 Coming up on DTNS, the latest precautions to secure the Apple Google contact tracing platform, Nintendo fixes a mistake leading to account hijackings and machine learning that can learn the context of what's happening in a room based on sound. This is the Daily Tech News for Friday, April 24th, 2020 in Los Angeles. I'm Tom Merritt. And from Studio Redwood, I'm Sarah Lane. From Studio Colorado, I'm Shannon Morse. Drawing the top tech stories from Dave from Cleveland, Ohio, I'm Len Peralta. And I'm Roger Shane, the show's producer. Man, if you want to get a lot of talk about banana bread and police radios, you got to get good day internet folks. Don't miss that conversation. Good stuff happening over there. Patreon.com slash DTNS. Let's start with a few tech things you should know. It's not every day that Travis Scott gets onto our show, but today's the day. Travis Scott drew 12.3 million concurrent Fortnite players to a 15 minute live virtual performance breaking the record of 10.7 million set by Marshmallow in February of 2019. The number doesn't even count views on YouTube or Twitch. It was a success. The event included a preview of the Scots, which is a new collaboration with Kid Cuddy, and additional live events with Travis Scott are planned in Fortnite all weekend. LG will officially announce its new flagship LG Velvet phone May 7th at 10 a.m. Korean time. LG has been teasing the phone for a week or so, focusing on the design of the rear camera, which has four lenses arranged in a vertical line. Last Friday, we talked about how Western Digital is shipping discs using shingled magnetic recording discs in NAS like the WD-RED, shingled magnetic recording or SMR lowers performance in continuous use cases, and Western Digital did not make it clear that SMR was being used. Initially, Western Digital said SMR didn't cause issues in typical small business or home environments, but a lot of people in typical small business or home environments disagreed with Western Digital. So Western Digital has now posted a list of which of its drives use SMR, including not only the one we talked about, the two to six terabyte WD-RED, but also WD-BLACK model and three WD-BLUE models. CNBC saw internal emails from Google indicating that the company will cut its marketing budget by as much as half for the second half of this year. Google tells CNBC that some areas budgets may indeed be cut by as much as half, but others may not as Google recalibrates its marketing spending. The emails also mentioned hiring freezes at the company. Google earnings will be announced on Tuesday, April 28th, and it told CNBC it will quote be slowing down the pace of hiring while maintaining momentum in a small number of strategic areas. And Judge Timothy Kelly of the US District Court for the District of Columbia has approved a deal reached last summer that will see Facebook pay $5 billion to the US Federal Trade Commission over privacy violations. This is the fine that relates to Facebook not doing enough to make sure third parties protected user information that includes most famously Professor Alexander Kogan who shared some Facebook user information he had obtained with permission with Cambridge Analytica who he had not obtained permission to share that data with. All right, let's talk a little bit more, Shannon, about what's going on with this iOS mail thing. Yeah, let's. So Wednesday, Zeck Ops published a report describing a security exploit for iOS mail. The attack involves sending a specially crafted email and required the target to only open the message. That's all they had to do. Zeck Ops said that it found evidence of the exploit being used against six high profile targets. Jan Horne, which is who is a researcher over at Google's Project Zero, questioned the claim of exploitation in the wild. Now Apple has found no evidence that the exploits have been used against customers and they doubt the exploit could bypass existing security protections. Apple does say that the issues will be further addressed in an upcoming software update and Zeck Ops previously said that the issues have been fixed in beta versions of Apple mail. So to me, it sounds like these are very targeted attacks because Apple has been saying that these are not something that general consumers need to worry about, but they're still going to fix it. Yeah, it feels like there's a little sniping going on about, well, these really aren't that bad. And no, they haven't been exploited in the wild. You can't prove that, but they're going to get fixed, right? That's really all we care about in the end. Exactly. It's like, is it getting patched? Good. Then I feel better. So yeah, my guess is that these are technically exploits that probably with the right sophisticated approach, we've seen lots of examples of this could in certain situations lead to a breach, but it would take a lot of work, that kind of stuff, which is why you see them talking about particularly high profile targets. Right, yeah. So it does, I am happy that they are going to be fixing it, but for general consumers, for me and you, for folks that are out there that do currently use mail on their iPhone or their iPad or whatever application you're using, it sounds like you don't need to worry too much about this, but still update. It's always smart to