#legal files software review | Explore Tumblr posts and blogs

mostlysignssomeportents · 4 months ago

Text

Unpersoned

Support me this summer on the Clarion Write-A-Thon and help raise money for the Clarion Science Fiction and Fantasy Writers' Workshop!

My latest Locus Magazine column is "Unpersoned." It's about the implications of putting critical infrastructure into the private, unaccountable hands of tech giants:

https://locusmag.com/2024/07/cory-doctorow-unpersoned/

The column opens with the story of romance writer K Renee, as reported by Madeline Ashby for Wired:

https://www.wired.com/story/what-happens-when-a-romance-author-gets-locked-out-of-google-docs/

Renee is a prolific writer who used Google Docs to compose her books, and share them among early readers for feedback and revisions. Last March, Renee's Google account was locked, and she was no longer able to access ten manuscripts for her unfinished books, totaling over 220,000 words. Google's famously opaque customer service – a mix of indifferently monitored forums, AI chatbots, and buck-passing subcontractors – would not explain to her what rule she had violated, merely that her work had been deemed "inappropriate."

Renee discovered that she wasn't being singled out. Many of her peers had also seen their accounts frozen and their documents locked, and none of them were able to get an explanation out of Google. Renee and her similarly situated victims of Google lockouts were reduced to developing folk-theories of what they had done to be expelled from Google's walled garden; Renee came to believe that she had tripped an anti-spam system by inviting her community of early readers to access the books she was working on.

There's a normal way that these stories resolve themselves: a reporter like Ashby, writing for a widely read publication like Wired, contacts the company and triggers a review by one of the vanishingly small number of people with the authority to undo the determinations of the Kafka-as-a-service systems that underpin the big platforms. The system's victim gets their data back and the company mouths a few empty phrases about how they take something-or-other "very seriously" and so forth.

But in this case, Google broke the script. When Ashby contacted Google about Renee's situation, Google spokesperson Jenny Thomson insisted that the policies for Google accounts were "clear": "we may review and take action on any content that violates our policies." If Renee believed that she'd been wrongly flagged, she could "request an appeal."

But Renee didn't even know what policy she was meant to have broken, and the "appeals" went nowhere.

This is an underappreciated aspect of "software as a service" and "the cloud." As companies from Microsoft to Adobe to Google withdraw the option to use software that runs on your own computer to create files that live on that computer, control over our own lives is quietly slipping away. Sure, it's great to have all your legal documents scanned, encrypted and hosted on GDrive, where they can't be burned up in a house-fire. But if a Google subcontractor decides you've broken some unwritten rule, you can lose access to those docs forever, without appeal or recourse.

That's what happened to "Mark," a San Francisco tech workers whose toddler developed a UTI during the early covid lockdowns. The pediatrician's office told Mark to take a picture of his son's infected penis and transmit it to the practice using a secure medical app. However, Mark's phone was also set up to synch all his pictures to Google Photos (this is a default setting), and when the picture of Mark's son's penis hit Google's cloud, it was automatically scanned and flagged as Child Sex Abuse Material (CSAM, better known as "child porn"):

https://pluralistic.net/2022/08/22/allopathic-risk/#snitches-get-stitches

Without contacting Mark, Google sent a copy of all of his data – searches, emails, photos, cloud files, location history and more – to the SFPD, and then terminated his account. Mark lost his phone number (he was a Google Fi customer), his email archives, all the household and professional files he kept on GDrive, his stored passwords, his two-factor authentication via Google Authenticator, and every photo he'd ever taken of his young son.

The SFPD concluded that Mark hadn't done anything wrong, but it was too late. Google had permanently deleted all of Mark's data. The SFPD had to mail a physical letter to Mark telling him he wasn't in trouble, because he had no email and no phone.

Mark's not the only person this happened to. Writing about Mark for the New York Times, Kashmir Hill described other parents, like a Houston father identified as "Cassio," who also lost their accounts and found themselves blocked from fundamental participation in modern life:

https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html

Note that in none of these cases did the problem arise from the fact that Google services are advertising-supported, and because these people weren't paying for the product, they were the product. Buying a $800 Pixel phone or paying more than $100/year for a Google Drive account means that you're definitely paying for the product, and you're still the product.

What do we do about this? One answer would be to force the platforms to provide service to users who, in their judgment, might be engaged in fraud, or trafficking in CSAM, or arranging terrorist attacks. This is not my preferred solution, for reasons that I hope are obvious!

We can try to improve the decision-making processes at these giant platforms so that they catch fewer dolphins in their tuna-nets. The "first wave" of content moderation appeals focused on the establishment of oversight and review boards that wronged users could appeal their cases to. The idea was to establish these "paradigm cases" that would clarify the tricky aspects of content moderation decisions, like whether uploading a Nazi atrocity video in order to criticize it violated a rule against showing gore, Nazi paraphernalia, etc.

This hasn't worked very well. A proposal for "second wave" moderation oversight based on arms-length semi-employees at the platforms who gather and report statistics on moderation calls and complaints hasn't gelled either:

https://pluralistic.net/2022/03/12/move-slow-and-fix-things/#second-wave

Both the EU and California have privacy rules that allow users to demand their data back from platforms, but neither has proven very useful (yet) in situations where users have their accounts terminated because they are accused of committing gross violations of platform policy. You can see why this would be: if someone is accused of trafficking in child porn or running a pig-butchering scam, it would be perverse to shut down their account but give them all the data they need to go one committing these crimes elsewhere.

But even where you can invoke the EU's GDPR or California's CCPA to get your data, the platforms deliver that data in the most useless, complex blobs imaginable. For example, I recently used the CCPA to force Mailchimp to give me all the data they held on me. Mailchimp – a division of the monopolist and serial fraudster Intuit – is a favored platform for spammers, and I have been added to thousands of Mailchimp lists that bombard me with unsolicited press pitches and come-ons for scam products.

Mailchimp has spent a decade ignoring calls to allow users to see what mailing lists they've been added to, as a prelude to mass unsubscribing from those lists (for Mailchimp, the fact that spammers can pay it to send spam that users can't easily opt out of is a feature, not a bug). I thought that the CCPA might finally let me see the lists I'm on, but instead, Mailchimp sent me more than 5900 files, scattered through which were the internal serial numbers of the lists my name had been added to – but without the names of those lists any contact information for their owners. I can see that I'm on more than 1,000 mailing lists, but I can't do anything about it.

Mailchimp shows how a rule requiring platforms to furnish data-dumps can be easily subverted, and its conduct goes a long way to explaining why a decade of EU policy requiring these dumps has failed to make a dent in the market power of the Big Tech platforms.

The EU has a new solution to this problem. With its 2024 Digital Markets Act, the EU is requiring platforms to furnish APIs – programmatic ways for rivals to connect to their services. With the DMA, we might finally get something parallel to the cellular industry's "number portability" for other kinds of platforms.

If you've ever changed cellular platforms, you know how smooth this can be. When you get sick of your carrier, you set up an account with a new one and get a one-time code. Then you call your old carrier, endure their pathetic begging not to switch, give them that number and within a short time (sometimes only minutes), your phone is now on the new carrier's network, with your old phone-number intact.

This is a much better answer than forcing platforms to provide service to users whom they judge to be criminals or otherwise undesirable, but the platforms hate it. They say they hate it because it makes them complicit in crimes ("if we have to let an accused fraudster transfer their address book to a rival service, we abet the fraud"), but it's obvious that their objection is really about being forced to reduce the pain of switching to a rival.

There's a superficial reasonableness to the platforms' position, but only until you think about Mark, or K Renee, or the other people who've been "unpersonned" by the platforms with no explanation or appeal.

The platforms have rigged things so that you must have an account with them in order to function, but they also want to have the unilateral right to kick people off their systems. The combination of these demands represents more power than any company should have, and Big Tech has repeatedly demonstrated its unfitness to wield this kind of power.

This week, I lost an argument with my accountants about this. They provide me with my tax forms as links to a Microsoft Cloud file, and I need to have a Microsoft login in order to retrieve these files. This policy – and a prohibition on sending customer files as email attachments – came from their IT team, and it was in response to a requirement imposed by their insurer.

The problem here isn't merely that I must now enter into a contractual arrangement with Microsoft in order to do my taxes. It isn't just that Microsoft's terms of service are ghastly. It's not even that they could change those terms at any time, for example, to ingest my sensitive tax documents in order to train a large language model.

It's that Microsoft – like Google, Apple, Facebook and the other giants – routinely disconnects users for reasons it refuses to explain, and offers no meaningful appeal. Microsoft tells its business customers, "force your clients to get a Microsoft account in order to maintain communications security" but also reserves the right to unilaterally ban those clients from having a Microsoft account.

