 Coming up on DTNS. How bad was that attack on Ukraine's websites? We'll tell you an important change comes to the Chrome browser and we look over the new legal revelations regarding Google and Facebook's ad deals DTNS starts now This is the Daily Tech news for Friday, January 14th, 2022 in Los Angeles. I'm Tom Merritt and from studio Redwood I'm Sarah Lane and from Columbus, Ohio. I'm Rob Dunwood And I'm the show's producer Roger Chang. We were just having a good time talking about all of our old tech Some of the old computers we had whatever tech we had in reach Mobile device wise if you want to hear what we had and what we thought about it get good day internet the longer version of This show available at patreon.com slash DTNS speaking of that big thanks to our top patrons today They include Kevin Paul Thiessen and Allison Javi. Let's start with a few tech things you should know The Russian Federal Security Service or FSB announced that it raided the operations of the Reval ransomware Organization targeting 14 suspected members the FSB said the raids were conducted at the request of US authorities Reval is believed to be behind recent high-profile attacks against colonial pipeline JBS foods and US technology firm Kaseya Block which you may remember as Square Announced it's developing an open Bitcoin mining system designed to quote make mining more distributed and efficient in every way The system will focus on making buying a mining rig easier simplifying heat dissipation and key Improving power efficiency block is evaluating technology and partners for the platform including possibly developing its own new ASIC The Electronic Frontier Foundation spotted a new Android 12 option that lets users disable 2g connections to avoid privacy and security problems Exploited by cell site simulators also known as string rays or IMSI catchers The devices can masquerade as a cell tower then make cell phones in their range connect to them and intercept personal data use and Information although Android users have the option not to allow 2g cellular connections on their devices The setting is turned on by default. So that's good to know also a phones modem also needs to support the 1.6 radio. How? Humble the humble bundle software bundle service you you've heard of it It's gonna shift to a new $12 a month subscription model for the humble bundle subscription on February 1st And after that date humble will require a windows only launcher to access humble choice humble trove and Humble games collections going forward Users have until the end of the January to download any macro Linux versions of games using the existing website Bloomberg reports that development challenges related to overheating cameras and software may delay Apple's AR VR headset reveal Previously still rumored but rumored to happen at WWDC in a few months The headset reveal reportedly may now not happen now until the end of the year Possibly later with the headset going on sale in 2023. All right, let's talk about that Ukrainian attack It was on the BBC World Service this morning. It's been all over the place If you hadn't heard Friday morning about 70 Ukrainian government websites stopped functioning after a massive attack Many of them were attacked and stopped functioning Some of them were taken down by the government as a preventative measure But most of them were attacked targets included the websites of the state treasury and the DEA electronic publishing services platform That's where vaccination certificates and electronic passports are stored But it doesn't seem like they got to those just to the website The deputy head of Ukraine state agency in charge of special communication and information protection Victor Jorah Called it the most powerful attack in four years Doesn't make it the most powerful of all time because remember Ukraine had its power grid attacked more than four years ago He did add that personal data had not been quote distorted Important data had not been leaked and site content had not been damaged Ukraine's SBU state security service said preliminary information indicates the personal data was not leaked So it backs up what the minister was saying and site content was not changed Ukraine has not assigned blame for the attacks. That's important diplomatically I think Ukraine's not out there pointing the finger to the east which you might expect them to do They haven't done that messages from the attackers were left in Ukrainian Russian and Polish Toby Lewis head of threat analysis for dark trace told threat posts that government sites are quote Typically built on common software which explains the domino effect of website shutdowns that we saw And it was too early to call it a sophisticated attack. So far they look like simple defacements In fact Johan Ulrich Dean of research for sands technology institute told threat post quote This may very well be the work of hacktivists Emboldened by current propaganda the defaced websites were only informational and likely did not hold Sensitive information. However dark traces Lewis did raise the possibility that sophisticated attacks Be Happening while these less sophisticated attacks distract everyone So it it may it may be a situation Where these 70 websites going down are not the serious part and something else happened But that's just speculation that it could be used for that. That doesn't mean we have any evidence That something like that has happened. So big attack