An anonymous reader quotes Forbes: A massive majority of consumers believe that using their data to personalize ads is unethical. And a further 76% believe that personalization to create tailored newsfeeds -- precisely what Facebook, Twitter, and other social applications do every day -- is unethical.

At least, that's what they say on surveys.

RSA surveyed 6,000 adults in Europe and America to evaluate how our attitudes are changing towards data, privacy, and personalization. The results don't look good for surveillance capitalism, or for the free services we rely on every day for social networking, news, and information-finding. "Less than half (48 percent) of consumers believe there are ethical ways companies can use their data," RSA, a fraud prevention and security company, said when releasing the survey results. Oh, and when a compan y gets hacked? Consumers blame the company, not the hacker, the report says.

The United States sees the European Union as its top priority in a global effort to convince allies not to buy Huawei equipment for next-generation mobile networks, a U.S. State Department Official said on Tuesday. From a report: After meetings with the European Commission and the Belgian government in Brussels, U.S. officials are set to take a message to other European capitals that the world's biggest telecommunications gear maker poses a security risk, said the official, who declined to be named. "We are saying you need to be very, very cautious and we are urging folks not to rush ahead and sign contracts with untrusted suppliers from countries like China," the official said. The United States fears China could use the equipment for espionage -- a concern that Huawei Technologies says is unfounded. The push to sideline Huawei in Europe, one of its biggest markets, is likely to deepen trade frictions between Washington and Beijing.

Some Windows 7 admins are feeling the pain of Microsoft's latest updates in this week's Patch Tuesday releases. From a report: Users who've installed this Tuesday's KB4480970 cumulative January update have been complaining of network connectivity issues on those devices based on a network that uses the SMBv2 file sharing protocol. Microsoft released its update to fix several identified vulnerabilities, including a remote execution flaw in PowerShell and to add robustness against side-channel attacks like those targeting the Meltdown and Spectre flaws. But a number of users immediately complained of networking issues, with Microsoft confirming there are now three known problems with the January patch. The other issues comprise an authentication error, and a file-sharing issue affecting some user accounts. ZDNet adds: Regarding the 'Not Genuine' Windows 7 error, Microsoft confirms that "some users are reporting the KMS Activation error, 'Not Genuine', 0xc004f200 on Windows 7 devices". "We are aware of this incident and are presently investigating it. We will provide an update when available," writes Microsoft on both KB4480960 and KB4480970.

In late 1966, a 29-year-old computer scientist drew a series of abstract figures on tracing paper and a quadrille pad. Some resembled a game of cat's cradle; others looked like heavenly constellations; still others like dress patterns. Those curious drawings were the earliest topological maps of what we now know as the internet. The doodler, Lawrence G. Roberts, died on Dec. 26 at his home in Redwood City, Calif. He was 81. The New York Times: The cause was a heart attack, said his son Pasha. As a manager at the Pentagon's Advanced Research Projects Agency, or ARPA, Dr. Roberts designed much of the Arpanet -- the internet's precursor -- and oversaw its implementation in 1969. Dr. Roberts called upon a circle of colleagues who shared his interest in computer networking for help in creating the technical underpinnings of the Arpanet, integrating and refining many ideas for how data should flow. Dr. Roberts was considered the decisive force behind packet switching, the technology that breaks data into discrete bundles that are then sent along various paths around a network and reassembled at their destination. He decided to use packet switching as the underlying technology of the Arpanet; it remains central to the function of the internet.

And it was Dr. Roberts's decision to build a network that distributed control of the network across multiple computers. Distributed networking remains another foundation of today's internet. Dr. Roberts's interest in computer networking began when he was a graduate student at the Massachusetts Institute of Technology in the early 1960s. He paid close attention to the work of his longtime colleague, Leonard Kleinrock, who had done research on theoretical aspects of computer networks, analyzing the problem of data flow. Dr. Roberts also followed the ideas of J.C.R. Licklider, a prominent psychologist and predecessor of Dr. Roberts's at ARPA, who envisioned what he called an "intergalactic computer network."