There are examples of this all over. Google recently flipped a switch so that you can't complete a Google Form without being logged into a Google account. Now, my ability to purse all kinds of matters both consequential and trivial turn on Google's good graces, which can change suddenly and arbitrarily. If I was like Mark, permanently banned from Google, I wouldn't have been able to complete Google Forms this week telling a conference organizer what sized t-shirt I wear, but also telling a friend that I could attend their wedding.

Now, perhaps some people really should be locked out of digital life. Maybe people who traffick in CSAM should be locked out of the cloud. But the entity that should make that determination is a court, not a Big Tech content moderator. It's fine for a platform to decide it doesn't want your business – but it shouldn't be up to the platform to decide that no one should be able to provide you with service.

This is especially salient in light of the chaos caused by Crowdstrike's catastrophic software update last week. Crowdstrike demonstrated what happens to users when a cloud provider accidentally terminates their account, but while we're thinking about reducing the likelihood of such accidents, we should really be thinking about what happens when you get Crowdstruck on purpose.

The wholesale chaos that Windows users and their clients, employees, users and stakeholders underwent last week could have been pieced out retail. It could have come as a court order (either by a US court or a foreign court) to disconnect a user and/or brick their computer. It could have come as an insider attack, undertaken by a vengeful employee, or one who was on the take from criminals or a foreign government. The ability to give anyone in the world a Blue Screen of Death could be a feature and not a bug.

It's not that companies are sadistic. When they mistreat us, it's nothing personal. They've just calculated that it would cost them more to run a good process than our business is worth to them. If they know we can't leave for a competitor, if they know we can't sue them, if they know that a tech rival can't give us a tool to get our data out of their silos, then the expected cost of mistreating us goes down. That makes it economically rational to seek out ever-more trivial sources of income that impose ever-more miserable conditions on us. When we can't leave without paying a very steep price, there's practically a fiduciary duty to find ways to upcharge, downgrade, scam, screw and enshittify us, right up to the point where we're so pissed that we quit.

Google could pay competent decision-makers to review every complaint about an account disconnection, but the cost of employing that large, skilled workforce vastly exceeds their expected lifetime revenue from a user like Mark. The fact that this results in the ruination of Mark's life isn't Google's problem – it's Mark's problem.

The cloud is many things, but most of all, it's a trap. When software is delivered as a service, when your data and the programs you use to read and write it live on computers that you don't control, your switching costs skyrocket. Think of Adobe, which no longer lets you buy programs at all, but instead insists that you run its software via the cloud. Adobe used the fact that you no longer own the tools you rely upon to cancel its Pantone color-matching license. One day, every Adobe customer in the world woke up to discover that the colors in their career-spanning file collections had all turned black, and would remain black until they paid an upcharge:

https://pluralistic.net/2022/10/28/fade-to-black/#trust-the-process

The cloud allows the companies whose products you rely on to alter the functioning and cost of those products unilaterally. Like mobile apps – which can't be reverse-engineered and modified without risking legal liability – cloud apps are built for enshittification. They are designed to shift power away from users to software companies. An app is just a web-page wrapped in enough IP to make it a felony to add an ad-blocker to it. A cloud app is some Javascript wrapped in enough terms of service clickthroughs to make it a felony to restore old features that the company now wants to upcharge you for.

Google's defenstration of K Renee, Mark and Cassio may have been accidental, but Google's capacity to defenstrate all of us, and the enormous cost we all bear if Google does so, has been carefully engineered into the system. Same goes for Apple, Microsoft, Adobe and anyone else who traps us in their silos. The lesson of the Crowdstrike catastrophe isn't merely that our IT systems are brittle and riddled with single points of failure: it's that these failure-points can be tripped deliberately, and that doing so could be in a company's best interests, no matter how devastating it would be to you or me.

If you'd like an e ssay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/07/22/degoogled/#kafka-as-a-service

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

#pluralistic #google #monopoly #big tech #locus magazine #crowdstrike #single points of failure

521 notes · View notes

agapi-kalyptei · 4 months ago

Text

crowdstrike hot take 5: so who was incompetent, really?

OK so it's the first Monday after the incident. CrowdStrike (CS) is being tight-lipped about the actual cause of the incident, which Microsoft estimates to have affected 8.5 million devices.

Here's an unconfirmed rumor: CS has been firing a lot of QA people and replacing them with AI. I will not base this post on that rumor. But...

Here's a fact: wikipedia listed 8429 CS employees as of April 2024. Now the updated page says they have 7925 employees in their "Fiscal Year 2024".

Anyway. Here's a semi-technical video if you want to catch up on what bluescreen and kernel-mode drivers are in the contexts of the CS incident by a former microsoft engineer. He also briefly mentions WHQL certification - a quality assurance option provided by Microsoft for companies who want to make sure their kernel drivers are top-notch.

Now conceptually, there are two types of updates - updates to a software itself, and a definition update. For a videogame, the software update would be a new feature or bugfixes, and content update would add a new map or textures or something. (Realistically they come hand in hand anyway.) For an antivirus/antimalware, a definition update is basically a list of red flags - a custom format file that instructs the main software on how to find threats.

The video mentions an important thing about the faulty update: while many people say "actually it wasn't a software update that broke it, it was a definition file", it seems that CS Falcon downloads an update file and executes code inside that file - thus avoiding the lengthy re-certification by Microsoft while effectively updating the software.

Some background: On audits in software

A lot of software development is unregulated. You can make a website, deploy it, and whether you post puppy pictures or promote terrorism, there's no one reviewing and approving your change. Laws still apply - even the puppy pictures can be problematic if they include humans who did not consent to have their photos taken and published - but no one's stopping you immediately from publishing them.

And a lot of software development IS regulated - you cannot make software for cars without certifications, you cannot use certain programming languages when developing software for spaceships or MRIs. Many industries like online casinos are regulated - IF you want to operate legally in most countries, you need a license, and you need to implement certain features ("responsible gaming"), and you must submit the actual source code for reviews.

This varies country by country (and state by state, in USA, Canada, etc) and can mean things like "you pay $200 for each change you want to put to production*", or it can mean "you have to pay $40'000 if you make a lot of changes and want to get re-certified".

*production means "web servers or software that goes to end customers", as opposed to "dev environment", "developer's laptop", "QA environment" or "staging" or "test machines", "test VMs" or any of the other hundreds way to test things before they go live.

The certification, and regular audits, involves several things:

Testing the software from user's perspective

Validating the transactions are reported correctly (so that you're not avoiding taxes)

Checking for the user-protecting features, like being able to set a monthly limit on depositing money, etc

Checking the source code to make sure customers are not being ripped off

Validating security and permissions, so a janitor can't download or delete production databases

Validating that you have the work process that you said you would - that you have Jira (or similar) tickets for everything that gets done and put to production, etc, and

...that you have Quality Assurance process in place, and that every change that goes to production is tested and approved

You can see why I highlighted the last point, right.

Now, to my knowledge, security software doesn't have its own set of legal requirements - if I want to develop an antivirus, I don't need a special permission from my government, I can write code, not test it at all, and start selling it for, idk for example $185 per machine it gets deployed to.

And here's the thing - while there certainly is a level of corruption / nepotism / favoritism in the IT industry, I don't think CloudStrike became one of the biggest IT security providers in the world just by sweet talking companies. While there isn't any legal regulation, companies do choose carefully before investing into 3rd party solutions that drastically affect their whole IT. What I mean, CloudStrike probably wasn't always incompetent.

(Another rumor from youtube comments: A company with ~1000 employees was apparently pressured by an insurance company to use CrowdStrike - whether it's a genuine recommendation, an "affiliate link" or just plain old bribery... I do not know.)

WHY what happened is still very baffling

See, this is what would be the process if I was running a security solutions company:

a team is assigned a task. this task is documented

the team discusses the task if it's non-trivial, and they work on it together if possible

solo developer taking the task is not ideal, but very common, since you cannot parallelize (split it between several people) some tasks

while developing, ideally the developer can test everything from start to finish on their laptop. If doing it on their laptop isn't possible, then on a virtual machine (a computer that runs only inside software, and can be more or less stored in a file, duplicated, restored to a previous version, backed up, etc, just by copying that file)

in case of automated software updates, you would have "update channels". In this case it means... like if you have a main AO3 account where you put finished things, and then you'd have another AO3 account where you only put beta fics. So in my hypothetical company, you'd have a testing update channel for each developer or each team. The team would first publish their work only on their update channel, and then a separate QA team could test only their changes.

Either way, after maybe-mostly-finishing the task, the code changes would be bundled in something called a "pull request" or "PR" or "merge request". It's basically a web page that displays what was the code before and after. This PR would be reviewed by people who have NOT worked on the change, so they can check and potentially criticize the change. This is one of the most impactful things for software quality.

Either before or after the PR, the change would go to QA. First it would be tested just in the team's update channel. If it passes and no more development is needed on it, it would go to a QA update channel that joins all recent changes across all teams.

