay, I'm gonna have this one place that's gonna store all of these unique passwords, that is still good to do. But if those get out, then all the keys to my kingdom are gone and we're starting to see things like MFA, like pass keys and stuff like that, that tend to allow things to move more gracefully. I do wonder though, if we're going to start seeing, I don't know more of an emphasis on like consumer identity management, not just, hey, there was a weird login, but we're gonna be seeing more, there was some weird behavior, we kind of in your usual stuff here. I know that kind of goes beyond the purview of this, but that's what this whole story got me thinking of. Yeah, I just, when this happened and this is no, I mean no disrespect to anyone who lost any data in this breach, this particular breach, but in some ways I'm grateful that a gnarly one happened. I'm a little extra grateful that I wasn't using LastPass at the time, but what I mean by all this is, this is a good wake up call. I think a lot of people saw this magic bullet of password protection and integrating things like two factor and all these other features into a service like this as our final destination. We've done it everybody. We're all secure now, you use this and you're good. I think this was a good wake up call. I'd rather not happen at all, but since it did, it can serve as a great wake up call to everyone to realize that as important as it is to do all of these steps to protect your data, to protect your passwords and your access. It's also a good time to remember that even the layer just above you, your password manager, whether it be LastPass or OnePassword or whoever you're using, they could fail as Rich said gracefully. And if they do, what are you doing to be prepared for it? I mean, we even know that Krebs himself doesn't even use a password manager. It breaks us down and keeps it secure in some box or something. Yeah, that wasn't a surprising thing. Reading is right above this. But yeah, and also I want to give, I don't want to give credit to LastPass, but if people had followed, most people had followed LastPass's it remediation advice when this came out, change your master passwords, change your passwords on your most sensitive accounts, even if they had cracked your password, the seed phrases on the crypto stuff I don't want to speak to, but for most of your other password you would have been relatively protected from this breach. So, you know, a lot of this is, hey, we just assumed this is secure, I'm not going to touch it, right? Right. So guys, there's some big news out of Europe. The European Commission has officially confirmed that the list of tech companies which are considered gatekeepers and their services which are subject to the Digital Markets Act or DCM, or excuse me, the DMA restrictions. And it looks like the argument we talked about on Tuesday show that Apple and Microsoft did stating that iMessage in being weren't big or powerful enough to make the list work, at least temporarily. Yeah, there are 22 core platform services provided by companies that received gatekeeper status. Now, this includes things like social networks. You may have heard of this one, TikTok, Facebook, Instagram, and LinkedIn notably, messaging services, WhatsApp and Facebook messengers, operating system, it's the big three, Android, iOS and Windows, as well as web browsers, Chrome and Safari. And even though iMessage in being didn't make the initial cut, the EC says it's opening an investigation to see if these platforms meet the threshold and say an investigation will be completed within five months. So Scott, I want to get your take on this. What do you think about the operating systems that these things live on being under scrutiny but the actual services themselves not being? Well, the scrutiny, first of all, the scrutiny makes sense to me given the history that this part of the world has with regulation. I think this is all kind of part, it would make sense for me if you said Windows and if you said Mac OS and you said Android and you said iOS, these are sensible choices. They are in fact the definition of a gatekeeping company when they own the operating system and you're doing everything else on. However, it makes sense to me also that you wouldn't include iMessage or Bing because neither are dominant in their areas. Bing's making inroads, I suppose, and they have their fans, but Bing is still no Google, none of the alternate search engines are Google. So I don't know that they should be held at those same standards, same thing goes for iMessage, which compared to WhatsApp and a handful of other international apps where people communicate, they're very small on the list. More people are using alternate apps on iOS than are using iMessage for their main messaging app. So I think that's fair that they're doing that. The one thing missing from this, and Rich can probably speak to this better than I can, but the big thing missing from this is cloud, Azure in particular on the Microsoft side, and that's just getting started. Like the business end, obviously 365 other sort of things that feel like gateways or gatekeeping to me are kind of glossed over here a little bit. And this is where not just with Bing, this is a Microsoft knows the old magic. They have been here before, they are the seasoned hand when it comes to antitrust regulation, and they have been ahead of this game from the very start. Not a coincidence that we saw like teams unbuttoned from Microsoft 365. I'm not necessarily in the wake of the DMA specifically, but it certainly is a part of their longstanding habit of keeping ahead of this regulation. They don't wanna get drawn in to all