NVIDIA has launched the "GeForce NOW Recommended Routers" program to help gamers choose the best router for them. From a report: "The GeForce NOW game-streaming service has transformed where and how you can enjoy your favorite high-performance games. We've rolled out enhancements during its beta period to improve the quality of service from our data centers to your home. With our recommended routers, in-home network congestion becomes a thing of the past, helping to keep your gameplay silky smooth," says NVIDIA. The gaming company also says, "The latest generation of routers allows you to configure settings to prioritize GeForce NOW before all other data. But we wanted to make it even easier. Recommended routers are certified as factory-enabled with a GeForce NOW quality of service (QoS) profile. It's automatically enabled when you're gaming with GeForce NOW."

hackingbear writes: Germany's IT watchdog has expressed skepticism about calls for a boycott of Chinese telecoms giant Huawei, saying it has seen no evidence the firm could use its equipment to spy for Beijing, news weekly Spiegel reported. "For such serious decisions like a ban, you need proof," the head of Germany's Federal Office for Information Security (BSI), Arne Schoenbohm, told Spiegel, adding that his agency had no such evidence. The U.S. has been pressuring German authorities for months to drop Huawei, according to people familiar with the matter, but the Germans have asked for more specific evidence to demonstrate the security threat. German authorities and telecom executives have yet to turn up any evidence of security problems with Chinese equipment vendors, according to a person familiar with the matter.

Separately, at a (secret lobster-themed) meeting in Canada in July 2018, espionage chiefs from Australia, Canada, New Zealand, the U.K. and the U.S. -- all signatories to a treaty on signals intelligence, and often referred to as the "Five Eyes" -- agreed to do their best to contain the global growth of Chinese telecom (vendor) Huawei, the Australian Financial Review reported (paywalled). On the other hand, documents leaked by WikiLeaks and Snowden claimed that the NSA, the leader of the Five Eyes, tapped German Chancellery for decades and bugged routers made by Cisco, the leading American networking equipment vendor.

An anonymous reader quotes a report from The Verge: Apple is apparently working on its own, in-house developed modem to allow it to better compete with Qualcomm, according to several new Apple job listings that task engineers to design and develop a layer 1 cellular PHY chip -- implying that the company is working on actual, physical networking hardware. Two of the job posts are explicitly to hire a pair of cellular modem systems architects, one in Santa Clara and one in San Diego, home of Qualcomm. That's alongside several other job postings Apple has listed in San Diego for RF design engineers. The Information, which spotted the first job posting, cites sources that go a step further, claiming that Apple is not only potentially working to develop its own modem, but is in fact specifically targeting it for use in future iPhones, with the company looking to leave longtime partner Intel behind in favor of its own, in-house solution.

According to The Information's report, the new modem would still be years away, with even Apple's purported 5G iPhone slated for 2020 using Intel's in-development 5G modem instead. It makes sense logically, too -- if Apple is only just starting to hire now, it'll take at least a few years before it'll actually be ready to ship hardware. But the move would have big ramifications for the mobile space, particularly for Qualcomm and Intel, two of the biggest modem suppliers in the world.

Intel on Wednesday surprised a number of people when it shared not one roadmap on CPUs, but two. AnandTech: For the high performance Core architecture, Intel lists three new codenames over the next three years. To be very clear here, these are the codenames for the individual core microarchitecture, not the chip, which is an important departure from how Intel has previously done things. Sunny Cove, built on 10nm, will come to market in 2019 and offer increased single-threaded performance, new instructions, and 'improved scalability'.

Willow Cove looks like it will be a 2020 core design, most likely also on 10nm. Intel lists the highlights here as a cache redesign (which might mean L1/L2 adjustments), new transistor optimizations (manufacturing based), and additional security features, likely referring to further enhancements from new classes of side-channel attacks. Golden Cove rounds out the trio, and is firmly in that 2021 segment in the graph. Process node here is a question mark, but we're likely to see it on 10nm and or 7nm. Golden Cove is where Intel adds another slice of the serious pie onto its plate, with an increase in single threaded performance, a focus on AI performance, and potential networking and AI additions to the core design. Security features also look like they get a boost.