big splash Lots of headlines, but it doesn't seem to be that serious it doesn't sound like That there was a lot of damage necessarily done. It seems like Yeah, we yeah, we need to go in You know firewall this block this off and we'll be back up and going by next week Is what this is was what this kind of sounded like Um, it's just interesting that they were very specific This is the you know, but you know a huge attack in the last four years because we know that they have had some Much more egregious stuff that has happened Taking their power grid down these as you said, they're more just vandalism on public facing government websites. Yeah Yeah, I guess what they're saying is like, man, we had a nice four-year break there. Oh, well I mean, it's interesting that it is being presented as very serious doesn't seem all that serious, but the possibility that this is a distraction, you know, based on a group many groups individual whatever it is actually doing more damage and Skating under the radar a little bit more because this is getting more attention That could have some legs. Yeah, and even if that's not the case Technologically, it's not serious politically it is And I I think that's why it's it's Important to note that Ukraine has not blamed Russia You're going to see Russia blamed in so many headlines and so many stories about this and I don't know Maybe some Russians did this Maybe or maybe not at the direction of the Russian government, but Ukraine isn't taking the bait for that yet Uh, and and the fact that it's in polish could be misdirection to try to make it seem like oh, everybody's after Ukraine Obviously the point of these attacks if you look at the messages is to get people upset to get people to feel afraid Feel disconcerted feel threatened Whoever's behind it and that's where the damage comes the the damage comes not from the technology or You know personal data being exfiltrated the damage comes from propaganda purposes Be my opinion that and the fact that uh, just from a pr standpoint It just doesn't look good when a government website is hacked in goes down. Yeah. Yeah. Yeah, absolutely All right, we got some we got some news about chrome rob tell us about this Absolutely. So google wants to prevent chrome from being used as a beachhead For accessing routers and other sensitive devices inside of private networks But wants to make sure that it doesn't break the internet by doing so and a spec known as private network access google's Chrome will start requiring public websites to get explicit permission from browsers before accessing internal network resources This will help prevent cross-site requests for dreary or csrf A csrf was used back in 2014 to change dns server settings or more than 300 000 Wireless routers. I actually remember that that was a it was a huge deal I don't think it happened to anybody that I knew or anywhere where I worked But that was that was a pretty big deal when routers were going not down But they were changing where you were being sent to It was used to redirect browsing to malicious dummy sites that looked legitimate like fake google.com That could steal your data up until now unless a router or printer locked off the browser somehow The default would be to allow the browser to access any resource on the network with private network access Such requests will only be allowed if the device on the other end explicitly allows it starting in chrome 98 Pre a pre flight request will be sent to the device, but a final connection will not be prevented However, a warning will be logged and the dev tools issues panel This is done to let legitimate sites test how their system will work starting around chrome 101 It will be mandatory for public sites to have explicit permission before they can access endpoints behind the browser So when I read this actually I threw this story in a rundown and I guess it's better late than never That that thing that happened back in 2014. It was huge. It was all over the news I'm sure you guys probably talked about it here It it was a big deal because it was like not so much big companies that were being taken down But it was like the mom and pop shots who had folks who were whoever knew the most about computers Kind of set up the you know their router with the high-end router They could get from Best Buy or Micro Center or fries or something like that And this is where you know, these are the devices that were being attacked So as we said, you know, you think you're going to google But you're actually going to some spoofed site that where they're getting your personal data Or you think, you know, you're schooling you think you're going to one site and you're not you're going somewhere else It was a big deal. So I was kind of shocked that it took Google this long to actually, you know, fix this in their browser because Every, you know, I would say legitimate or every respectable Endpoint devices inside of a network they basically have had to put things in place to mitigate this Some some of them don't even allow you to connect directly through a website You've got to use an app sometimes now depending on the device So, um, you know, google fixed it, but did they really fix it? Is is my question and I'm asking because it's like, you know, who is this still affecting? Yeah, I was thinking about this. Um, and and I feel like the reason this ever you might even wonder like Why was it ever like this? Uh, the reason it was like this