 Daily Tech News show is made possible by its listeners. Thanks to all of you, including Mark Gibson, Reed Fishler, and Larry Bailey. Coming up on DTNS, should you trust Anchor's Yuffie cameras? We'll explain. The EU is going to let 5G onto airplanes, and why I believe the children are the metaverse. This is the Daily Tech News for Friday, December 2nd, 2022 in Los Angeles. I'm Tom Merritt. From Columbus, Ohio, I'm Rob Dunwood. Drawing the top tech stories from Cleveland, I'm Len Peralta. And I'm the show's producer, Roger Chen. You know, a lot of people think we're too Ohio-centric, but Roger and I are here to balance it out. So, you know, it's... I'll fight you. You guys know Ohio is awesome. I used to vacation in Ohio as a young lad. There you go. So yeah, I agree. Ohio is pretty great. Sarah Lane's out today, but we have got a great show, so let's start with the quick hits. Thursday around 2 a.m., a man traveling by snow machine in Northwest Alaska, wasn't Amos, he was in New York, activated his Apple iPhone Emergency SOS, the Apple Emergency Response Center and the Northwest Arctic Bureau Search and Rescue Coordinator, worked together with Alaska State Troopers and local volunteer search and rescue teams, who did a lot of the local work, to locate the man using the GPS coordinates provided by Apple. The man was found and brought to Cutsabue. No injuries were reported, and it's the first reported use of Apple's Emergency SOS feature for rescue purposes. Google announced it will start rolling out end-to-end encrypted RCS group chats to the Google Messages beta over the next few weeks. Previously only one-on-one RCS chats were end-to-end encrypted. RCS is a successor standard to SMS, which is supported by Android and most major phone carriers. It is not supported yet by Apple. I wonder if anyone's talked to them about that. You know, I think maybe. Another day, another game mastered by an algorithm. Researchers at Alphabet's DeepMind published a paper in the journal Science detailing DeepNash. That is the name of an algorithm that can best human players at Stratigo. Because a player cannot see what type of pieces an opponent has in Stratigo, it's a much more incomplete information problem than, say, something like Texas Holden poker. Researchers trained DeepNash with reinforcement learning, playing 5.5 billion games against itself. It's designed to find Nash equilibrium. If you ever watched A Beautiful Mind, you might have heard that. And a set of strategies such that no player benefits by changing strategy on their own. After 50 matches on the game platform project Gravon, DeepNash now ranks third among all players since 2002. The payment processing company Stripe announced it's launching its own fiat crypto on-ramp widget, which will let customers easily exchange dollars for cryptocurrency. Stripe will handle fraud, compliance, and know your customer checks as part of the transaction. These kinds of widgets are often used by cryptocurrency companies offering Dapps and NFTs so that customers can use their preferred currency without involving a cryptocurrency exchange. You know, like FTX. Privacy-focused Brave software announced it has begun its test of privacy-preserving ads in its search engine. So Brave uses the content of your search query, what you typed in, the country the request appears to be coming from, I'm guessing by IP address, and then the device type, is it a laptop, is it an iPhone, etc. And they use those three types of information to determine what ad to show you. None of that information is stored. They don't build a profile. They just look at those three pieces of information, pick an ad, show it to you, and then throw it all away. If you don't even want that amount of tracking and you don't want to see any ads, Brave Premium is now available for $3 a month. Alright, let's talk about the future of being annoyed on airplanes. The BBC reports that the European Commission can provide 5G service aboard airplanes. The EU has reserved certain frequencies for airplane service since 2008. Member states have until June 30th to make the frequency bands available for in-flight 5G service. The EU uses different 5G frequencies than the US and at lower power, so they don't have the concerns that the 5G interfering systems like Radalt have with US carriers. Once those frequency bands are made available, flyers in service areas would not need to put phones in airplane mode. So Tom, does this mean that we'll be subject to planes full of loud phone calls? In Europe? Possibly. My hope, my thought, my expectation even might be that while 5G on the plane is going to allow you to not have to put it in airplane mode, you'll be able to just keep saying funny things on Twitter as you're waiting to take off all the way into the air, that you will have policies put in place by the airlines about what you can do on those. That would not disturb your neighbor. I would imagine some airlines might just say like, hey, you can use 5G all day long on your phone, you can stream your video, do whatever you want, but don't talk on the phone. Don't talk loudly on the phone and disturb the other passengers. I mean, do you think I'm naive to believe that? Well