The lower-powered Atom microarchitecture roadmap is on a slower cadence than the Core microarchitecture, which is not surprising given its history. The upcoming microarchitecture for 2019 is called Tremont, which focuses on single threaded performance increases, battery life increases, and network server performance. Based on some of the designs later in this article, we think that this will be a 10nm design. Following Tremont will be Gracemont, which Intel lists as a 2021 product. Beyond this will be a future 'mont' core (and not month as listed in the image).

Trailrunner7 writes: Like real estate, we're not making any more IPv4 addresses. But instead of trying to colonize Mars or build cities under the sea, the Internet's architects developed a separate address scheme with an unfathomably large pool of addresses. IPv6 has an address space of 2^128, compared to IPv4's 2^32, and as the exhaustion of the IPv4 address space began to approach, registries started allocating IPv6 addresses and there now are billions of those addresses active at any given time. But no one really knows how many or where they are or what's behind them or how they're organized.

A pair of researchers decided to tackle the problem and developed a suite of tools that can find active IPv6 addresses both in the global address space and in smaller, targeted networks. Known as ipv666, the open source tool set can scan for live IPv6 hosts using a statistical model that the researchers built. The researchers, Chris Grayson and Marc Newlin, faced a number of challenges as they went about developing the ipv666 tools, including getting a large IPv6 address list, which they accumulated from several publicly available data sets. They then began the painful process of building the statistical model to predict other IPv6 addresses based on their existing list.

That may seem weird, but IPv6 addresses are nothing at all like their older cousins and come in a bizarre format that doesn't lend itself to simple analysis or prediction. Grayson and Newlin wanted to find as many live addresses as possible and ultimately try to figure out what the security differences are between devices on IPv4 and those on IPv6.

Household bandwidth consumption is soaring thanks to video streaming, new data suggests, and American consumers are about to run face-first into broadband usage limits and overage fees that critics say are unnecessary and anti-competitive. Motherboard reports: Cisco's 2018 Visual Networking Index (VNI) -- an annual study that tracks overall internet bandwidth consumption to identify future trends -- predicts that global IP traffic is expected to reach 396 exabytes per month by 2022. Cisco's report claims that's more traffic than has crossed global networks throughout the entire history of the internet thus far. The majority of this data growth is video; Cisco found that 75 percent of global internet traffic was video last year, up from 63 percent just two years earlier. Cisco says this number could climb to 82 percent in 2022, with 22 percent of overall video consumption coming from bandwidth-intensive 4K streaming. The problem: As monthly household bandwidth consumption soars courtesy of 4K Netflix streaming and other new services, many broadband users are likely to run into usage caps and overage fees that jack up their monthly rates. The report mentions Comcast imposes a terabyte usage cap on all of its service areas except the Northeast, but users can pay an additional $50 per month to avoid such limits.

German government would like to regulate what kind of routers are sold and installed across the country. From a report: The German government published at the start of the month an initial draft for rules on securing Small Office and Home Office (SOHO) routers. Published by the German Federal Office for Information Security (BSI), the rules have been put together with input from router vendors, German telecoms, and the German hardware community. Once approved, router manufacturers don't have to abide by these requirements, but if they do, they can use a special sticker on their products showing their compliance. The 22-page document, available in English here, lists tens of recommendations and rules for various router functions and features.

An anonymous reader writes: Alphabet's cybersecurity division Jigsaw has designed a new open source private VPN aimed at journalists and the people sending them data. "Their work makes them more vulnerable to attack," said Santiago Andrigo, Jigsaw's product manager. "It can get really scary when they're outed and you're passing over information."

Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space."

The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server.

It's been named Outline because in places where internet use may be restricted — it gives you a line out.