is I remember when that router Breach happened everybody reported on it As this is why it's important to update your router firmware because the routers should have been locked off They didn't point to the browser Because the reason browsers were not seen as important is how many devices did you have on a home network? We're not talking about enterprise networks here, right? We're talking about a home network printer and a router and Your computer maybe a couple others maybe a phone, right? So it was easy to lock those off and not worry about the browser and leaving the browser able to reach endpoints Made it so that it was a lot easier for sites to do legitimate things without having to put in extra code and extra work What has changed since then? Uh, since the early days of browsers Is we have so many more devices on our network and internet of things is making it Exponentially more to the point where it'd be irresponsible for chrome to allow endpoints to be accessed that way because that means your doorbell Your alarm your blocks your TVs, you know, like it's crazy So I don't know that that answers your question of why it took so long because it's not like internet of things just showed up this year But it does it it does explain to me like why it wasn't Shut off in the first place and why it it took a some moment for people to go. Oh conditions have changed We got to change that Well back in december of 2020 the attorneys general of several us states led by texas filed an antitrust lawsuit against google That filing was updated in november 2021 but heavily redacted A new york drug a new york judge then ruled that additional details could be made public And the case was refiled friday So let's talk about this suit in the newly public portions of the suit The attorneys general alleged that facebook ceo mark zuckerberg Would be meta at this point Well, it was facebook at the time and google ceo sundar perchai Approved the jedi blue deal in november of 2018 that gave facebook an advantage in google's online advertising auctions facebook ceo o's charles sandberg allegedly Negotiated that deal. You may have heard of jedi blue. We've talked about it on the show before. It's an agreement Allegedly gave facebook an incentive to use google's advertising exchange Google allegedly guaranteed facebook would win a certain number of auctions When using the program a little bit of a handshake deal here And the two companies connected software to speed up the delivery of ad tracking data between the two systems when facebook Did use google's exchange? There were also detailed allegations about three other programs called project bernanke reserve price optimization And dynamic revenue share The suit alleges that project bernanke charged advertisers a higher bid price than it paid publishers And then used the difference to boost the bids of other advertisers to ensure that they'd win an auction that they otherwise Would not have won another version directed these funds to publishers if they gave google preferential access to ad inventory Google says that the project was made to increase competition and make ads more effective That's what it would say as for the other two newly revealed projects the reserve price optimization program set a minimum price for advertisers based on previous bids Dynamic revenue share Changed the fee that google took in order to help advertisers use google's tool to win more auctions In google's other tools google said that the program helped publishers maximize ad sales Also something it would say both companies denied that jedi blue is an illegal deal at all And google called the lawsuit full of inaccuracies Google spokesperson peter schottenfelds said that the company will move to dismiss the case next week as baseless and lacking legal merits He also denied that patchai approved the jedi blue deal at all Uh, yeah, so jedi blue. I have always felt is doesn't sound that controversial Uh, big companies often make uh big deals with each other to say like, hey, uh, you give me a little access to your thing I'll give you a little access to my thing I get why it's worth scrutiny to say, you know, these two dominate the ad market But the deal itself on the face of it doesn't sound that unusual or illegal to me So i'll buy the fact that facebook and google might be able to or google because they're the only one subject to the lawsuit Would be able to prove in court that this deal is not illegal project Bernanke the reserve price optimization the dynamic revenue share On the one hand you could look at those and say Okay, this is just like a loyalty program for customers like oh if you do this we'll we'll help you know make sure That you get a little boost from us. We'll help you out We'll give you some bonus points in the bids, which is fine unless you also run the auction house Right because now you're now you're fixing the price for the person who's using your other tool Remember google owns every part of the chain. They own the bidding. They own the placement They you know they they own the whole thing so they can say We're going to help out people who use our tool for bidding to beat out people who are using other tools for bidding In our auction house means we get to keep more of the money That starts to smell to me a little more like antitrust. Yeah, they're absolutely picking winners Um, you know in this I mean if you're using our stuff We're going to hook you up if you're using