After that, it would be released to an early access or prerelease update channel, sometimes called a canary deploy. Generally, this would be either a limited amount - maybe 100 or 1000 computers, either used internally, or semi-randomly spread across real clients, or it could be as much as 10% of all customers' computers.

THEN YOU WAIT AND SEE IF THERE ARE NO ERROR REPORTS.

Basically ALL modern software (and websites! all the cookies!) collect "metrics" - like "how often each day is this running", or "did our application crash"

you absolute MUST have graphs (monitoring - sometimes this is a part of discipline called "reliability engineering") that show visually things like the number of users online, how many customers are lagging behind with updates, how many errors are reported, how many viruses are being caught by our software. If anything goes up or down too much, it's a cause for concern. If 10% of your customers are suddenly offline after a canary deploy is out, you're shitting your pants.

ONLY after waiting for a while to see everything is okay, you can push the update to ALL clients. It is unfathomable how anyone would do that straight away, or maybe how someone could do it without proper checks, or how the wrong thing got sent to the update.

As ClownStrike is still silent about the actual cause of the issue, we can only make guesses about how much they circumvented their own Quality Assurance process to push the faulty update to millions of computers.

It gets worse

Here's the thing: CrowdStrike itself allows users to create computer groups and let them choose the update channel. You, as a business customer, can say

these 100 unimportant laptops will have the latest update

these important servers will have N-1 update (one version behind)

the rest of the company will have N-2 update (two update versions behind)

CrowdStrike has ignored those settings. According to some youtube comments, supposedly they pushed the update to "only" 25% of all devices - which is worrying to think this could have gone even worse.

Third time isn't the charm

And hey, do you know what happened two years before CrowdStrike was founded? The CEO George Kurtz was at the time, in 2010, the CTO of McAfee, the controversial / crappy security company (IMO offering one of the worst antivirus programs of all times, that was aggressively pushed through bundled OEM deals). In both 2009 and 2010 their enterprise software deleted a critical operating system file and bricked a lot of computers, possibly hundreds of thousands.

And yes, the trigger wasn't an update to the antivirus itself, but a faulty "definition update". Funny coincidence, huh.

#crowdstrike #long post #george kurtz #mcafee

12 notes · View notes

mariacallous · 3 months ago

Text

About three years ago, some of Google’s security engineers came to company attorneys with a gigantic mess.

The security team had discovered that Google unwittingly was enabling the spread of malicious software known as Glupteba. The malware had corrupted more than 1 million Windows computers, turning them into vehicles to mine cryptocurrency and spy on users. By hijacking Google accounts, purchasing Google ads to lure in users, and misusing Google cloud tools, the hackers behind the operation were on their way to infecting even more computers.

Tech giants such as Google long have had a playbook for destroying botnets like Glupteba. They call up fellow companies and US authorities and together coordinate a massive takedown operation. Sometimes, the cops file criminal charges. But this time around, Google’s legal team recommended an approach that the company hadn’t pursued in years: Sue the hackers for money.

The eventual lawsuit against two Russian men and a dozen unnamed individuals allegedly behind Glupteba would be the first of a run of at least eight cases that Google has filed against various hackers and scammers, adding to a sporadic few filings in the past. The tactic, which Google calls affirmative litigation, is meant to scare off would-be fraudsters and generate public awareness about scams. Now, for the first time, Google is opening up about this strategy.

Leaders of Google’s security and legal teams tell WIRED they believe going after people in court has paid off. Google hasn’t yet lost a case; it has collected almost all of the more than $2 million that it has won through the legal process, and forced hundreds of companies or websites to shut down. The awards are trivial to Google and its parent Alphabet, a $2 trillion company, but can be devastating for the defendants.

“We’re disrupting bad actors and deterring future activity, because it’s clear that the consequences and the costs are high,” says Chester Day, lead of the three-person “litigation advance” team at Google that’s focused on taking people to court. Google, he adds, is “making it clear that we’re willing to invest our resources into taking action to protect our users.”

Google blog posts and similar content about the lawsuits and the underlying scams have drawn more than 1 billion views, according to the company. Google representatives say that the awareness increases vigilance among consumers and shrinks the pool of vulnerable targets. “Educating people about how these crimes work may be the best thing we can do to stop the crime,” says Harold Chun, director of Google’s security legal team.

Several Big Tech companies have pursued affirmative litigation, though not necessarily under that name and with varying strategies. Microsoft has filed more than two dozen lawsuits since 2008 with a focus on securing court permission to dismantle botnets and other hacking tools. Amazon has been a prolific complainant since 2018, filing at least 42 cases over counterfeit products, 38 for reviews fraud, three for copyright abuse, and, recently, two for bogus product returns. Amazon has been filing so many counterfeit cases, in fact, that the federal court in western Washington assigned three magistrate judges to focus on them.

Since 2019, Meta has filed at least seven counterfeiting or data theft cases, with settlements or default judgments in four so far, including one in which it won nearly $300,000 in damages. Like Meta, Apple has sued Israeli spyware developer NSO Group for alleged hacking. (NSO is fighting the lawsuits. Trials are scheduled for next year.)

Some attorneys who’ve studied how the private sector uses litigation to enforce the law are skeptical about the payoff for the plaintiffs. David Noll, a Rutgers University law professor and author of a forthcoming book on state-supported private enforcement, Vigilante Nation, says it’s difficult to imagine that companies could bring the volume of cases needed to significantly stop abuse. “The fact that there is a small chance you might be named in a suit isn’t really going to deter you,” he says.

Noll believes the big risk is that Google and other tech companies could be burdening the court system with cases that ultimately secure some favorable headlines but do less to make the internet safer than the companies could achieve through investing in better antifraud measures.

Still, of the six outside legal experts who spoke to WIRED, all of them say that overall Google deserves credit for complementing the work of underfunded government agencies that are struggling to rein in online abuse. At an estimated hundreds of thousands of dollars per case, it’s a low-risk endeavor for the tech giant, former prosecutors say.

“Reliable and regular enforcement when folks step outside the law brings us closer to a society where less of us are harmed,” says Kathleen Morris, resident scholar of law at UC Berkeley’s Institute of Governmental Studies. “This is healthy and robust collaboration on law enforcement by the public and private sectors.”

Google’s general counsel, Halimah DeLaine Prado, tells WIRED she wants to send a message to other companies that the corporate legal department can do more than be the team that says “no” to wild ideas. “Legal can be a proactive protector,” she says.

Marketing Scams

DeLaine Prado says that from its earliest days, Google has considered pursuing litigation against people abusing its platforms and intellectual property. But the first case she and other leaders within Google recall filing was in 2015. Google accused Local Lighthouse, a California marketing company, of placing robocalls to dupe small businesses into paying to improve their ranking in search results. Google alleged trademark infringement, unfair competition, and false advertising. As part of a settlement, Lighthouse stopped the problematic calls.

Since then, Google has filed complaints against five similar allegedly scammy marketers, with three of them ending in settlements so far. A Florida business and its owners agreed to pay Google $850,000, and a Los Angeles man who allegedly posted 14,000 fake reviews on Google Maps agreed to stop. Terms of the third deal, with an Illinois company, were not disclosed in court files, but Google spokesperson José Castañeda says it involved a seven-figure payment to Google.

Castañeda says Google has donated all the money it has collected to recipients such as the Better Business Bureau Institute, the National Consumers League, Partnership to End Addiction, Cybercrime Support Network, and various US chambers of commerce.

Another genre of cases has targeted individuals submitting false copyright complaints to Google to get content removed from the company’s services. A man in Omaha, Nebraska, whom Google accused of falsely claiming ownership of YouTube videos to extort money from their real owners, agreed to pay $25,000 to Google. Two individuals in Vietnam sued by Google never responded—a common issue.

In 2022, Google won default judgment against an individual in Cameroon who never responded to charges that he was using Gmail to scam people into paying for fake puppies, including a $700 basset hound. After the lawsuit, complaints about the scammer dried up, according to Google.

But legal experts say the most fascinating cases of Google’s affirmative litigation are four that it filed against alleged computer hackers. The suits emerged after months of investigation into Glupteba.

Security engineers at Google realized that eradicating Glupteba through the typical approach of taking down associated servers would be difficult. The hackers behind it had designed a backup system involving a blockchain that enabled Glupteba to resurrect itself and keep pilfering away.

That’s in part why Google’s attorneys suggested suing. Chun, the security legal director, had pursued cases against botnets as a federal prosecutor. “I thought this would be something good to do from a civil angle for a company as well,” he says. “Law enforcement agencies have limits on what they can do. And Google has a large voice and the litigation capacity.”