update just in case. Patch, patch, patch, as they say. In other security news and an update to something we've already talked about for the past several weeks, some Nintendo users have reported unauthorized access to their Nintendo accounts even when they weren't reusing passwords. And in some cases, they had even changed their password and said still not helping. The hijacks happened through an older account system called Nintendo at Network ID, which was used for the Wii U and 3DS. If the NNID had a weak password and was linked to a main Nintendo account, changing the password on the main account would not affect access through NNID. Nintendo has now disabled the ability to log into a Nintendo account using NNID. And Nintendo says NNIDs and passwords of 160,000 accounts were in fact illegally obtained, exposing user birthdays, email addresses, the country that they live in and nicknames, as well as being used to make some fraudulent purchases. Nintendo is resetting passwords for all affected users, refunding those illicit purchases when they know about them anyway, and recommending that all Nintendo accounts use two-factor authentication. That's probably the big, the best thing that will come out of this is Nintendo making sure that people are aware that they have two-factor authentication and you should turn it on. So that's good. Otherwise, I don't know, Shannon, what do you make of this fact that they kind of left a backdoor open? Don't mind my camera moving. It's because the temperature monitor icon is going off and people can't see it anyways. It's just the video people. But yeah, as far as Nintendo goes, I think it's important to note that not just changing your password on the newest version of the Nintendo accounts is going to help you solve this problem. That's why a lot of people are still seeing this hack occur is because they had an NNID connected to their newer accounts. If you do still have that connected, the first thing you should do as soon as you log in is unlink that old NNID account because it's deprecated. There's absolutely no reason that you need to still have it connected because all it's doing, especially since it's a plain text password, is just making you more insecure. So highly recommend switching that, turning on 2FA, and changing your password. That's all you got to do. Yeah. And with Nintendo disconnecting it, that gives you a little breathing room. It's probably still a good idea to just get rid of that account anyway because it has a maximum of eight characters in the password on NNID and it's just not a good thing. But yes, Nintendo doing the right thing here by disconnecting those two accounts, it is questionable why they allowed that to continue in any way rather than just migrating people. But Nintendo, as we've talked all week about this, they do some weird stuff with networking sometimes. And this is an example of one of them. They really do. We've seen some news about them in the past about them being slow to fix these kind of problems in the past. There was an old hack on an Nintendo Wii way back in the day and they never fixed it. So hearing about this isn't a huge surprise. I wish that they were a little bit more proactive about how fast they fixed the problem because it did take several reports until we actually started seeing an actual published report from Nintendo saying, hey, this is a problem. This is how many people got hacked. Yeah. And it just felt like they were maybe not disbelieving, but wondering if it was really happening. Isn't this just credential stuffing? And so they took their bloody time to get around to it, but they've done the right thing in the end. So I'm not going to be too hard on them now. This one's really interesting. Researchers at Apple and Carnegie Mellon University's Human-Computer Interaction Institute have teamed up to publish a paper detailing a self-supervised convolutional neural network system called ListenLearner. ListenLearner would let the system learn by listening to noises around it in an environment without needing to do any upfront training or put a data set in there or have supervised learning where you tell it what it's hearing. None of that. The machine learning system would cluster like sounds together. So it keeps hearing a door slam. It's going to be like, okay, that sounds like the same thing. I won't know it's a door slam, but it'll be like, that always sounds like the same thing. I'm going to cluster those sounds together. And then once it has enough of those, it will ask a person in the room, so imagine this working on a smart speaker, what a representative sound was. So it's had a bunch of door slams. It'll say, what was that? And then you'll say, oh, that was a door slamming. And then it'll, it will then do the labeling itself. So it's self-supervised. It's requiring a little bit of input, but it's not as burdensome as requiring you to train it on everything. Now, you can speed things up a little by using a pre-trained model, and the researchers did that. When you do that, then the system will ask the person, hey, was that a door slam? Because my pre-trained model says that sounded like a door slam, and I've got a cluster of those things. So that'll speed stuff up a little bit. And it can even do refinement questions. So one example they gave