of this stuff. But yeah, Scott to your point, productivity apps where Microsoft and Google workspace are the two giants in that space. Cloud is more corporate, these are more focused on consumer services, but that is, if you look at where Microsoft makes all of its money, right? It's cloud, it's services, it's office, Windows is like fourth place now at this point, probably up there with gaming or something like that with them. So the fact that I think they're more than happy to have Windows on this list because they've already, hey, you can run your Android apps already on here. Apple, you wanna let us run iOS apps. We would love to be as multi-platform, hey, this is the new fuzzy Microsoft, give on to Kosacea, a big tug. I mean, when I look at this list, I see of all of the companies that have like earnings potentially disrupted by this, maybe Amazon only because advertising and the actual e-commerce stuff doesn't account for a ton of their profit, it's all AWS. But Microsoft is the least impacted out of all of these. And I think it speaks to their savvy and they've been here before. Even if Microsoft, if the EU comes back and says, nope, Microsoft, we gotta ding you because of being, they're still the least affected because no one's really using being right now. But here's the thing, I can see this happening. I can see them coming back with revisions to these rules and regulations that would put companies like Microsoft cloud, Google cloud, Amazon's cloud, all the companies that are doing big cloud things under the purview of this, because right now, when you look at how they're calculating this, there simply just aren't enough users. And when you think about, let's say the federal government is considered one entity, well, it's not, but let's just say that the federal government is one entity and they buy Office 365. Well, that's just one customer. Even though they have a lot of end users, they're just one customer. With these rules are generally looking at are the consumers on the back end of it? So I think they have to just re-look at how they're actually gonna go after these bigger companies if they determined them to be problematic like they are saying with the Facebooks and the Facebook messengers and the TikToks of the world. Yeah, to me, this is clear that this is aimed at consumer protection. At least that's the idea and the goal. And I think you're 100% right about all of that. Cloud will very quickly become more consumer oriented. And I say quickly, I'd say, let's say the next five years. And I think it's likely that this will be fluid enough that they will start to add aspects of that to that. Well, they'd be broad strokes like, sorry, AWS and Azure, you're on the list or whatever. I don't know, but there's a very good chance that this comes up in this same conversation down the road, probably on this very show somewhere down the road. And it will involve cloud because if anything, this feels a little bit ignorant of cloud, but also I think you've made a really good point. Cloud is a little nebulous in terms of how many people are using it, how many people are even aware they're using it half the time. So yeah, I would keep my eye on that probably. The thing I can't wait for is to see how Clujie Apple finds a way to comply with this law given how they've reacted to right to repair and their ridiculous repair kits that they'll mail to you in these giant Pelican cases and stuff like that. I can't wait to see the Clujie's and the hoops that you'll have to jump through for them to comply with interoperability with the App Store and stuff like that. It's gonna be good, boy. Yeah. All right, well, in this season of Know a Little More, remember, you gotta check it out. Tom breaks down a pivotal moment in tech history, the mother of all demos. How many technologies we use today? We're introduced back in 1968, and he looks at why it took over a decade for them to go mainstream all this season on Know a Little More. And check out the Patreon page at patreon.com slash know a little more. All those stadiums shut down at the beginning of the year, boo. I hated that. Google's gaming ambitions have not. Nine to five Google reported starting Tuesday September 5th as yesterday, YouTube is publicly testing a new feature called Playables starting with a limited number of users. Google describes Playables as gains that can be played both on desktop and mobile devices. All right, so those who are part of this experiment, you know who you probably are at this point, my guess is some influencer types, quote unquote. We'll see a selection called Playables, and this'll be right along the side, your YouTube home feed. So it won't be hard to find nine to five Google ads that Playables as part of YouTube's broader push into expanding its gamer targeted offerings, which already include game live streams and the like. The one part they make very unclear here so far anyway, very limited information is what are these games? Are these compiled games? Are these video games like real video games? And I don't mean that in a pejorative. I mean, just mean is it just HTML5 web code? Is it something else that'll run well on phones? HTML5 would run great on a browser or the YouTube player on mobile. So that's not too crazy of a stretch, but I don't think this is triple A conversions of Fallout 4 and large game release type material. I'm guessing these are gonna be smaller, simpler, maybe puzzle oriented, maybe some sort of Candy Crush kind of business, some sort of stuff like that before it's anything else. At least that's my hot take on it. Well, and they have to be careful because if they start, if it's Candy Crush, right, and the game is