Valve is quietly discontinuing Steam Link, the in-home streaming box it first launched in late 2015. From a report: A low-key announcement on Valve's Steam Link news page suggests that production of new units has ceased and that Valve is currently selling off the rest of its "almost sold out" inventory in the US, after selling out completely in Europe. Valve says it will continue to offer support for existing Steam Link hardware.

The $50 Steam Link was designed for streaming games from a local gaming PC to an HDTV in the same house, a job it did pretty well provided your networking hardware was up to it. In recent months, though, Valve has shifted its focus away from dedicated streaming hardware and toward mobile apps that can provide the same feature.

schwit1 shares a report: Every F-35 squadron, no matter the country, has a 13-server ALIS package that is connected to the worldwide ALIS network. Individual jets send logistical data back to their nation's Central Point of Entry, which then passes it on to Lockheed's central server hub in Fort Worth, Texas. In fact, ALIS sends back so much data that some countries are worried it could give away too much information about their F-35 operations. Another networking system is the Joint Reprogramming Enterprise, or JRE. The JRE maintains a shared library of potential adversary sensors and weapon systems that is distributed to the worldwide F-35 fleet. For example, the JRE will seek out and share information on enemy radar and electronic warfare signals so that individual air forces will not have to track down the information themselves. This allows countries with the F-35 to tailor the mission around anticipated threats -- and fly one step ahead of them.

Although the networks have serious cybersecurity protections, they will undoubtedly be targets for hackers in times of peace, and war. Hackers might try to bring down the networks entirely, snarling the worldwide logistics system and even endangering the ability of individual aircraft to get much-needed spare parts. Alternately, it might be possible to compromise the integrity of the ALIS data -- by, say, reporting a worldwide shortage of F-35 engines. Hackers could conceivably introduce bad data in the JRE that could compromise the safety of a mission, shortening the range of a weapon system so that a pilot thinks she is safely outside the engagement zone when she is most certainly not. Even the F-35 simulators that train pilots could conceivably leak data to an adversary. Flight simulators are programmed to mirror flying a real aircraft as much as possible, so data retrieved from a simulator will closely follow the data from a real F-35.

An anonymous reader quotes Fortune: Facebook is the least trustworthy of all major tech companies when it comes to safeguarding user data, according to a new national poll conducted for Fortune, highlighting the major challenges the company faces following a series of recent privacy blunders. Only 22% of Americans said that they trust Facebook with their personal information, far less than Amazon (49%), Google (41%), Microsoft (40%), and Apple (39%)....

In question after question, respondents ranked the company last in terms of leadership, ethics, trust, and image... Public mistrust extended to Zuckerberg, Facebook's public face during its privacy crisis and who once said that Facebook has "a responsibility to protect your information, If we can't, we don't deserve it." The company subsequently fell victim to a hack but continued operating as usual, including debuting a video-conferencing device intended to be used in people's living rooms or kitchens and that further extends Facebook's reach into more areas outside of personal computers and smartphones. Only 59% of respondents said they were "at least somewhat confident" in Zuckerberg's leadership in the ethical use of data and privacy information, ranking him last among four other tech CEOS...

As for Facebook, the social networking giant may have a difficult time regaining public trust because of its repeated problems. Consumers are more likely to forgive a company if they believe a problem was an aberration rather than a systemic failure by its leadership, Harris Poll CEO John Gerzema said.
The article concludes that "For now, the public isn't in a forgiving mood when it comes to Facebook and Zuckerberg."

An anonymous reader quotes a report from ZDNet: Cisco, the world's leading provider of top networking equipment and enterprise software, has released today 15 security updates, including a fix for an issue that can be described as a backdoor account. This latest patch marks the seventh time this year when Cisco has removed a backdoor account from one of its products. Five of the seven backdoor accounts were discovered by Cisco's internal testers, with only CVE-2018-0329 and this month's CVE-2018-15439 being found by external security researchers. The company has been intentionally and regularly combing the source code of all of its software since December 2015, when it started a massive internal audit. Cisco started that process after security researchers found what looked to be an intentional backdoor in the source code of ScreenOS, the operating system of Juniper, one of Cisco's rivals.