was if a microwave and a faucet are both making kind of a roaring sound, and the machine learning says like, man, those are similar. They kind of overlap. Here's one that kind of overlap. It can ask, was that a microwave or a faucet? I know it was one of those two things. And then you, again, aren't having to do a lot of labeling, a lot of work. You're just occasionally answering a question. And the hope is that these kinds of systems would give Internet of Things and smart home devices better contextual sensing capabilities by knowing what's happening around them by sound. So if it hears the water running or it hears the dishwasher running, it can tell you, we don't notice a person in here, but we hear water. Or there was a knock at the door. It could send you a text message saying, hey, somebody's at your door. Existing systems, of course, require manual user training or use pre-trained general classifiers, which have low accuracy. So you can either get high accuracy with the manual training, but that takes a lot of work. Or you use these generalized classifiers, which is really what most of these systems we have now use. But as we know, those aren't terribly accurate. Yeah. I mean, at this point, my frustration mostly with my smart speaker is there's too much other ambient noise in the room right now. The wake word won't work or something's going to bleed into what I'm actually asking. And so I've got to like pause the TV kind of thing, which is, that's a real issue. So to be able to filter out noises that are background noises that the machine can learn over time, that is helpful. But yeah, also, yeah, you're not in the room, microwave's done. Or yeah, there's a knock at the door, you're not there, but you get a text message that it sounds like someone's at the door and they just knocked kind of thing. And periodically the smart device saying, is this what I think it is? Because I'm getting enough data points and it's repetitive and it's coming from the same place. I think I understand what it is. That's, that is definitely the next phase of all of this. When did this be really useful for folks with disabilities? I was trying to figure out a way that I could use this in the real world. And I was like, Oh, I think this would be super useful for somebody. Like if they were blind and trying to figure out what was happening around them or something like that. Yeah, I mean, it could be useful for for sighted and unsighted people. But but there's there's lots of good accessibility uses for those to tell you some things that are going around or deaf people to tell them like, Hey, here's what we're hearing, especially good for that. I think that's really cool. I like it. AT&T CEO Randall Stevenson will step down July 1st and COO John Stanky will take over as CEO. Randall Stevenson will remain executive chairman of AT&T's board until January. Stanky was Stanky was named president and COO of AT&T in September and gave over control of the Warner media division to former Hulu CEO Jason Kilar earlier this month. AT&T recently settled a dispute with some investors over the direction of the company agreeing to make no more major acquisitions and separate the rules of CEO and chairman of the board. AT&T's HBO Max is set to launch on May 27th. Yeah, so a couple of interesting things here to read in the tea leaves. One is, yes, we're going to see Stevenson remain executive chairman until January. But the idea is then after January, they'll bring in an outsider to be chairman of the board. And I think that was the biggest thing that would satisfy the investors. But promoting Stanky is doubling down on Warner media as the future of AT&T. And that has been controversial with a lot of people, including some of these investors, that felt like this was a bad bet. But Stanky is the guy who was running Warner media when they developed HBO Max. AT&T has said that HBO Max is one of the most important products for its future. It's seeing declining subscribers in its direct TV units, in its AT&T, U-verse television units, and they're betting the farm on HBO Max. So making Stanky the CEO is kind of putting him on the spot saying, all right, you're going to ride this horse to success or nothing. I can't help but think May 27th. Couldn't you rush out that launch? This would be the right time to do it, you know, instead of a month from today. But there's probably a lot of internal reasons and engineers saying, well, we're not done yet. That's why. But yeah, I mean, I think, you know, the HBO Max, there's there's more to it, of course, but that is a really big launch for AT&T. Yeah, and it says a lot about AT&T being committed. You know, I wouldn't be shocked. Let's let's pretend, let's imagine that HBO Max works, Warner media becomes strong because of it. The ISP part, the internet part of AT&T provides a nice way to market HBO Max. I wouldn't be surprised to see AT&T start spinning off things like even its phone. Can you imagine if AT&T spun off the phone part of its business and AT&T was no longer a phone company, but was really just a media company? Not impossible. Yeah, there's a lot of rebranding that could happen. I mean, HBO Max still sounds to me like, Oh, HBO stuff, which it is. That's a lot of other things too. There are just a lot of things named HBO right