Tom, I think it's going to be a combination of that and people actually talking on the phones because if you think about big international flights, particularly in first class and business class, those pods have phones in them. You are already able to make phone calls on airplanes. You have been able to do this for quite some time. It's ridiculously expensive to do it and I think that that's going to be the barrier for a lot of folks. They're just not going to pay the price to have a phone call in the air. And then when you're thinking about if this is just contained within the EU, those flights in many cases aren't very long. So those aren't the flights where people are going to just be having long phone calls. At least I don't think most people would have long phone calls on those type of flights at the expense that they would probably have to incur to have them. I don't know, man. I've been on some flights where folks just keep talking on the phone and the cabin door is closed and the flight attendant is leaning over and like, please wrap up your call. Please wrap up your call. If they don't have to wrap up the call, right? If there's not a policy, like a security policy. Right now they can be like, you have to have that thing in airplane mode. They don't have to do that. I feel like there's going to be some people take advantage and just talk from the minute they're on the plane till landing. So this is the question for me though. When you are using that in-flight 5G, that's a different bill, I think. I don't know how this is going to work. It might cost more. Yeah, you're right. How are you going to be built for that? Is that going to be like a roaming charge that you would get? I would imagine it would because I don't see airplanes or airlines doing this because they don't think they can make money from it. I mean, I think that this is something that we can service our customers and give them something that they want and we can also build them ridiculously for it as we service them. No, you're right. It'll be a charge. There'll be certain carriers like T-Mobile right now. If you fly on Delta, you don't have to pay for your Wi-Fi, right? There'll be certain carriers that will be like, oh, if you're on our carrier, you don't have to pay. But they may limit what you can do on it. They may not route phone calls from an airplane. And that would just take care of it right there. Stealth Dave points out nobody talks on the phone anymore anyway. So maybe we'll just age out of that because the younger you get, the less likely you are to not just text someone or send a meme instead of calling them. So yeah, maybe there's hope. Maybe the children are a future is what I'm trying to say. Another thing too. I remember, and this is back in like the Blackberry and Palm Polly days, people would freak out when you would even use your phone on a plane, let alone be connected to data. And over time, we just kind of get used to it to where it is just a thing. Like you said, with T-Mobile, you can just, you know, you just hop on a plane and you still have data. You can't make phone calls, but you still have data. I think this may just be an extension of that over time, people will simply just get used to it because I think about trains. People talk on the phone all the time on trains and it's not terribly disruptive. I mean, you know, you will have a time or two where the porter asked to go say, hey, can you quiet down? But you already have that on plane. So I don't really see this being a big issue. Now, I think you talked to me down. Social norms will develop where, yes, will you have the person who talks too loud? Sure. And then the flight attendant will come over and ask them to, you know, please keep it down. Just like you would if somebody was talking to the other person in the seat next to them too loud and disturbing other passengers. So, all right, all right. Overall, I think it's a good thing though. I don't want that to get lost. I'm looking forward to being able to just have 5G service and use everything on my phone the way I normally would without having to switch over to Wi-Fi and some things work and some things don't. And I won't be able to get it until we're 10,000 feet in the air. Like it's all good stuff to me. Right. I think it's a good trade-off. Yeah. Wall Street Journal's Sarah E. Needleman and Sarah Donaldson wrote an article called Kids Don't Want Money Anymore. Virtual currencies have become many families' preferred way to pay allowance. Can you convert this to Robux? Now, that's the title in the subtitle. It starts with an anecdote about parents paying kids an allowance for doing chores and then the kids handing it right back and asking them to convert it to Robux. There's some other anecdotes talking about the freedom kids have to buy virtual items. One example being a virtual Louis Vuitton purse using Robux and without needing the parents to drive them to a store to do it. Before you get outraged, virtual items are way less expensive than real life counterparts. That Louis Vuitton purse costs less than $5. And games like Robux have strong parental controls that help prevent out-of-control spending. Parents can control the money supply