Chun and other attorneys cautioned their bosses that the hackers might use the lawsuit to reverse engineer Google’s investigation methods and make Glupteba more evasive and resilient. But ultimately, DeLaine Prado, who has final say over lawsuits, signed off. Chun says his former colleagues from the government applauded the complaint.

Google sued Dmitry Starovikov and Alexander Filippov, alleging that they were the Russia-based masterminds behind Glupteba after linking websites associated with the virus to Google accounts in their name. The search giant accused the duo (and unknown co-conspirators) of violating the Racketeer Influenced and Corrupt Organizations Act (RICO), the Computer Fraud and Abuse Act, and the Electronic Communications Privacy Act. The lawsuit also alleged a trademark law violation for hiding Glupteba in a tool that claimed to download videos from YouTube.

Google argued that it had suffered substantial harm, having never received payment for ads it had sold to the hackers, who allegedly were using fraudulent credit cards. Users also had their experiences with Google services degraded, putting them at risk and impairing the value of the company’s brand, according to the lawsuit.

In court papers, Starovikov and Filippov stated they learned of the lawsuit only through friends and then decided to hire a New York attorney, Igor Litvak, to fight on their behalf. The defendants initially offered innocent explanations for their software related to Glupteba and said that their projects had not targeted the US market. At one point, they countersued Google for $10 million, and at another, they allegedly demanded $1 million each to hand over the keys to shut down the botnet. They eventually denied the allegations against them.

Following an ordeal over whether the defendants could obtain Russian passports, sit for depositions in Europe, and turn over work files, Google’s attorneys and Litvak traded accusations of lying. In 2022, US district judge Denise Cote sided with Google. She found in a 48-page ruling that the defendants “intentionally withheld information” and “misrepresented their willingness and ability” to disclose it to “avoid liability and further profit” from Glupteba. “The record here is sufficient to find a willful attempt to defraud the Court,” Cote wrote.

Cote sanctioned Litvak, and he agreed to pay Google $250,000 in total through 2027 to settle. The jurist also ordered Starovikov and Filippov to pay nearly $526,000 combined to cover Google’s attorneys fees. Castañeda says Google has received payment from all three.

Litvak tells WIRED that he still disagrees with the judge's findings and that Russia’s strained relationship with the US may have weighed on whom the judge trusted. “It’s telling that after I filed a motion to reconsider, pointing out serious issues with the court’s decision, the court went back on its original decision and referred [the] case to mediation, which ended with … me not having to admit to doing anything wrong,” he says in an email.

Google’s Castañeda says the case achieved the intended effect: The Russian hackers stopped misusing Google services and shut down their marketplace for stolen logins, while the number of Glupteba-infected computers fell 78 percent.

Not every case delivers measurable results. Defendants in Google’s other three hacking cases haven’t responded to the accusations. That led to Google last year winning default judgment against three individuals in Pakistan accused of infecting more than 672,000 computers by masquerading malware as downloads of Google’s Chrome browser. Unopposed victories are also expected in the remaining cases, including one in which overseas app developers allegedly stole money through bogus investment apps and are being sued for violating YouTube Community Guidelines.

Royal Hansen, Google’s vice president for privacy, safety, and security engineering, says lawsuits that don’t result in defendants paying up or agreeing to stop the alleged misuse still can make alleged perpetrators’ lives more difficult. Google uses the rulings as evidence to persuade businesses such as banks and cloud providers to cut off the defendants. Other hackers might not want to work with them knowing they have been outed. Defendants also could be more cautious about crossing international borders and becoming newly subject to scrutiny from local authorities. “That’s a win as well,” Hansen says.

More to Come

These days, Google’s small litigation advance team meets about twice a week with other units across the company to discuss potential lawsuits. They weigh whether a case could set a helpful precedent to give extra teeth to Google’s policies or draw awareness to an emerging threat.

Team leader Day says that as Google has honed its process, filing cases has become more affordable. That should lead to more lawsuits each year, including some for the first time potentially filed outside the US or representing specific users who have been harmed, he says.

The tech giants' ever-sprawling empires leave no shortage of novel cases to pursue. Google’s sibling company Waymo recently adopted the affirmative litigation approach and sued two people who allegedly smashed and slashed its self-driving taxis. Microsoft, meanwhile, is weighing cases against people using generative AI technology for malicious or fraudulent purposes, says Steven Masada, assistant general counsel of the company’s Digital Crimes Unit.

The questions remain whether the increasing cadence of litigation has left cybercriminals any bit deterred and whether a broader range of internet companies will go on the legal offense.

Erin Bernstein, who runs the California office of Bradley Bernstein Sands, a law firm that helps governments pursue civil lawsuits, says she recently pitched a handful of companies across industries on doing their own affirmative litigation. Though none have accepted her offer, she’s optimistic. “It will be a growing area,” Bernstein says.

But Google’s DeLaine Prado hopes affirmative litigation eventually slows. “In a perfect world, this work would disappear over time if it’s successful,” she says. “I actually want to make sure that our success kind of makes us almost obsolete, at least as it relates to this type of work.”

10 notes · View notes

videogamesincolor · 15 days ago

Text

"[...]The argument for the exemption received considerable pushback from agencies including the Entertainment Software Association, which argued that proposed controls over who would be allowed to access exempted software, and for what reason, were unclear. A "human review" requirement was "at best incomplete," the ESA said, and that by not including more specific requirements in the proposal, supporters of the exemption were "trying to reserve almost complete discretion in how they would provide access to preserve[d] games." The ESA also claimed that "there remains a substantial market for classic games," and that allowing "widespread remote access to preserved games with minimal supervision would present a serious risk to an important market." In the end, Shira Perlmutter, register of copyrights and director of the US Copyright Office, was not swayed by the arguments in favor of game preservation, ruling that proponents of videogame preservation "have not satisfied their burden to demonstrate that the requested uses are or are likely to be noninfringing.""

Like, I hate to break it to game preservationists, but they're gonna have to "become ungovernable" and push the issue until the Copyright Office doesn't have a public or a corporate leg to stand on.

That's the only way history gets preserved in the face of entities who are still trying their damnedest to criminalize reselling and sharing games secondhand the same way they succeeded with file sharing back in the 2010s.

These people don't care about preservation, they just wanna consume nickels and dimes.

#videogamesincolor #video game history #game preservation #copyright #copyright office #capitalism #media manipulation #pc gamer

3 notes · View notes

mightyflamethrower · 11 months ago

Text

A robotic malfunction at Tesla’s Giga Texas factory resulted in a violent encounter where an engineer was attacked by one of the company’s robots, resulting in significant injuries and leaving a ‘trail of blood.’

According to the Daily Mail, while working on software programming for non-functional Tesla robots, the engineer was suddenly pinned against a surface by a robot tasked with manipulating aluminum car components, with its metal claws inflicted an injury that left an ‘open wound’ on the worker’s left hand.

“Two of the robots, which cut car parts from freshly cast pieces of aluminum, were disabled so the engineer and his teammates could safely work on the machines. A third one, which grabbed and moved the car parts, was inadvertently left operational, according to two people who watched it happen. As that robot ran through its normal motions, it pinned the engineer against a surface, pushing its claws into his body and drawing blood from his back and his arm, the two people said,” The Information reported.

Quick action was taken by Tesla workers who intervened and triggered the emergency shutdown button to halt the malfunctioning robot and prevent further injury to the engineer.

This incident came to light through a 2021 injury report filed to Travis County and federal regulators, which Daily Mail reviewed. Tesla is legally required to report such incidents to ensure the continuation of state-provided tax incentives.

Despite claims by Tesla that the engineer did not require time off following the event, an attorney representing the factory’s contract laborers suggests otherwise. Evidence hints at possible underreporting of workplace accidents, casting doubt on the official records.

Daily Mail reported:

The injury report, which Tesla must submit to authorities by law to maintain its lucrative tax breaks in Texas, claimed the engineer did not require time off of work. But one attorney who represents Tesla’s Giga Texas contract workers has told DailyMail.com she believes, based on her conversations with workers there, that the amount of injuries suffered at the factory is going underreported. This underreporting, the attorney said, even included the September 28, 2021 death of a construction worker, who had been contracted to help build the factory itself. ‘My advice would be to read that report with a grain of salt,’ the attorney, Hannah Alexander of the nonprofit Workers Defense Project, told DailyMail.com. ‘We’ve had multiple workers who were injured,’ Alexander said, ‘and one worker who died, whose injuries or death are not in these reports that Tesla is supposed to be accurately completing and submitting to the county in order to get tax incentives.’

Elon Musk has yet to issue a formal statement in response to these allegations.

Just recently, Tesla revealed the second generation of its humanoid robot, Optimus Gen 2.