microtransactions, that changes the entire game when it comes to going through the app store and stuff like that, right? Like they can get away with this because, well, YouTube's free, so these games are free. So you get into that whole Netflix situation where they can include games with their subscription, but you can't access those, at least on iOS, through the main Netflix app, right? It's through these associated apps that you log in and stuff like that. So there is a whole world there to keep in mind as well. I mean, Scott, to your question, given what YouTube is, I would imagine these would be streaming only because that's just what YouTube is, although I don't think Google necessarily hues to any kind of YouTube ideology, right? I'm sure they will throw as much spaghetti into the wall in this as well. And that is the other side of this coin that's possible. They, you know, the Stadia technology, technology behind Stadia is certainly still alive and well and being used in other ways, along with being, you know, sold off third party or, you know, licensed off third party for others to use. So it isn't like, you know, it would be crazy to see them do, you know, stream some games, but then I have questions about, are they buying it on the website? Are these part of your YouTube? Maybe your YouTube subscription, YouTube premium, and you have access to a few of these or something. And in that case, if it is streaming games, then you do have a much wider possibility here. You could do all sorts of triple A, middleware and indie games, make exclusive deals, whatever. That's all entirely possible. I think the only mistake I would watch out for if I was Google is don't make this hard for your core gamers to play. In other words, they're used to being able to play a Steam game on Steam. If you gave them, like GeForce now does, gave them an ability to play some of their existing library on the go somewhere, well, then maybe you're on to something and you could be an alternative, maybe even a great alternative. But that's kind of what's, you know, that's kind of what the original thing was supposed to be, Stadia was supposed to be that, that very thing. So I don't know, they confuse me over there. I think this is a low stakes potential learn something experience. They're not gonna spend billions of dollars on this and lose their shirt. They're gonna experiment and then we're gonna see if it works. Well, Rob, you're the aggrieved Stadia member. I'm curious what your thought is outside of the service feeling about that, the tech stacks there, right? Yeah, just talking about this upsets me, but here's what I think is gonna happen. To your point, Scott, all the Stadia stuff is there. They already know how to do it. They were already doing it relatively well and Google is not, you know, they're not in a closet. They see that streaming games is kind of where things are going. So I believe what they're doing with this is that we're gonna give you Stadia without actually giving you a, you know, a controller that you've gotta buy. You just run this on your computer. You run it on your Chromebook. You run it on your phone, whatever the case is. And, you know, maybe you go buy a third party peripheral if you wanna actually have a controller for it. But I just think that they're gonna give you Stadia-like technology, but it's just gonna be delivered right to the screen that you already have without having to have a controller from Google. Not just the screen, the app that you already have. Because this is a major shift now. We've seen with Shorts first and now these Playables, we've seen YouTube in the last five years thinking the YouTube brand is enough to get people in. YouTube music, YouTube TV, separate apps, same brand. And now they're seeing, wait a minute, Shorts, we claim we have like a hundred billion views every 50 seconds or something like that. Every earnings report, they say they have these insane viewing numbers because it's in the app where you're spending your time already. And I think that's the key shift that we're seeing with Google, with YouTube is let's add on to the app. You're already in this app to look up how to fix your dishwasher or something like that. Let's give you five minutes to play a casual game or something like that. And then you can watch a couple of Shorts and flick through there. And all that while we'll figure out how to deliver ads and monetize that. I think it's a major shift for YouTube that we'll probably see a little bit more of. Yeah, very curious about it when it lands. So I guess if anyone out there is listening and you guys end up getting access, let Tom and the crew know because I would be very curious what these games look like when they happen. Absolutely. All right, well, remember that song that used AI-generated vocals mimicking Drake in the weekend? That's right, Heart on My Sleeve. It got over 15 million views on TikTok. Well, Ghostwriter, the artist that wrote the lyrics, submitted the track for the Grammy Awards for consideration for best rap song and Song of the Year. They may be saying, okay, they submitted it, but that doesn't mean the Academy has to take it. Well, the Academy seems fine with the song being submitted in the songwriting categories. We have Academy CEO Harvey Mason Jr. saying, as far as the creative side, it's absolutely eligible because it was written by a human. The last roadblock, though, this is interesting, might be the Grammy's requirements for the song to have, quote, general distribution. And that's because Universal Music Group filed a copyright claim to have the song taken off streaming services. So right now, kind of hard to get and that might disqualify