just like they would with a cash allowance. And kids still get lessons in how to spend wisely. Yeah. So it won't cost your kids a lot in the words of Jesse to look good in your Louis Louis. That's good to know. But there's a lot of children doing this. About half of Robux's 60 million daily users are under the age of 13. There's also a lot of money for this. Roblox revenues have grown 600% in the past three years to $1.9 billion last year. You don't hear about Roblox laying off a bunch of people. It also makes almost all that money off of selling Robux. It doesn't have a lot of other certainly not anything close to bringing in as much money as Robux does. And Roblox isn't the only one doing this. Minecraft has mine coins. Fortnite has V-Bucks. Pokemon Go has Pokécoins. There's even a company called Moonbug that sells NFTs of kids show characters from Coco Melon and Blippi. Last year, children 12 to 17 spent an average of $92 a month online. That's twice as much as they did two years earlier. Rob, I know your kids are grown now. How do you think you would deal with this if you still had youngins? No differently than how I dealt with it when I had youngins because the story is about Roblox and it's about kids wanting virtual currency to do things inside of these games. But when it comes to allowance, number one, most kids when they first start getting it, they don't understand the concept and the value of money. They just want things. They just want stuff. And in this case, if they're playing this game, and I think a lot of them got into it because they were kind of captive audience inside all the time over the pandemic, then oh, there's stuff in that game. I want it. So it's not about I want my allowance in this way. It's just that I want stuff in that game. And if my allowance allows me to get it, then so be it. So I don't see this as being any different than if your kids are in the go-kart racing, they want to use their allowance on go-kart parts. If they are into Pogo sticks, they want to use their allowance on Pogo sticks. I think it's just whatever your children are into, that's what they want to use their allowance on. Yeah. Kids want stuff, right? Yeah. Sometimes it's real stuff. Sometimes these days it's virtual stuff. Roger, you've got youngins. Yes. What do you think of this? Honestly, when I first heard about it, this really reminded me of what they used to do when I went back in the olden days in school. When we used to sell magazines, we would collect not money, but we would collect prize points. And then when you got a certain amount, you could spend them on a specific thing, whether it was like a little radio or like a cassette tape album of whatever band you wanted to listen to. It's just a way of taking a sort of value toward an object, whether it's in-game or whatever, and then making it so that it's just one step away from an actual money. I think we'll see a lot more of this because, I mean, they've been doing this for kids in some way or fashion for the past 40 years, whether you collect certain stickers, you collect coupons, you collect something that builds up in value that you then exchange for whatever the store offers. Bazooka Joe comics from the bubble gum that you've sent in. I mean, they do it for adults when they used to let you use your points to buy things from the credit card store. Like buy yourself a GPS device. I mean, they still do that. That's not a new, that's not a gone thing. I'm thinking of Ralphie and all the stuff he had to save up to get the decoder ring from Oval Team. Right. You know, in a Christmas store, you said, you know, you said 40 years, this has been going on since advertising has existed. Yeah. And children were the target of it. So that makes me think that the point of the story may be a little bit off. The fact that kids want virtual items is just, this is the latest thing that kids want. Right. What the allowance is, is going to let them understand how to allocate resources. If those resources are in game, I don't think there's any problem with that. You just need the parents to understand what's going on in Roblox. Right. So there's a little learning curve there. There are also, I think some fair concerns about things like blind boxes and such like in games. I think Roblox is really good about managing. Fortnite has gotten better about managing. So you have to be careful what platform the kids are on, the popular ones like Minecraft and Roblox are pretty responsible with that stuff. So to my way of thinking, the article here is pointing out more to me that the children are already in the metaverse. If anyone wants to know what the metaverse is going to be, look at the 12 to 17 year olds. They're living in it. They're going to grow up in it. They're going to change it as they become adults. They already kind of are as some of them have entered their life and nobody's going to build a metaverse. The children are already living in it and it's just going to evolve from there. That's what this tells me. No, I think that's a really good point. And I know like in lately in the news, everybody has been on Mark Zuckerberg about you really missed with the metaverse and it's like, no, he's just