now. Yeah. Facebook announced quite a few new video features, including a live stream in during a live stream Friday that Mark Zuckerberg was in charge of. Messenger Rooms is one of the announcements. It's a tool for starting at virtual hangouts with up to 50 people launched in Canada and Australia four years ago. So you might be like, I'm familiar with this already, but most of the world didn't have it. Part of a pilot said let users create topic centered spaces and availability is coming to the US in the next few weeks. Creators can start a public or private room from Messenger and Facebook, at least at first. Later on, it'll be from Instagram Direct, WhatsApp and portal as well. Guests don't need a Facebook account to join. So you can be part of it without being part of the system if you don't want to be. Room calls are not end to end encrypted, though. That's going to annoy some people, although Facebook says it won't listen to calls and it won't view them. Rest assured. WhatsApp is also expanding its video call tool. That one is end to end encrypted from four people to eight. So it's not exactly 50 folks, but it's twice as much as it used to be. Facebook dating is also getting a video call capability. They're calling it virtual dates using Messenger. In the coming weeks, Facebook events can be made online only. They can also broadcast live videos. So it's not just an event that doesn't have a physical address, but it's really a come here at this time and there's going to be something happening. Page owners and admins can charge for access. They can also raise money using donate buttons in countries where fundraisers are available. So you've got some options there as far as people contributing to whatever you're sharing. Facebook Live will bring back a feature called Live With that was deprecated last fall that lets users invite another person to stream with them during the stream. Instagram will begin allowing users to post live streams to IGTV as well as Instagram Stories after the stream is finished. Somebody messes your live stream, but it was really great. They have other options to catch up. Instagram Live broadcasts will become available on the desktop for the first time and Facebook portal users will be able to go live to pages and groups that they're associated with in addition to already being able to go live with their own profile. Yeah, Facebook portal is having its moment right now. A lot of people using it for less technologically savvy members of their family to say, you know what? We want to keep in touch with you. I'm going to send you a Facebook portal. I'll get on the phone and walk you through setting it up because you already use Facebook and that's going to be easy. So I could see this becoming something that is used more often in Facebook portal. Now kind of a viable product in a way that it wasn't a couple of months ago. It's so weird how things change so quickly. I think my biggest concern about these is just the encryption, especially for like the dating platform that is going to work with Messenger. So I'm assuming there is going to be at least some type of encryption option there for the privacy of two people that are joining. But also how are they going to protect people from being harassed? Because that can sometimes be an issue if you're talking to strangers over video, especially in a dating type of context. So I'm hoping that they have some kind of reporting functionality or something that stems those kind of worries because that would be my biggest concern. It is encrypted. Messenger just isn't end to end encrypted. So it's less a worry about somebody doing man in the middle and more a worry about like, oh, Facebook kept this and turned it over to the government or the police or something like that. For the actual Messenger rooms, a host can lock the room URL so that Rando's can't grab it and join it. That stops Zoom bombing type stuff. And if you boot someone out, that locks the room automatically so they can't keep trying to come back in. So they at least are a couple of methods to keep it under wraps there. Cool. All right, folks, if you want to get all the tech headlines each day in about five minutes, be sure to subscribe to DailyTechHeadlines.com. Apple and Google have released additional details for their joint contact tracing system. Generally epidemiologists believe that intensive testing, quick intensive testing combined with the ability to trace who infected people have contacted is one of the ways that we can allow society to get closer to normal. So the Apple Google system is one of the ways that has been touted as being able to protect privacy, but also provide that important contact tracing to catch you up. The system does not collect location information or any other information from a user other than a rotating number from other participating phones. If you're near a phone, it sends a number. That's all you have. That data is stored locally. It's not stored in a central server. It's just stored on your phone. The only time it ever leaves your phone is if you're diagnosed with COVID-19 and you agree, you opt in to let a certified health agency who's saying, yes, you're definitely infected, upload those numbers to a centralized system that broadcast it out to all the devices so they can compare and