Optimus Gen 2 stands at a height of 5 feet 11 inches and weighs in at a light 121 pounds, shedding 22 pounds from the first model. It’s not just its frame that’s been upgraded; this robot can reach speeds up to 5 mph, which is a substantial 30% increase in velocity.

youtube

#Youtube

7 notes · View notes

scbhagat · 4 months ago

Text

Hassle-Free GST Return Filing Services in Delhi by SC Bhagat & Co.

Introduction: Navigating the complexities of Goods and Services Tax (GST) return filing can be daunting for businesses. To ensure compliance and avoid penalties, it's crucial to have a reliable partner who can manage your GST returns efficiently. SC Bhagat & Co. offers top-notch GST return filing services in Delhi, helping businesses streamline their tax processes and stay compliant with the latest regulations. In this blog, we'll explore the importance of GST return filing, the services provided by SC Bhagat & Co., and why they are the best choice for your business in Delhi. Why GST Return Filing is Important GST return filing is a mandatory requirement for businesses registered under the GST regime in India. Regular and accurate filing of GST returns is essential for several reasons: Compliance: Ensures adherence to tax laws and regulations, avoiding legal issues and penalties. Input Tax Credit (ITC): Facilitates the claim of ITC, which helps reduce the overall tax liability. Business Credibility: Enhances the credibility and trustworthiness of your business among clients and stakeholders. Avoid Penalties: Prevents hefty fines and interest charges that result from late or incorrect filing. Comprehensive GST Return Filing Services by SC Bhagat & Co. SC Bhagat & Co. provides a full range of GST return filing services in Delhi, tailored to meet the unique needs of your business. Here’s what you can expect: 1. Accurate GST Return Preparation Our experienced professionals ensure that your GST returns are prepared accurately, reflecting all transactions and complying with the latest GST laws. We handle all types of GST returns, including GSTR-1, GSTR-3B, GSTR-9, and more. 2. Timely Filing Timely filing is crucial to avoid penalties and interest charges. SC Bhagat & Co. guarantees prompt filing of your GST returns, keeping track of all deadlines and ensuring that you never miss a due date. 3. Error-Free Data Management We meticulously review all your financial data to ensure that your GST returns are error-free. Our team double-checks every detail, reducing the risk of discrepancies and ensuring smooth processing. 4. ITC Reconciliation Our experts assist in reconciling your Input Tax Credit (ITC) to ensure you claim the correct amount, maximizing your tax benefits and minimizing liabilities. 5. Regular Updates and Compliance GST laws and regulations are subject to frequent changes. SC Bhagat & Co. stays updated with the latest amendments and ensures that your GST returns comply with the current rules and guidelines. 6. Personalized Support We provide personalized support to address any queries or issues you may have regarding GST return filing. Our team is always available to assist you with expert advice and solutions. Why Choose SC Bhagat & Co. for GST Return Filing Services in Delhi Expertise and Experience With years of experience in tax consulting, SC Bhagat & Co. has a deep understanding of GST regulations and filing procedures. Our expertise ensures that your GST returns are handled professionally and accurately. Client-Centric Approach We prioritize our clients' needs and provide tailored solutions to meet their specific requirements. Our client-centric approach ensures that you receive the best possible service and support. Advanced Technology SC Bhagat & Co. leverages advanced technology and software to streamline the GST return filing process. Our tech-driven approach enhances efficiency and accuracy, saving you time and effort. Proven Track Record Our proven track record of successful GST return filings speaks for itself.

2 notes · View notes

360accounting · 1 year ago

Text

How to Make Sure You're Withholding and Reporting Your Taxes Correctly

Taxes are an inevitable part of life for most individuals and businesses. Whether you're a salaried employee, a freelancer, or a business owner, understanding how to withhold and report your taxes correctly is crucial to avoid potential legal troubles and financial headaches down the road. In this article, we will explore the key steps and considerations to ensure that you're handling your taxes in a responsible and compliant manner.

Know Your Tax Obligations

The first and most critical step in ensuring you're withholding and Outsource Management Reporting your taxes correctly is to understand your tax obligations. These obligations vary depending on your employment status and the type of income you earn. Here are some common categories of taxpayers:

1. Salaried Employees

If you're a salaried employee, your employer typically withholds income taxes from your paycheck based on your Form W-4, which you fill out when you start your job. It's essential to review and update your W-4 regularly to ensure that your withholding accurately reflects your current financial situation. Major life events like marriage, having children, or significant changes in your income should prompt you to revisit your W-4.

2. Freelancers and Self-Employed Individuals

Freelancers and self-employed individuals often have more complex tax obligations. You are responsible for estimating and paying your taxes quarterly using Form 1040-ES. Keep detailed records of your income and expenses, including receipts and invoices, to accurately report your earnings and deductions.

3. Small Business Owners

If you own a small business, your sales tax responsibilities extend beyond your personal income. You must separate your business and personal finances, keep meticulous records of all business transactions, and file the appropriate business tax returns. The structure of your business entity (e.g., sole proprietorship, partnership, corporation) will determine the specific tax forms you need to file.

4. Investors and Property Owners

Investors and property owners may have to report income from dividends, interest, capital gains, or rental properties. These income sources have their specific tax reporting requirements, and it's essential to understand and comply with them.

Keep Accurate Records

Regardless of your tax situation, maintaining accurate financial records is essential. Detailed records make it easier to report your income and deductions correctly, substantiate any claims you make on your tax return, and provide documentation in case of an audit. Here are some record-keeping tips:

Organize Your Documents: Create a system to store your financial documents, including receipts, invoices, bank statements, and tax forms. Consider using digital tools for easier record keeping.

Track Income and Expenses: Keep a ledger or use accounting software to record all income and expenses related to your financial activities. Categorize expenses correctly to maximize deductions and credits.

Retain Documents for Several Years: The IRS typically has a statute of limitations for auditing tax returns, which is generally three years. However, in some cases, it can extend to six years or indefinitely if fraud is suspected. To be safe, keep your tax records for at least seven years.

Understand Deductions and Credits

Deductions and credits can significantly reduce your tax liability. Deductions reduce your taxable income, while credits provide a dollar-for-dollar reduction of your tax bill. Familiarize yourself with common deductions and credits that may apply to your situation:

Standard Deduction vs. Itemized Deductions: Depending on your filing status and financial situation, you can choose between taking the standard deduction or itemizing your deductions. Itemizing requires more documentation but can result in greater tax savings.

Tax Credits: Explore available tax credits, such as the Earned Income Tax Credit (EITC), Child Tax Credit, and Education Credits. These credits can provide substantial savings, especially for low- to moderate-income individuals and families.

Business Expenses: If you're self-employed or a small business owner, be aware of deductible business expenses, including office supplies, travel expenses, and home office deductions.

Seek Professional Assistance

Tax laws are complex and subject to change. Seeking professional assistance from a certified tax professional or CPA (Certified Public Accountant) can be a wise investment. Tax professionals can help you:

Maximize Deductions: They are well-versed in the intricacies of tax law and can identify deductions and credits you might overlook.

Ensure Compliance: Tax professionals can ensure that you are complying with current tax laws and regulations, reducing the risk of costly errors or audits.

Provide Tax Planning: They can help you create a tax-efficient strategy to minimize your tax liability in the long term.

Represent You in Audits: If you face an audit, a tax professional can represent you and help navigate the process.

File Your Taxes on Time

Filing your taxes on time is crucial to avoid penalties and interest charges. The tax filing deadline for most individuals is April 15th. However, if you need more time, you can file for an extension, which typically gives you until October 15th to submit your return. Keep in mind that an extension to file is not an extension to pay any taxes owed, so pay as much as you can by the original deadline to minimize interest and penalties.

Consider Electronic Filing

Electronic filing (e-filing) is a secure and convenient way to submit your tax return to the IRS. It reduces the risk of errors and ensures faster processing and quicker refunds, if applicable. Many tax software programs offer e-filing options, making it easy for individuals and businesses to submit their returns electronically.

Stay Informed and Adapt

Tax laws can change from year to year, so staying informed is essential. Follow updates from the IRS and consult outsourcing sales tax services professionals or resources to understand how changes in tax laws may affect you. Be proactive in adapting your tax strategies to maximize savings and remain compliant with current regulations.

In conclusion, withholding and reporting your taxes correctly is a responsibility that should not be taken lightly. Understanding your tax obligations, keeping accurate records, leveraging deductions and credits, seeking professional assistance when needed, and filing on time are essential steps to ensure a smooth and compliant tax-filing experience. By following these guidelines, you can navigate the complexities of the outsourcing sales tax services system with confidence and peace of mind. Remember that taxes are a fundamental part of our society, and paying them correctly ensures that essential public services and infrastructure are funded for the benefit of all.

#outsourced sales tax services #outsourced accounting services #reconciliation services in usa

2 notes · View notes

happychirps · 1 year ago

Text

Make your photographs work for you and earn money.