other stuff, which is completely fine You're not going to get the hook up and you may have been charged more. Um That just doesn't look good google. It just it just doesn't look good Well, and I mean the idea of you know loyalty programs, you know me as a consumer If this was something that you know either I was working with facebook or google directly on Not even in a business sense, but just a oh well if you do this then you get these fun perks We're all very used to that but two companies of the size having some you know Backroom deals Yeah, I mean it it may not end up being an antitrust issue, but it definitely seems that way Like imagine if google was an auction house, right and you walk in and they're like you can use any paddle you want But if you buy a paddle from us the auction house people We will add a hundred dollars to every one of your bids automatically You're gonna you're gonna buy the paddle. You're not gonna get the paddle from the other makers, right? But they're overcharging the other bidders to give you the hundred dollars. Yeah, they're making the money every day We're getting the hundred dollars some of the other bidders by the way, but you don't need to worry about that That's a whole separate thing Uh, yeah, uh, that's that's gonna be an interesting one I I have I've been more bullish on the federal case than the the states one until this and I'm like, okay There's a lot of things in here. I don't think are gonna pass muster in corporate Well, let's see. Let's see if google can defend that one Hey, I'm really excited this weekend is the kickoff of the scientist and tech series Dr. Nikki Ackerman's will be chatting with different scientists a different scientist every week about What they do in the world of technology where science and tech intersect you can find that in your dTNS feed this weekend I got some bipartisan news for you us legislators across the political parties are supporting a bill called wait for it terms of service labeling design and readability act that's t L d r the tldr act this bill would require websites to give a summary statement At the top of the terms of service that you could read before you opt into the entire terms of service That would include an estimate on how long it would take you to read the complete terms of service Details of any sensitive data types the site collects Guidance on what of that sensitive data is required for the service to function as well as methods for you to delete Your sensitive data later in addition to summarizing the terms in in non-legal language It would also disclose any data breaches from the past three years in that summary. So human readable machine readable also language at the top to say this is what our terms say And here's some other details that you might want to know the bill would exempt smaller websites from this It would be targeted at larger websites and be enforced by the us federal trade commission as well as the state's attorney general Who could seek civil actions for breaches of the act? i'm glad to see That this is truly a bipartisan, uh, you know deal here And it just makes sense I understand that we're all supposed to read those very very long legalese type to as I get that we're supposed to But people generally don't Um, and one of the things that government is supposed to do Is make our lives better make things better for you know constituents and this goes I think a little way to help with that It's it's how long is it going to take to read this? You know, you know, it's the cliffnotes version Of the of the super long to s that I think in many cases are written to be You know as vague and ambiguous as possible just so you don't really know what you are giving up What you are agreeing to what you are agreeing not to do I mean as somebody who has skipped many terms of services just like yeah, whatever, you know Like I it's not that I don't care. I do care, but it's just not gonna happen Not gonna read this whole thing and I just hope that there's not something hidden in there that I didn't know about Um, I I appreciate this I I I think that you know for a lot of folks. It's not that people don't care about legalities It's just that the way that it's presented is so hard to digest. You just end up going Well, the company isn't really gonna screw me over, right? But that doesn't always happen Yeah, my gut reaction is to agree with y'all that it would be nice to have some of this data up at the top Especially data breaches and all that sort of thing There's a lot of open room in this bill for Who gets to write the summary? Which is the company in question how they get to write the summary? The ftc is the judge of whether the summary meets the the criteria or not and and as we know heads of ftc change with every administration So those things make me a little unsettled the other thing that makes me less excited about this is You still have a yes or no acceptance When you get that summary and you read it if you read it You still have to say okay if you want to keep using the site like it's it's not like you can you can negotiate here So I wonder just how many people are going to even pay attention to the summary because It's not just about how long those yulas are. It's about the fact They're like well, I kind of have no choice if I want to use this thing Yeah, I mean you could just not install this program and that's fine But maybe it's a program that all your friends are using or you