see was I near a device with that number. This is really being misinterpreted in a lot of places. So that's why I'm going through some of these details again. It's very good at saying we're not storing any information about you just whether you were near another device in a way that tries to keep it anonymous, which device that even was. And they have upped that attempt at protection as well. Here's the new information. Representatives from Apple and Google pledged to disable the service like they said it out loud. We will disable the service once the outbreak has been sufficiently contained. Somebody from Apple said it, somebody from Google said it. You may not believe them, but at least they said it out loud. These rotating key numbers that are shared between the devices are now going to be randomly generated before they had been proposed to be based off a user's private key. And some folks were saying, well, wait, then I might be able to figure out the private key. So they're like, nope, it's going to be pure random. That'll further protect the anonymity of the numbers. The system will now encrypt the app version and power level information transmitted by Bluetooth to protect it from being intercepted in transit. They no longer are calling it contact tracing because that sounds like spying. So they want you to refer to it as exposure notification. That also differentiates it from manual contact tracing and shows that it's not a replacement for having interviews with people and finding out where they were. It's just supplemental. And finally, the first phase of the program, which will require users to download a health agency's app, is going to be distributed through a white listed API. Apps will only be approved on the API if they are only administered in conjunction with public health authorities. They meet Apple and Google's privacy requirements and they show that they will protect the user data in the app as well. Shannon, what do you think of this whole system and especially these new things that they've added to it? Well, I feel mostly positive about the changes that they made and also they are stemming quite a bit of those concerns that even I brought up on my own discussions about this. I'm glad that they are finally making it very clear that they're going to be disabling the service after the outbreak. But I am curious how they're going to do that. Since they are running an API, I'm assuming that it will be a push to all the different public health agency applications so that the applications will no longer be able to work or at least they'll no longer be able to send kind of data just so that Google and Apple can ensure that all of these applications actually turn them off. Because if there's anything we can be sure of, when governments are associated with security and privacy and technology, a lot of times they're very slow to update. I mean, look at voting machines, for example. So hopefully there's some kind of push to make sure that all these applications do close down after the outbreak. They all agree to that. And I'm also hoping that they're pushing that security and privacy mindfulness to the health, the public health officials as well in in response to health servers. So in a way, this is a very decentralized API. Any of these applications can be used by any of these different nations or regions. So there has to be some kind of way that Apple and Google, and they have mentioned that they're going to make sure that these are all agreeing to their security and privacy standards, that their servers are also protecting the data since there is some kind of transmission of data going there to ensure that people that test positive are being reported, like if they choose to opt into that. So that's something that I still have questions about. The Bluetooth issues about encryption, that was a big thing for me because we've all seen man in the middle attacks that happen with Bluetooth. It's fairly easy to do, especially with fingerprinting devices. So I'm glad that they're fixing that. And I'm also pretty interested in this new encryption specification. I haven't seen any kind of technical analysis of this yet. I'm hoping that I do from some of my coder or developer communities, because I would be really interested to see how they changed from that mathematically generated key over to something that is completely random. So I'm very intrigued by that, but I need to know more. Yeah, especially because I mean, nothing's ever completely random. That's very difficult to do. But I like that they're trying to get as close to random as possible to make it more difficult to track back. And the fact that these numbers on their own don't tell you anything they have to be associated with other phones. And so the fact that they're encrypted on your device, they're not stored in a central server like that, they really are doing a lot to make it difficult for this to end up with anything. I'm with you. I would like to have more details about how they will turn this off. Presumably they can just shut off the API and the apps won't work anymore. And obviously in the second phase, which we didn't talk about here, but the second phase, you won't even have to download an app to participate. It'll be built into iOS and Android. That certainly makes it