Juniper suffered a massive reputational damage following the 2015 revelation, and this may secretly be the reason why Cisco has avoided using the term "backdoor account" all year for the seven "backdoor account" issues. Instead, Cisco opted for more complex wordings such as "undocumented, static user credentials for the default administrative account," or "the affected software enables a privileged user account without notifying administrators of the system." It is true that using such phrasings might make Cisco look disingenuous, but let's not forget that Cisco has been ferreting these backdoor accounts mainly on its own, and has been trying to fix them without scaring customers or impacting its own stock price along the way.

An anonymous reader quotes a report from Motherboard: Friday, the Librarian of Congress and U.S. Copyright Office renewed several key exemptions (and added a few new ones) to the Digital Millennium Copyright Act. This go round, they've extended some essential exemptions ensuring that computer security researchers won't be treated like nefarious criminals for their contributions to society. As part of an effort to keep the DMCA timely, Congress included a so-called "safety valve" dubbed the Section 1201 triennial review process that, every three years, mandates that activists and concerned citizens beg the Copyright Office and the Librarian of Congress to craft explicit exemptions from the law to ensure routine behavior won't be criminalized.

The exemptions still have some caveats. Specifically, the Copyright Office ruling only applies to "use exemptions," not "tools exemptions" -- meaning security researchers still can't release things like pen-testing tools that bypass DRM, or even publish technical papers exploring how to bypass bootloaders or other Trusted Platform Modules to test the security of the systems behind them. But other modest changes to the rules were incredibly helpful, notes Blake Reid, Associate Clinical Professor at Colorado Law. Specifically, the new exemption removes a "device limitation" from previous exemptions that potentially limited researchers to investigating software only on "consumer" devices; hindering their ability to investigate security vulnerabilities in things like the cryptographic hardware used in banking applications, networking equipment, and industrial control systems. The new exemption also modified the "controlled environment limitation" from the previous exemption, which was often read to imply that researchers had to conduct their work in a formal laboratory, potentially hindering research into things like integrated building systems like internet-connected HVAC systems.

Earlier this week, The New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cellphone and using the information gleaned to better influence his behavior. This should surprise no one, writes Bruce Schneier. From a story: Security experts have been talking about the potential security vulnerabilities in Trump's cellphone use since he became president. And President Barack Obama bristled at -- but acquiesced to -- the security rules prohibiting him from using a "regular" cellphone throughout his presidency. Three broader questions obviously emerge from the story. Who else is listening in on Trump's cellphone calls? What about the cellphones of other world leaders and senior government officials? And -- most personal of all -- what about my cellphone calls?

There are two basic places to eavesdrop on pretty much any communications system: at the end points and during transmission. This means that a cellphone attacker can either compromise one of the two phones or eavesdrop on the cellular network. Both approaches have their benefits and drawbacks. The NSA seems to prefer bulk eavesdropping on the planet's major communications links and then picking out individuals of interest. In 2016, WikiLeaks published a series of classified documents listing "target selectors": phone numbers the NSA searches for and records. These included senior government officials of Germany -- among them Chancellor Angela Merkel -- France, Japan, and other countries.

Other countries don't have the same worldwide reach that the NSA has, and must use other methods to intercept cellphone calls. We don't know details of which countries do what, but we know a lot about the vulnerabilities. Insecurities in the phone network itself are so easily exploited that 60 Minutes eavesdropped on a U.S. congressman's phone live on camera in 2016. Back in 2005, unknown attackers targeted the cellphones of many Greek politicians by hacking the country's phone network and turning on an already-installed eavesdropping capability. The NSA even implanted eavesdropping capabilities in networking equipment destined for the Syrian Telephone Company. Alternatively, an attacker could intercept the radio signals between a cellphone and a tower. Encryption ranges from very weak to possibly strong, depending on which flavor the system uses. Don't think the attacker has to put his eavesdropping antenna on the White House lawn; the Russian Embassy is close enough.