Selling your photos on stock websites can be a great way to earn additional income. Selling stock photography through mobile devices and DSLRs has become increasingly popular and accessible with the advancement of digital technology. Here are some steps you can take to get started:

Research Stock Websites: There are numerous stock websites where you can sell your photos, such as Shutterstock, Adobe Stock, Freepik, Getty Images and iStock. Look into their submission guidelines, royalty rates, and popularity among buyers.

Assess Market Demand: Before you start shooting and uploading photos, it's important to understand what types of images are in demand. Take a look at the popular categories on stock websites and analyze the types of images that sell well. This will help you focus your efforts and maximize your chances of making sales.

Capture Marketable Photos: Aim to capture high-quality, visually appealing images that have commercial value. Consider popular themes like travel, nature, lifestyle, business, and technology. Ensure your photos are well-lit, properly composed, and have good resolution.

Edit and Enhance: Post-processing your photos can significantly improve their appeal. Use photo editing software like Adobe Lightroom or Photoshop to enhance colors, adjust exposure, and remove any imperfections. However, be careful not to over-edit and maintain a natural look.

Keywording and Descriptions: When uploading your photos, provide accurate and descriptive titles, captions, and keywords. This will help potential buyers find your images when they search for specific topics. Be thorough but relevant in your keyword selection.

Follow Submission Guidelines: Each stock website has its own set of submission guidelines, so make sure to review them carefully. Pay attention to the technical specifications, image size requirements, and file formats they accept. Failure to comply with these guidelines may result in your photos being rejected.

Model and Property Releases: If your photos contain recognizable individuals or private property, you may need model or property releases. These releases grant you legal permission to sell the images commercially. Familiarize yourself with the rules and requirements surrounding model and property releases on the stock websites you choose.

Regularly Upload New Content: Consistency is key to success in stock photography. Regularly upload new photos to keep your portfolio fresh and increase your visibility in search results. By building a diverse and substantial collection of images, you can attract a wider range of buyers.

Track Sales and Optimize: Monitor your sales and analyze the performance of your images. Pay attention to which photos are selling well and which ones are not. This data will help you refine your future photography efforts and focus on the subjects and styles that resonate with buyers.

Be Patient and Persistent: Selling photos on stock websites can take time and perseverance. It may take a while before you start seeing significant income. Stay motivated, continue to improve your skills, and adapt to the changing demands of the market.

Remember, while selling photos on stock websites can be a lucrative venture, it's also a competitive industry. Success often comes with time, effort, and a strong understanding of what buyers are looking for.

#photographers on tumblr #photography #photos #i sell pictures #i sell custom pics #stock images #100 days of productivity #stock photos #bird photos #bird photography #birdlovers #birds nature #birds of prey

2 notes · View notes

hayden-fluff · 2 years ago

Text

Can I just say how much of an absolute pain in the ass it is to be handed a proprietary software and file format for video surveillance with almost 40 files each with a few channels, just to be told "Yeah, you have to use our software to manually export all of these to a standard format teehee~"

This should like actually be illegal, it only makes the legal process of getting these video submitted for evidence review even longer than it already is because someone has to sit there and manually convert it. Often times on very slow, dated computers, so it takes actual hours to render out the new converted video file.

Oh, and to put the icing on top of the cake, some of these don't even let you export the video! The best way to get them to a standard format is, I kid you not, capture the screen and let the video play back, and sometimes these videos are multiple hours long, each.

Part of me wonders just how much faster the legal processes would be if video were just provided to us as a standard format and everyone used somewhat modern systems capable of handing these video loads.

#this is a reoccurring thing that happens at least once every few weeks

2 notes · View notes

comm461archives · 2 years ago

Text

Our Digital Legacy: an Archival Perspective (Moss & Gollins, 2017)

Author(s): Michael S. Moss and Tim J. Gollins

Date: 2017

Abstract:

Many have discussed and debated the preservation of traces from our digital world, mostly from a technical perspective. A great deal of this discussion has been predicated on the false assumptions that little will survive (the so-called digital black hole) and that rapidly changing file formats and software upgrades will make what survives difficult, if not impossible, to read. This narrative has been coupled with alarmist stories about the high cost of digital curation in trusted digital repositories. Taken together, all this scaremongering has diverted attention from the other core principles of archival science: appraisal (what to keep), sensitivity review (identifying material that cannot be disclosed for ethical or legal reasons), and access.1 The way that archival science uses these core principles to respond to the “supernova” of digital material that will actually survive will define our digital legacy.

Find the full article here!

#research #journal article #scholarly articles #archive #archive studies #archive practices #archival practices #digital studies #digital narrative #digital history #web archive #accesibility #archival science #digital legacy #narrative

2 notes · View notes

armandosdigitalblog · 9 hours ago

Text

Cryptocurrency Recovery: Steps to Retrieve Lost Digital Assets

Cryptocurrency, with its decentralized structure and complex security measures, has revolutionized financial transactions but also presents unique challenges when assets are lost. Unlike traditional banks, there is no single authority to assist with recovery, so the process can be daunting. However, understanding the steps involved in cryptocurrency recovery can significantly increase your chances of retrieving lost digital assets. Here’s a guide to navigate the bitcoin recovery expert process effectively.

Understanding Why Cryptocurrency Losses Occur

The loss of cryptocurrency often happens due to human error, technical glitches, or malicious activity. Some common reasons include misplaced private keys, forgotten passwords, corrupted wallets, or falling victim to scams. Additionally, sending cryptocurrency to the wrong address can lead to irreversible transactions if the recipient doesn’t cooperate. Recognizing the cause of loss is the first step, as it determines the appropriate recovery method.

Securing Remaining Digital Assets

If you realize some assets are lost, the first step is to secure your remaining cryptocurrency. Begin by changing passwords on all crypto-related accounts, enabling two-factor authentication (2FA), and creating new wallet backups. This reduces the risk of further losses while you focus on recovery efforts. If your loss is due to a security breach, take immediate action to protect remaining funds.

Checking Wallet Backup and Recovery Phrases

Wallets are typically backed by a recovery phrase or seed phrase, usually a 12 to 24-word sequence that can restore your wallet if you lose access. If you’ve lost access to a wallet, check if you have the recovery phrase written down somewhere safe. With this phrase, you can easily restore your wallet and access your funds. It’s essential to ensure that recovery phrases are stored securely offline to prevent unauthorized access.

Using Wallet Recovery Services

Various companies specialize in wallet recovery services, assisting users who have lost access to their wallets or forgotten passwords. These services, however, come at a cost, and it’s crucial to choose a reputable provider. Wallet recovery services utilize advanced software and techniques to attempt password recovery, but they cannot guarantee results. Research customer reviews and check for endorsements from reputable crypto communities before engaging a service.

Retrieving Assets from Exchanges

If you’ve lost cryptocurrency stored on an exchange, there may still be options to recover it. Exchanges often have customer support teams equipped to handle account recovery requests. Contact the exchange’s support team and provide as much information as possible, including any identification details and transaction records. While recovery isn’t always possible, some exchanges offer services to help users retrieve lost assets, especially if the account was compromised.

Using Blockchain Analysis to Trace Lost Assets

In cases of sending cryptocurrency to the wrong address or falling victim to scams, blockchain analysis tools may help. Blockchain transactions are public, and every transaction is recorded, making it possible to trace where funds were sent. Some companies and security experts specialize in blockchain analysis, tracing lost funds through complex transactions. Although tracing funds does not guarantee recovery, it may provide useful information for legal action or negotiations.

Reporting to Authorities in Case of Scams

If your cryptocurrency loss is due to fraud or theft, reporting it to the authorities is an essential step. Although cryptocurrencies are decentralized, law enforcement in various countries is increasingly trained to handle cybercrimes involving digital assets. Reporting the incident can lead to investigations that may help recover your funds, though success varies. Filing a report also contributes to public records, which can aid others in avoiding similar scams.

Practicing Preventive Measures

While recovery methods are available, prevention remains the best strategy. Regularly backing up wallets, securely storing private keys, using 2FA, and avoiding risky platforms can reduce the likelihood of future losses. Educating yourself on phishing scams, fake exchanges, and other crypto-related threats can help prevent irreversible losses. Additionally, consider using multi-signature wallets for added security, especially if you handle large amounts of cryptocurrency.

Seeking Community Support

In the cryptocurrency community, forums and social media groups are valuable resources for those attempting to recover lost assets. Many experienced users are willing to offer advice, tips, and support. Participating in these forums can lead to new ideas, resources, and tools for recovery. Be cautious, however, as scammers sometimes target users in these spaces, so verify advice and avoid sharing sensitive information.

Conclusion

The path to recovering lost cryptocurrency can be challenging, but taking the correct steps enhances the likelihood of success. From utilizing wallet recovery services to tracing transactions on the blockchain, various methods can assist in retrieval efforts. While not all losses are recoverable, secure practices and preventive measures can minimize risks, protecting your digital assets and ensuring greater peace of mind in the world of cryptocurrency.