really early. He's got to let these kids grow up who are actively going to be the ones using it and kind of driving where the technology goes. And it's going to be very, very consumer driven. Like because what I noticed is that the kids, the parents are connected to it through their kid's spending, right? By engaging and managing what they can spend. And I think actually this is the one thing I thought was really cool. Before your parents, they might know what you were spending your coupon bucks on or whatever. But now you know, right? There's kind of the parental controls. Yeah, exactly. And so I think there should be a little less resistance to it because parents do have kind of a say that they have a throttle control on where the spending is and where it goes. Yeah. Historic Squirrel is asking if the kids are using VR or are we using a broad meaning of metaverse? I've always thought the connection between VR and metaverse is just tangential. You can have a metaverse without VR and there's plenty of VR that's not metaverse. They may or may not interact. We're talking about the metaverse in the sense of a virtual world that they live in and value and want to spend $5 on a Louis Vuitton virtual person. If they access it by VR, great, AR, great, phone, whatever, like it's still the virtual landscape that they're treating as real. And if meta wants to build the metaverse, they better start getting 15, 16, 17 year olds into whatever they think that's going to be. And Facebook is not it. Right. Well, they better allow you to take that Louis Vuitton bag that you bought with Roblox and move it to another part of the metaverse. If we're really going to get a broad metaverse, we're going to have to start seeing that. That's the next thing to look for. It's like, you know, Minecraft and Roblox come into some agreement where you can move things back and forth. I'm not saying that's going to happen anytime soon, but if you start to see, talk about that. Metaverse Federation. Yeah. Yeah. The Fetaverse. I don't have that. Nevermind. Hey, folks, if you haven't thought about this, if you're like, hey, that sparks a thought, I wonder if it could be this. Send it to us. Email it. We want your email feedback at dailytechnewshow.com. Anchor offers cameras under the Ufi brand. Ufi cameras promise that all recorded footage is encrypted on device and sent straight to your phone. And only you have the key to decrypt and watch the footage, a.k.a. in encrypted. The company sites ISO 2701 and ISO 2701 certification from the British Standards Institute for Information Security Management and Privacy Information Management. So it was a little surprising given Anchor's good reputation and all of this due diligence they've done to get certified, get independently audited when security researcher Paul Moore claimed that Ufi cameras stored faces without encryption and streamed video without authentication. Moore's statement was followed by SEC consult publishing a summary of two years of their research showing that thumbnails of recorded Ufi images were transferred to an AWS instance. Ufi responded by saying yes. Those thumbnails are transferred. They are restricted by account logins and the URLs for the thumbnails expire after 24 hours unless you share them somewhere. They clarified to Ars Technica that the thumbnails are only sent off device if you choose mobile push notification images. You don't have to do that. You can choose text notifications but if you choose image notification they have to get them to you and that's how they get them to you and they are server side encrypted. Ufi has updated its setup language to make that clear. They said yep our setup language could have been better. They've already updated that. If you choose image based notifications which you don't have to, those images will need to leave your local drive and briefly be hosted in the cloud. That one kind of makes sense and they've addressed what I think was the problem which is the unclear language and setup. But there's more. More also claimed that he found that he could remotely start and monitor Ufi cameras through VOC without authentication or encryption. He said he couldn't release a proof of concept but another security researcher called Wasabi said that he had posted about the problem and worked with the Verge to illustrate the vulnerability. Now the Verge says there were two ways that they used to get that URL that you would need in order to monitor a camera that wasn't yours. The first way you would need to log in with the username and password that was in control of that camera which I mean you could fish that hack it whatever and then there was an undisclosed technique to get the URL so it wasn't easy to get to. But you could get it and that would show a camera stream. Ufi has since made that technique not work. The Verge says we can't make that work anymore they did a change in the website so you can't even even if you get into somebody's account you can't get that URL. However, the URL included the camera's serial number in base 64 which you could just uncalculate. If you found the serial number you could calculate base 64 version of it. A UNIX timestamp that's easy. A token and a