know family members or that sort of thing Yeah, this is not going to work if it's instagram or You know, what's that messenger? You're going to just install and start using those tools Yeah, yulalizer is a is a plugin out out there that's pretty good at Alerting you at that stuff. I'm not sure that this means that don't need yulalizer anymore All right, netflix tried to sneak in some news on the weekend before we think we wouldn't notice but we noticed didn't we rob? We absolutely did netflix announced it will raise prices on its canadian and us plans netflix standard plan with two streams goes up $1.50 to 1549 the 4k plan goes up $2 to 20 a month And the basic plan which it doesn't have hd goes up $1 to $10 a month The new prices are in effect now for subscribers Existing subscribers will get an email 30 days before the other price increase affects them and this will roll out gradually This last domestic price increase for netflix was in october of 2020. So it's been Little over a year was it was the 2020 increased the 1499 because that's what I always think of netflix That was 1499 right all right. So yeah, so it hasn't even really been that long and that seemed I don't know. I mean this is this is the sort of thing where it's like they're not huge increases But for anybody who's who's you know making sure that they're taking taking Taking stock of all of the cord cutting Options that they have and many of us have five six different options This is you know, it's it's not great If you like netflix originals and of course their back library then Maybe this doesn't matter too much to you, but um, it might be harder for them to onboard new folks Well, they've hit saturation in the domestic market They don't have as much room to grow so they don't need to fuel new subscribers as much as monetize them Yeah, so my advice to folks is don't get mad unsubscribe Unless it's worth it or stay subscribe stay subscribed. Yeah My gut tells me people are going to complain But they're probably not going to go out and cancel Their netflix subscriptions in mass clearly not beyond the point that while we're charging folks on average $1.75 more We're going to make more money by doing that than the number of people who actually drop off Yeah, I think the cable companies though. They're kind of saying yeah, uh, okay Well, netflix you did it hulu. Can you go ahead and raise yours up and how about, you know, amazon? Can you raise you know raise prime up? You know, can you can everybody raise your price up because the cable companies are trying to slide back in And say hey, we could just give you a cable again for one price and you get all that stuff You get on those other platforms. So yeah You know from people saying you know the cable subscriptions sometimes don't look so bad But it all depends on what you want to watch. I also think That netflix, you know, this is just this is just my take The time of year it's cold people are indoors Uh, the pandemic, you know Unsafe out there people are indoors This is a good time to do something like this because you're going to have less complainers. Yeah, that's true I think the cable companies want you to pay them for the netflix subscription all in one bill is what they're hoping So maybe they can just get you back for all of it Well researchers at northwestern university developed something called facebit An open source project described as fitbit for the face Facebit is a sensor that's designed to attach to an n95 face mask Able to monitor respiratory and heart rate and also check if a mask is fitted correctly Maybe you're not wearing it quite right in your face and you could do better The mask is designed for medical workers Could be designed for anybody but certainly for frontline type type folks works up to 11 days on a charge It will need further clinical trials before proceeding So this is not something that you can just go up and buy right this second But it also has been open sourced So if you're interested could be kind of something to build upon you can DIY it I mean these are scientists Definitely not marketers because it's just a chip that sits in front of your face It's not it doesn't have a nice design look Also, they called it facebit Which is you know, probably not the best way to market it out there because it sounds like my face Just got bit But if you get past that Well something between facebook and fitbit Yeah, it's great. It's great technology. It's good stuff. I like I was actually kind of As a fitbit user and a loyalist, you know with their software, you know Kind of track all sorts of stuff for myself. I was like wow fitbit for the face. That's not really what this This is something that you know a mask wearer can get some more information about health and safety And that's pretty much it but it's still cool Yeah, and very good for health care workers because fit is important You want to know if it got knocked out of place and you didn't realize it and and you know ongoing monitoring of like Hey, you're maybe starting to show some some signs of of something you might want to go get that pcr test Right now, which is good, you know, I'm wearing a mask while I'm working out in the gym now This would actually be kind of cool for that to kind of just give me some different numbers than Then I'm getting off of the other trackers that I've got connected to my body So yeah for this if they can get a small enough and inexpensive enough to make it make sense