Richard Stallman recently gave a 9,000-word interview in which he first reminisces about his early days at MIT's AI Lab where he "found something worth being loyal to" -- and then assesses how things have played out. Open source is an amoral, depoliticized substitute for the free-software movement... [I]t's not the name of a philosophy -- it refers to the software, but not to the users. You'll find lots of cautious, timid organizations that do things that are useful, but they don't dare say: users deserve freedom. Like Creative Commons, which does useful, practical work -- namely, preparing licences that respect the freedom to share. But Creative Commons doesn't say that users are entitled to the freedom to share; it doesn't say that it's wrong to deny people the freedom to share. It doesn't actively uphold that principle.

Of course, it's much easier to be a supporter of open source, because it doesn't commit you to anything. You could spend ten minutes a week doing things that help advance open source, or just say you're a supporter -- and you're not a hypocrite, because you can't violate your principles if you haven't stated any. What's significant is that, in their attempt to separate our software from our ideas, they've reduced our ability to win people over by showing what those ideas have achieved...

For a long time, Microsoft was the main enemy of users' freedom, and then, for the past ten years or so, it's been Apple. When the first iThings came out, around 2007, it was a tremendous advance in contempt for users' freedom because it imposed censorship of applications -- you could only install programs approved by Apple. Ironically, Apple has retreated from that a little bit. If a program is written in Swift, you can now install it yourself from source code. So, Apple computers are no longer 100 per cent jails. The tablets too. A jail is a computer in which installation of applications is censored. So Apple introduced the first jail computer with the iPhone. Then Microsoft started making computers that are jails, and now Apple has, you might say, opened a window into the jail -- but not the main door.
Stallman cites free-software alternatives to Skype like Linphone, Ekiga, and xJitsi, and also says he's In favor of projects like GNU social, a free software microblogging server, and the distributed social networking service Diaspora. "I know they're useful for other people, but it wouldn't fit my lifestyle. I just use email." In fact, he calls mobile computing one of the three main setbacks of the free-software movement. "[P]hones and tablets, designed from the ground up to be non-free. The apps, which tend now to be non-free malware. And the Intel management engine, and more generally the low-level software, which we can't replace, because things just won't allow us to do so....

"[P]eople in the software field can't avoid the issue of free versus proprietary software, freedom-respecting versus freedom-trampling software. We have a responsibility, if we're doing things in the software field, to do it in a way that is ethical. I don't know whether we will ever succeed in liberating everyone, but it's clearly the right direction in which to push."

Scientists in Chicago are trying to create the embryo of the first quantum internet. If they succeed, the researchers will produce one, 30-mile piece of a far more secure communications system with the power of fast quantum computing. From a report: The key was the realization of an unused, 30-mile-long fiber optic link connecting three Chicago-area research institutions -- Argonne National Lab, Fermi Lab and the University of Chicago. This led to the idea to combine efforts and use the link for what they call the Chicago Quantum Exchange. David Awschalom, an Argonne scientist and University of Chicago professor who is the project's principal investigator, tells Axios that the concept is difficult to grasp, even for experts. MIT Technology Review elaborates: The QKD approach used by Quantum Xchange works by sending an encoded message in classical bits while the keys to decode it are sent in the form of quantum bits, or qubits. These are typically photons, which travel easily along fiber-optic cables. The beauty of this approach is that any attempt to snoop on a qubit immediately destroys its delicate quantum state, wiping out the information it carries and leaving a telltale sign of an intrusion. The initial leg of the network, linking New York City to New Jersey, will allow banks and other businesses to ship information between offices in Manhattan and data centers and other locations outside the city.

However, sending quantum keys over long distances requires "trusted nodes," which are similar to repeaters that boost signals in a standard data cable. Quantum Xchange says it will have 13 of these along its full network. At nodes, keys are decrypted into classical bits and then returned to a quantum state for onward transmission. In theory, a hacker could steal them while they are briefly vulnerable.