easier for them to turn it off. But more details, right? Like we got more details on these things. It'd be great to have more details on those things as well. I'm with you. In this case, this is one of those things where the more transparency that they offer, the more comfortable I am with the idea of using this to ensure my own safety when it comes to this pandemic, especially now that they're saying, yes, we are going to turn this off after the outbreak. So that makes me feel a lot more comfortable. Well, you know where you can be comfortable? Our Discord. You can join the conversation happening in our Discord right now and all the time. You can join by linking to a Patreon account at patreon.com slash dtns. Well, look at that. There's an audio message in the mail bag. So there is Tom. So there is. Yeah, we love audio messages. And this one comes from Big Jim. This is a response of our discussion yesterday on Amazon possibly using third-party seller data to make informed decisions about its own in-house competitor products. Hey, everybody, everybody. It's Big Jim. I just have a real question about yesterday's episode. We talked about Amazon and their private label moves. I guess my question is, why is this a story? I mean, if you look at Walmart or you look at Target, they're pushing out brand names as well and they're moving more towards their private labels. Obviously in the grab to try and make more revenue off of private label concessions. I guess, is this a story because it's Amazon? I'm just confused. Thanks. Yeah, when he sent this, I went and looked because I'm like, well, do other places like Walmart and Target do the third-party sales? And yes, they do. Walmart and Target also allow third-party merchants onto their online platforms. So really, the only difference is when Walmart and Target make their in-house brands, they are definitely going to look at sales data. Does that sales data include their third parties as well, in which case it would be the same as Amazon, where they are looking at data from third parties on their platform to help inform the decisions about what kind of in-house brands to make. Shout out to patrons at our Master and Grandmaster levels, including Paul Reese, Mark Ibsen, and Dr. Carmine M. Bailey. Len Peralta has been busily drawing during the show. What have you created art-wise for us today, Len? Well, I'm sure we're all very excited or moderately excited to see what the COVID-19 exposure notification apps from Apple and Google both look like and what they'll do. But what is it going to look like? This is what I think it may look like. If you remember the old video game Berserk, then you will really enjoy this week's art. There's a little, you know, there are these little people who are all red who apparently may have been infected by the coronavirus that is jumping around there. And there's a little person who I'm assuming is you when you are trying to figure out who is infected. And it's saying intruder alert, intruder alert, stay six feet away. And that was terrible. But you know what I'm saying. I also like your little viruses that are just kind of floating around in the maze. Yeah, the little coronavirus. In some ways, they're a little bit cute. I hate to use that word because they're... Do they all have little blue dots that are their phones? Those are the phones. Everybody's using it. The intention to detail here is pretty impressive. They all have little phones. So yes, this is available right now. If you're one of my Patreons of Patreon.com forward slash Len, you can get this immediately or you can go the old fashion way at Lenproldestore.com and download it. And you can, you know, do that kind of fun stuff too. So check it out. Love it. Thank you, Len. Also thanks to Shannon Morse. Shannon, you've been doing so much stuff behind the scenes for DTNS. But it's so nice to have you back on the show. Let folks know where they can keep up with you. I have, yes. If you want to follow Daily Tech News Show, by the way, on Instagram and Twitter, I've been super active over there. It's DTNSPix on Instagram. That's P-I-X. Thank you. Thank you. And Daily Tech News S-H on Twitter. But you can also search Daily Tech News Show to find us on Twitter and Instagram. Other than that, I've been really active on my YouTube channel, youtube.com slash Shannon Morse. I just got to visit the last active Morse code station that's commercially transmitting Morse code in the United States. It was so, it was so cool. So I highly recommend watching that video. Like my passion comes across. I absolutely loved it. So yeah, that's my YouTube channel. Go check it out. YouTube.com slash Shannon Morse. And again, Shannon, you've been doing great. Thank you for handling the social stuff for us as well. It's been awesome. Thank you. You can always support our show at any level you want. If you have the means, we highly recommend it. DailyTechNewsShow.com slash Patreon. And our email address is feedback at DailyTechNewsShow.com. We love your feedback. So keep it coming. We're also live Monday through Friday, 4 or 30 PM Eastern. That's 20, 30 UTC. And you can find out more at DailyTechNewsShow.com slash live. See y'all Monday. This show is part of the Frog Pants Network. Get more at FrogPants.com. I hope you have enjoyed this program.