four digit random hex. Now, it's possible for someone to recreate that URL without having to go into your account. They would have to have the serial number of the camera. That might be harder to get they'd either have to get physical access to your camera trick you into telling them it somehow but they'd have to get that so there's some effort involved there. They would have to brute force the hex number but it's only four digits so that's fairly easy. The Verge said also not appear the token in the URL was validated. They were able to just change it to whatever they wanted and the URL still worked. Thankfully, you see serial numbers are long complex and non sequential so they're not easy to guess. It would probably take some social engineering to get it. The Verge also said that these only work if the camera's already awake. An anchor denies that there is a problem. It told the Verge and ARS Technica that it is not possible to start and monitor a stream and watch live footage from a camera without a third-party player like VLC and it told ARS Technica that it disagrees with the accusations and encourages customers to contact customer support if they have concerns. Still Android Central has removed all of its recommendations for Ufi cameras. I think the thumbnail image was a misunderstanding. They fixed it. That one doesn't bother me. I think this vulnerability is probably not going to affect 99% or more of Ufi users. If you're a high value target you probably shouldn't be using Ufi cameras in this way anyway. What bugs me and I know what's going on here which is anchor is saying yeah we know this is a possible vulnerability but virtually no one's going to take advantage of it. It's really difficult for someone to use so we're not worried about it. Why should we spend time and money fixing it? However they wouldn't have to spend a whole lot of time and money to repair their customer relationship if they just validated that token. Or explain why that token can't or shouldn't be validated but just saying this isn't a problem I don't think is going to wash at this point. Yeah so like you said this is not going to affect very very many people but it could affect some and the fixed it will cost anchor something. I think that something is less than the PR hit that they're taking if they just are not it's not a big deal we're not going to worry about because people are going to say how I can go buy anchor is a big brand but it's not the only brand there are other cameras out there that do similar functions to this. So they've got to be real careful in how they walk this line and I wouldn't be shocked if they come back and they decide you're just going to go ahead and authenticate these tokens. I don't think it should be lost on folks how much effort it would be if I wanted to spy on Rob I'd have to trick him into giving me the serial number or sneak into his house and copy the serial number down or hack into a computer where the serial number was stored like it would take effort this is this is not an easy hack and I feel like anchor could just make it go away by validating that token maybe I'm overlooking something there but if that token in the URL was validated and you couldn't guess it right now doesn't you don't even have to guess it you just put something else in that space in the URL and it works all you need is that serial number and then brute force the hex number maybe make that hex numbers longer to to provide a little extra security fact making that hex number a whole lot longer would just reduce this possibility so close so much closer to zero that might be enough but I don't know it seems to me that yes they're not wrong this is a very low probability thing but now that it's out there and people react into it a little bit of effort to address it probably would go a long way this is not one of those times where any publicity is good publicity you know acre needs to you know they need to get in front of this and the fix although it will cost them something will be less costly than the lack of sales these devices if they don't fix it alright folks we know flight delays and cancellations are a frustrating price to pay for traveling and we know a lot of you are traveling sometimes for the first time in a couple of years these days but chris christensen is here with a tip that might just help ease that burden this is chris christensen from amateur traveler with another tech in travel minute there's a new resource that's come out for us domestic carriers from the u.s. department of transportation called the airline customer service dashboard and what it shows you is by airline by carrier what kind of opportunities will you have if there are cancellations or controllable delays and so will they for instance rebook you on a partner airline will they give you a meal cash will they give you complimentary hotel accommodations if they cancel your flight so check that out the easiest way to find it is to google airline customer service dashboard I would take it with a grain of salt because I know that I've twice been stranded this year and by one of the airlines who I shant call out jet blue and they did not offer me any hotel credits and they did not