it for the Grammys. We shall see, but, you know, Rob, how we feel and get some AI vocals taken over or being submitted for the Grammy consideration. A lot of people are gonna poo poo this, but it's actually smart by the Grammys to do this. The Grammys is basically saying, we wanna let lawyers and judges figure all this stuff out. We have our rules. If you adhere to our rules, you can submit your stuff. You just have to adhere to our rules. Now, all that other stuff that has to go through court that our hands are free of that. So in a way, this is a smart move by them, by not actually putting their thumb on the scale for anything because they really don't know which way this is gonna go. They also don't have to commit to voting for them. So you adhere to their rules, you get them in, and then all the principal voters never have to put one vote toward AI's on. And you can't, that's just the deal. So I think this is kind of brilliant on their part. I think that they were able to look at this for what it is, say, yeah, we got our rules, come on in, you're all good. And they really are under no obligation to vote for them anyway. So they stay out of this mess. It's actually really smart. And I don't usually say that when I talk about the Grammys. So congrats, Grammys, you're smart again or something. Well, something else that's smart is all the people that email into the show. So Rob, let's check out what's in the mail bag. So yeah, so Brian wanted to chime in on a story from this past Friday regarding our comments on Lenovo's Legion Go, its first Windows-powered gaming handle featuring only 16 gigabytes of RAM. He writes, I'm going to have to disagree about the RAM and the Legion Go. 16 gigabytes is still the sweet spot in terms of price and performance for gaming as it meets or exceeds the recommended requirements for most games. Also in a small form factor device like the Legion Go or even the Stream Deck for that matter, space and heat are considerations and are just as important to component costs. I think Brian is correct. 16 gigabytes is plenty for a device like this. There's a reason that most of the other devices that are competing in this space are right around those specs anyway or even considered kind of high-end for having 16. So this isn't really an issue. It's kind of a non-issue. People shouldn't worry about it. We're not buying a fully loaded 4090-pack PC that you want to throw 32 gig or more at just so you can have the best possible gaming experience. You're doing stuff on the go at about 720p on average, on a screen where that looks great and the word isn't good enough. It's actually good for what it is. This is where it should be. So I'm with Brian. Solidarity, Brian. Team 16 gigabytes. That's right. Take it. The group is called double eight. So just... Gotta get that dual channel. Yeah. So thank you to Brian for sending that email in. And you know who else we have to thank? Scott Johnson. Why don't you tell us what you got going on? Well, let me tell you, Rob in Columbus, a town I absolutely love visiting and I'm still annoyed that I didn't know you then so we couldn't hang out. But we'll make up for that in the future. I'm very busy with a lot of stuff, but one of the things I'm most excited to tell people out is I have a show all about gaming. You hear me talk about it here on the show? A lot of times we have articles about game and tech around gaming. Well, we do that in earnest on a show called Core, which airs every Thursday. You can find it at frogpans.com slash core where me and my co-host break down the latest news reviews and everything else around games. So if you want to hear why I think that my game of the year might be Starfield, would you better tune in? Cause apparently that's a controversial statement to check or to say, so check out wherever you get your podcast that's core or you can find us again at frogpans.com slash core. And you know what else we have to thank? Rich Strofolino. Welcome back and thanks for coming in and hosting when Sarah and Tom are both out. So why don't you tell us what you got going on? Yeah, we are keeping busy over at the CISO series. If you haven't checked it out already, we do a show. It's called Cyber Security Headlines. I know me doing a short podcast about headlines very unusual for me. That's our daily show. We focus on cybersecurity. So it's a little bit of a different focus and something like daily tech headlines. We also do a week in review show. Every single Friday we have on a CISO or a VP in like trust and safety and we go over news and get their perspective on it. I love doing that show. It's about 20 minutes. This week we're going to have Village MD CISO Dan Walsh on and then next week, we're going to have interrupt VP of digital trust and ethics, Davi Atenheim, right? So interrupt is a company of great interest to the DTNS audience. So you might want to check that out. It's 3.30 p.m. Eastern. So check out CISOseries.com slash events and then you can pop right over and watch DTNS. You don't have to choose. All right, and remember patrons, you can also stick around for the extended show Good Day Internet. If you're not going to check out those, you can check out Good Day Internet. We're going to be going to talk about other actors and another strike looming. This time is it coming for the video games. Remember you can catch the show live Monday through Friday at 4 p.m. Eastern, 200 UTC and you can find out more at dailytechnewshow.com slash live. It's a website. We'll be back tomorrow with Justin Robert Young. He will see you then. This show is part of the Frog Pants Network. Get more at frogpants.com. I'm in club. Hope you have enjoyed this brover.