0 notes

ejbarnes · 3 months ago

Text

CW: Suicide I need to add: 1. While in college, I spent a summer (1978) copyediting for Physical Review, a physics journal (or group of them -- there were Phys. Rev. A, B, C, and Phys. Rev. Lett). One of the things I saw was how publication of papers was systematically delayed if "pub fees" (publication fees) were not paid. Staff would literally put the folder with the marked-up MS into a drawer in a filing cabinet, the drawer designated for items delayed by nonpayment of pub fees. Once the payment was received, they'd go into another drawer for papers slated for publication.

2. Several years of my high-tech career were spent programming for Lexis-Nexis, a company specializing in services for the legal profession, including access to their galactically massive database of caselaw needed for legal citation. In my earliest days there, Lexis-Nexis was bought by what was then called Reed-Elsevier (now RELX), the publication giant whose subsidiary Elsevier is a major villain mentioned in Doctorow's post. I will not go into depth about the gross mismanagement of the layoff they perpetrated on our division of Lexis-Nexis, which had originally been an independent software company. I vaguely recall already telling that story here, probably in response to another Corey Doctorow article, that one likely about enshittification in the software sector. RELX still owns Lexis-Nexis (now LexisNexis).

3. RELX (formerly Reed-Elsevier) owns RX, formerly Reed Exhibitions, the world's largest exhibition company. One of its divisions is ReedPop, which runs New York Comic Con and the PAX gamer conventions.

MIT libraries are thriving without Elsevier

I'm coming to BURNING MAN! On TUESDAY (Aug 27) at 1PM, I'm giving a talk called "DISENSHITTIFY OR DIE!" at PALENQUE NORTE (7&E). On WEDNESDAY (Aug 28) at NOON, I'm doing a "Talking Caterpillar" Q&A at LIMINAL LABS (830&C).

Once you learn about the "collective action problem," you start seeing it everywhere. Democrats – including elected officials – all wanted Biden to step down, but none of them wanted to be the first one to take a firm stand, so for months, his campaign limped on: a collective action problem.

Patent trolls use bullshit patents to shake down small businesses, demanding "license fees" that are high, but much lower than the cost of challenging the patent and getting it revoked. Collectively, it would be much cheaper for all the victims to band together and hire a fancy law firm to invalidate the patent, but individually, it makes sense for them all to pay. A collective action problem:

https://locusmag.com/2013/11/cory-doctorow-collective-action/

Musicians get royally screwed by Spotify. Collectively, it would make sense for all of them to boycott the platform, which would bring it to its knees and either make it pay more or put it out of business. Individually, any musician who pulls out of Spotify disappears from the horizon of most music fans, so they all hang in – a collective action problem:

https://pluralistic.net/2024/06/21/off-the-menu/#universally-loathed

Same goes for the businesses that get fucked out of 30% of their app revenues by Apple and Google's mobile business. Without all those apps, Apple and Google wouldn't have a business, but any single app that pulls out commits commercial suicide, so they all hang in there, paying a 30% vig:

https://pluralistic.net/2024/08/15/private-law/#thirty-percent-vig

That's also the case with Amazon sellers, who get rooked for 45-51 cents out of every dollar in platform junk fees, and whose prize for succeeding despite this is to have their product cloned by Amazon, which underprices them because it doesn't have to pay a 51% rake on every sale. Without third-party sellers there'd be no Amazon, but it's impossible to get millions of sellers to all pull out at once, so the Bezos crime family scoops up half of the ecommerce economy in bullshit fees:

https://pluralistic.net/2023/11/06/attention-rents/#consumer-welfare-queens

This is why one definition of "corruption" is a system with "concentrated gains and diffuse losses." The company that dumps toxic waste in your water supply reaps all the profits of externalizing its waste disposal costs. The people it poisons each bear a fraction of the cost of being poisoned. The environmental criminal has a fat warchest of ill-gotten gains to use to bribe officials and pay fancy lawyers to defend it in court. Its victims are each struggling with the health effects of the crimes, and even without that, they can't possibly match the polluter's resources. Eventually, the polluter spends enough money to convince the Supreme Court to overturn "Chevron deference" and makes it effectively impossible to win the right to clean water and air (or a planet that's not on fire):

https://www.cfr.org/expert-brief/us-supreme-courts-chevron-deference-ruling-will-disrupt-climate-policy

Any time you encounter a shitty, outrageous racket that's stable over long timescales, chances are you're looking at a collective action problem. Certainly, that's the underlying pathology that preserves the scholarly publishing scam, which is one of the most grotesque, wasteful, disgusting frauds in our modern world (and that's saying something, because the field is crowded with many contenders).

Here's how the scholarly publishing scam works: academics do original scholarly research, funded by a mix of private grants, public funding, funding from their universities and other institutions, and private funds. These academics write up their funding and send it to a scholarly journal, usually one that's owned by a small number of firms that formed a scholarly publishing cartel by buying all the smaller publishers in a string of anticompetitive acquisitions. Then, other scholars review the submission, for free. More unpaid scholars do the work of editing the paper. The paper's author is sent a non-negotiable contract that requires them to permanently assign their copyright to the journal, again, for free. Finally, the paper is published, and the institution that paid the researcher to do the original research has to pay again – sometimes tens of thousands of dollars per year! – for the journal in which it appears.

The academic publishing cartel insists that the millions it extracts from academic institutions and the billions it reaps in profit are all in service to serving as neutral, rigorous gatekeepers who ensure that only the best scholarship makes it into print. This is flatly untrue. The "editorial process" the academic publishers take credit for is virtually nonexistent: almost everything they publish is virtually unchanged from the final submission format. They're not even typesetting the paper:

https://link.springer.com/article/10.1007/s00799-018-0234-1

The vetting process for peer-review is a joke. Literally: an Australian academic managed to get his dog appointed to the editorial boards of seven journals:

https://www.atlasobscura.com/articles/olivia-doll-predatory-journals

Far from guarding scientific publishing from scams and nonsense, the major journal publishers have stood up entire divisions devoted to pay-to-publish junk science. Elsevier – the largest scholarly publisher – operated a business unit that offered to publish fake journals full of unreveiwed "advertorial" papers written by pharma companies, packaged to look like a real journal:

https://web.archive.org/web/20090504075453/http://blog.bioethics.net/2009/05/merck-makes-phony-peerreview-journal/

Naturally, academics and their institutions hate this system. Not only is it purely parasitic on their labor, it also serves as a massive brake on scholarly progress, by excluding independent researchers, academics at small institutions, and scholars living in the global south from accessing the work of their peers. The publishers enforce this exclusion without mercy or proportion. Take Diego Gomez, a Colombian Masters candidate who faced eight years in prison for accessing a single paywalled academic paper:

https://www.eff.org/deeplinks/2014/07/colombian-student-faces-prison-charges-sharing-academic-article-online

And of course, there's Aaron Swartz, the young activist and Harvard-affiliated computer scientist who was hounded to death after he accessed – but did not publish – papers from MIT's JSTOR library. Aaron had permission to access these papers, but JSTOR, MIT, and the prosecutors Stephen Heymann and Carmen Ortiz argued that because he used a small computer program to access the papers (rather than clicking on each link by hand) he had committed 13 felonies. They threatened him with more than 30 years in prison, and drew out the proceedings until Aaron was out of funds. Aaron hanged himself in 2013:

https://en.wikipedia.org/wiki/Aaron_Swartz

Academics know all this terrible stuff is going on, but they are trapped in a collective action problem. For an academic to advance in their field, they have to publish, and they have to get their work cited. Academics all try to publish in the big prestige journals – which also come with the highest price-tag for their institutions – because those are the journals other academics read, which means that getting published is top journal increases the likelihood that another academic will find and cite your work.

If academics could all agree to prioritize other journals for reading, then they could also prioritize other journals for submissions. If they could all prioritize other journals for submissions, they could all prioritize other journals for reading. Instead, they all hold one another hostage, through a wicked collective action problem that holds back science, starves their institutions of funding, and puts their colleagues at risk of imprisonment.

Despite this structural barrier, academics have fought tirelessly to escape the event horizon of scholarly publishing's monopoly black hole. They avidly supported "open access" publishers (most notably PLoS), and while these publishers carved out pockets for free-to-access, high quality work, the scholarly publishing cartel struck back with package deals that bundled their predatory "open access" journals in with their traditional journals. Academics had to pay twice for these journals: first, their institutions paid for the package that included them, then the scholars had to pay open access submission fees meant to cover the costs of editing, formatting, etc – all that stuff that basically doesn't exist.