All right, let's check out the mail bag Let's do it. This one comes in from Jeremy who said you talked about the average price in cars being higher than before For new and used cars based on kelly blue book numbers I've heard that a lot, but no one seems to say why that's happening If there is a limited number of chips it makes sense to build vehicles with the best Read highest price options So even the normal vehicles aren't the ones that dealers would have advertised at low prices to get people on the door But the ones that got sold when a customer figured out what the inexpensive vehicle had four features So I responded to Jeremy about this because uh Supply and demand could be enough to explain it Right, there's there's a low supply and there's people who really need a car and that's going to drive a price up But it's a fair point. It's a fair point that If I have a low supply and I'm a auto manufacturer or a car dealer I might want to make that supply be the most expensive supply it has so that I can I can get a few extra dollars out of it Wouldn't put that past automobile companies. They're used to making ginormous amounts of money so anything they can do to make a little bit more You know, I wouldn't I wouldn't put them past especially with sales down Like if sales were at the normal price, uh, companies car dealerships would be losing money But they're not because they're able to sell it for higher And then matt writes in I've listened to dts for a few years now And I'm always hunting for those nuggets that put concepts into focus for the average user But I don't usually expect to find real life lessons on a tech podcast That is until yesterday Dts episode 4190 on the topic of monetization of wordle You tom merit said you don't have to be rich to not be desperate Not sure if that's your original But it is absolutely true and an indispensable life principle that will be passed along to my kids and fingers crossed to many other people in their lives Like it or not the attribution will always go to tom merit Well, I'm not sure I felt like I was making sense when I said it, but I'm glad you found wisdom in it matt. Thank you Oh, yeah, a good reminder to all of us, uh, who identify as not rich You know, you don't you you could still not be desperate. Yeah. Yeah, okay You know, you just you have your convictions, you know, stick with them That's that's what makes you you reading it back makes me feel like yogi bear up, but I don't know maybe it's worth Well, we well we uh, we we love the responses from everybody who emails us all the time feedback at daily tech news show Dot com is where to keep those emails coming Thank you so much to everybody who does give us feedback every day and ideas for future shows All those good things We also have a brand new boss to thank and that boss's name is chris hutz chris just started backing us on patreon Thank you chris Uh, we loved we'd love to get a new boss and we've we've had a nice long run of streak of them So thank you chris for keeping the streak alive. You rock You do rock. Uh, you know who else rocks rob dunwood rob dunwood you rock our socks, I don't know, uh, but uh It's always nice to have you on the show It's fun to have you on a friday in particular because we're all looking forward to the weekend But we have a lot of news to take care of and you do a lot of other stuff as well Yeah, so always thanks for having me and for anybody who wants to follow me I am at rod dunwood on all the things and I got a couple other podcasts head over to smr podcast.com or the tech john Dot com and you can listen to me babel on about tech Um, you know for a couple more hours each week Yeah, good good run down to the ces stuff on the tech john this week among other things. I appreciate that Well, we are live on this show monday through friday at 4 30 p.m. Eastern. That is 21 30 tc You can find out more at daily tech news show dot com slash live put it on your calendar if you can join us live We'd love to have you speaking of money through friday We are off this monday for mlk a day here in the us But we'll be back on tuesday to talk about the technical and economic hurdles of implementing the meta groups with jonathan strickland Have a great weekend everybody This week's episodes of daily tech news show were created by the following people host producer and writer tom merritt host producer and writer sarah lane Executive producer and booker roger chang producer writer and host rich straffolino video producer and twitch producer joe coontz Associate producer anthony lemos spanish language host writer and producer dan compos news host writer and producer jen cutter Science correspondent dr. nicky ackermans social media producer and moderator zoe deadarding our mods beatmaster w scottis One bio cow cat and kipper jack shitt steve guaderama paul reese matthew j stevens and jd galloway mod and video hosting by dan christensen Video feed by shawn way music and art provided by martin bell dan looters mustapha a a cast and len peralta Live art performed by len peralta a cast add support from trace gainer patreon support from dylan harari Contributors for this week's show included scott johnson justin robber young and rob dunwood Guests on this week's show included blare basterich and tim stevens and thanks to all our patrons who make the show possible This show is part of the frog pants network Get more at frog pants dot com Club hopes you have enjoyed this program