do what this document says that they would do but take it with a grain of salt but it's a useful resource this is chris christensen from amateur traveler I think what chris is trying to say Rob is your frequent flyer mileage may vary he said they're very eloquent he didn't call any companies out except for what except for the one that sounded like he sneezed to me do it do it I don't know are you traveling jet blue that was a sneeze that was a sneeze bless you chris christensen alright let's check out the mail bag so this message comes from jason palado where he says the other day my slack blew up on me it's vital to my work turns out it was because I use 1.1.1.1 that's I believe that it's cloud flare changing over to open DNS fix the issue I was wondering do the DTNS team use a specific DNS or stick with the default one through their ISP I know for me I use the Google one what is that 8.8.888 so I use that I've used cloud flare before my gut tells me that this is not a cloud flare issue it's just a cloud flare may have had an issue at the time they're pretty reliable usually I'm sure if jason switched back to 1.1.1.1 my slack would work fine I also understand that moment where you're like I need slack to work right now and I'm not going to wait for the mix I'm switching to open DNS I use 1.1.1.1 and I had forgotten I had to go look it up because I had forgotten what I had put in there and I have not had issues with that so it's another your mileage may vary situation but I think most of us here actually I think it was roger where you say 8.8.8.8 I think I think he was saying that yeah I use the Google I used to use open DNS but I found Google just to have less issues over like a 8 year period so if anybody doesn't know what we're talking about you can go into your network settings either on your computer or sometimes in your router people do it and say when you're looking up a domain domain name don't go to my ISP to look it up go to this address look it up and one of the reasons you might want to do that is because ISPs sometimes track and monetize that information other times people are like you know what I just want a more reliable domain name system one that's putting in all the latest DNS second security things it's not something you have to do but a lot of people do it just does one more step towards being secure and they're easy to remember all ones always they're just easy to remember indeed all right Len Peralta has been busily illustrating today's show and Len I'm very curious to find out what you drew for us today I'm just getting old we were talking about the story about the Robux I have a young child 10 year old 11 year old son who hasn't got into it yet but it's scaring me thinking talking about this Rob like the next wave Rob talked about the metaverse being a little bit too premature but hey why can't we do something fun like this this is an image of a TV show that's coming out I would say probably January 1 called Meet the Rebellionaires and you know I can just see these it's about two fun loving kids or a group of fun loving kids who are spending their robux in fun ways and taking over the world they've got their virtual Balenciagas and Tacitos maybe not the Balenciagas but the Louis Vuitton for sure yeah if you want to take a look at this if you want to actually get this print you can go to my patreon patreon.com forward slash Len where if you become a backer you automatically get this print in an additional way and go to my online store and get it there which by the way I am selling my custom drawn holiday cards and I've got an open commission line so hit me up and celebrate the holidays there's three levels you could have three levels of Len in your holiday if you're a DTNS patron you may have already got your holiday card drawn by Len you could also go to our store and get these cards designed by Len but the best way to do it is to go to Len yourself and say draw exactly what I want for the holidays on this card I love the three levels of Len it's not quite Dante's Inferno but it's close it gets you out of Dante's Inferno don't let your holidays turn into Dante's Inferno that's probably good advice for everybody so that's LenPeraltaStore.com LenPeraltaStore.com thank you Ray also thanks to our brand new boss, Pedi who just started backing us on Patreon thank you Pedi Pedi gets it Pedi is a wave I would call it a Patreon wave sweeping across the nation that Pedi is the leading edge of right now you could be you tomorrow Patreon.com patrons stick around for the extended show we are going to continue along with the the folks I'm sorry I'm trying to find I changed my sound board around and now I can't find anything we are going to stick around and we're going to talk some more so if you're a patron you're going to get that you can also watch the show live Monday through Friday 4pm Eastern 2100 UTC find out more at dailytechnewshow.com back on Monday talking about what we can do about our imperfect understanding of AI with Andrea Jones-Roy talk to you then this week included Bode Grimm and Jim Thatcher and thanks to all our patrons who make the show possible this show is part of the Frog Pants Network get more at frogpants.com