Academics started putting "preprints" of their work on the web, and for a while, it looked like the big preprint archive sites could mount a credible challenge to the scholarly publishing cartel. So the cartel members bought the preprint sites, as when Elsevier bought out SSRN:

https://www.techdirt.com/2016/05/17/disappointing-elsevier-buys-open-access-academic-pre-publisher-ssrn/

Academics were elated in 2011, when Alexandra Elbakyan founded Sci-Hub, a shadow library that aims to make the entire corpus of scholarly work available without barrier, fear or favor:

https://sci-hub.ru/alexandra

Sci-Hub neutralized much of the collective action trap: once an article was available on Sci-Hub, it became much easier for other scholars to locate and cite, which reduced the case for paying for, or publishing in, the cartel's journals:

https://arxiv.org/pdf/2006.14979

The scholarly publishing cartel fought back viciously, suing Elbakyan and Sci-Hub for tens of millions of dollars. Elsevier targeted prepress sites like academia.edu with copyright threats, ordering them to remove scholarly papers that linked to Sci-Hub:

https://svpow.com/2013/12/06/elsevier-is-taking-down-papers-from-academia-edu/

This was extremely (if darkly) funny, because Elsevier's own publications are full of citations to Sci-Hub:

https://eve.gd/2019/08/03/elsevier-threatens-others-for-linking-to-sci-hub-but-does-it-itself/

Meanwhile, scholars kept the pressure up. Tens of thousands of scholars pledged to stop submitting their work to Elsevier:

http://thecostofknowledge.com/

Academics at the very tops of their fields publicly resigned from the editorial board of leading Elsevier journals, and published editorials calling the Elsevier model unethical:

https://www.theguardian.com/science/blog/2012/may/16/system-profit-access-research

And the New Scientist called the racket "indefensible," decrying the it as an industry that made restricting access to knowledge "more profitable than oil":

https://www.newscientist.com/article/mg24032052-900-time-to-break-academic-publishings-stranglehold-on-research/

But the real progress came when academics convinced their institutions, rather than one another, to do something about these predator publishers. First came funders, private and public, who announced that they would only fund open access work:

https://www.nature.com/articles/d41586-018-06178-7

Winning over major funders cleared the way for open access advocates worked both the supply-side and the buy-side. In 2019, the entire University of California system announced it would be cutting all of its Elsevier subscriptions:

https://www.science.org/content/article/university-california-boycotts-publishing-giant-elsevier-over-journal-costs-and-open

Emboldened by the UC system's principled action, MIT followed suit in 2020, announcing that it would no longer send $2m every year to Elsevier:

https://pluralistic.net/2020/06/12/digital-feudalism/#nerdfight

It's been four years since MIT's decision to boycott Elsevier, and things are going great. The open access consortium SPARC just published a stocktaking of MIT libraries without Elsevier:

https://sparcopen.org/our-work/big-deal-knowledge-base/unbundling-profiles/mit-libraries/

How are MIT's academics getting by without Elsevier in the stacks? Just fine. If someone at MIT needs access to an Elsevier paper, they can usually access it by asking the researchers to email it to them, or by downloading it from the researcher's site or a prepress archive. When that fails, there's interlibrary loan, whereby other libraries will send articles to MIT's libraries within a day or two. For more pressing needs, the library buys access to individual papers through an on-demand service.

This is how things were predicted to go. The libraries used their own circulation data and the webservice Unsub to figure out what they were likely to lose by dropping Elsevier – it wasn't much!

https://unsub.org/

The MIT story shows how to break a collective action problem – through collective action! Individual scholarly boycotts did little to hurt Elsevier. Large-scale organized boycotts raised awareness, but Elsevier trundled on. Sci-Hub scared the shit out of Elsevier and raised awareness even further, but Elsevier had untold millions to spend on a campaign of legal terror against Sci-Hub and Elbakyan. But all of that, combined with high-profile defections, made it impossible for the big institutions to ignore the issue, and the funders joined the fight. Once the funders were on-side, the academic institutions could be dragged into the fight, too.

Now, Elsevier – and the cartel – is in serious danger. Automated tools – like the Authors Alliance termination of transfer tool – lets academics get the copyright to their papers back from the big journals so they can make them open access:

https://pluralistic.net/2021/09/26/take-it-back/

Unimaginably vast indices of all scholarly publishing serve as important adjuncts to direct access shadow libraries like Sci-Hub:

https://pluralistic.net/2021/10/28/clintons-ghost/#cornucopia-concordance

Collective action problems are never easy to solve, but they're impossible to address through atomized, individual action. It's only when we act as a collective that we can defeat the corruption – the concentrated gains and diffuse losses – that allow greedy, unscrupulous corporations to steal from us, wreck our lives and even imprison us.

Community voting for SXSW is live! If you wanna hear RIDA QADRI and me talk about how GIG WORKERS can DISENSHITTIFY their jobs with INTEROPERABILITY, VOTE FOR THIS ONE!

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/08/16/the-public-sphere/#not-the-elsevier

#monopolies #Elsevier #academic publishing

625 notes · View notes

mariacallous · 2 years ago

Text

The senator tasked with overseeing federal antitrust enforcement is urging the U.S. Department of Justice to investigate whether a Texas-based company’s price-setting software is undermining competition and pushing up rents.

Amy Klobuchar, the Minnesota Democrat who chairs the Senate Subcommittee on Competition Policy, Antitrust and Consumer Rights, sent a letter to the DOJ’s Antitrust Division this month. It was also signed by two other Democrats, Sen. Richard Durbin of Illinois and Sen. Cory Booker of New Jersey.

“We are concerned that the use of this rate setting software essentially amounts to a cartel to artificially inflate rental rates in multifamily residential buildings,” the letter said. It encouraged the DOJ to “take appropriate action to protect renters and competition in the residential rental markets.”

In mid-October, a ProPublica investigation documented how real estate tech company RealPage’s price-setting software uses nearby competitors’ nonpublic rent data to feed an algorithm that suggests what landlords should charge for available apartments each day. Legal experts said the algorithm may be enabling violations of antitrust laws.

ProPublica detailed how RealPage’s User Group, a forum that includes landlords who adopt the company’s software, had grown to more than 1,000 members, who meet in private at an annual conference and take part in quarterly phone calls. The senators raised specific questions about the group, saying, “We are concerned about potential anticompetitive coordination taking place through the RealPage User Group.”

RealPage did not immediately respond to a request for comment.

RealPage has said that the company “uses aggregated market data from a variety of sources in a legally compliant manner” and that its software prioritizes a property’s own internal supply and demand dynamics over external factors such as competitors’ rents. The company has said its software helps reduce the risk of collusion that would occur if landlords relied on phone surveys of competitors to manually price their units.

The DOJ declined to comment on the letter.

The department five years ago reviewed RealPage’s plan to acquire its biggest competitor in pricing software, but federal prosecutors declined to seek to block the merger, which doubled the number of apartments RealPage was pricing.

The senators noted that transaction, saying RealPage has made more than 10 acquisitions since 2016. They said in data-intensive industries, “the ability to acquire more data can result in the algorithms suggesting higher prices and can also increase the barriers to entry” for other competitors. The lawmakers encouraged the department “to consider looking back at RealPage’s past behavior to determine whether any of it was anticompetitive.”

The letter follows two others sent by lawmakers urging the DOJ or Federal Trade Commission to investigate RealPage. Since ProPublica’s investigation was published, three lawsuits have been filed on behalf of renters alleging that the software is artificially inflating rents and facilitating collusion. RealPage has denied allegations in a lawsuit filed in San Diego, and it has not responded to calls for comment about the other two legal actions, filed in federal district court in Seattle.

30 notes · View notes

fromdevcom · 9 days ago

Text

Large software applications can be customized and enhanced for unique or specific abilities by adding a set of software components called plugins. Generally, plugins are used in web browsers, virus scans, recognition and display of new file types. Maven is a leading Java project management tool. A project’s build, documentation, reporting can be managed from a central piece of information. This concept is based on the project object model (POM). Maven provides a uniform build system by building a project using POM concept and plugins which will be shared by all projects. Using the right plugin in your development environment can save a lot of unwanted efforts in day to day coding and other activities. We have found that some of these plugins help automate and simplify the everyday build and release related work. The best Maven plugins we found to be really useful and time-saving for your project team are described below: License Management Plugins White Source's Licenses Management Maven Plug-in Any software development project that uses Open Source (almost all of us), must identify and track the OSS components it uses, their licenses, requirements, etc. This can be quite a time consuming and sometimes complex for developers. White Source offers a free SaaS solution for that. The White Source's Maven plugin continuously and automatically updates the White Source repository whenever a new open source component is added, to ensure that all the open source components are immediately reported, analyzed, and reviewed for approval -without any overhead. This allows companies to accelerate the development process and manage the open source license more efficiently, and with fewer errors. White Source provides a simple to use, yet powerful solution for companies that need to manage their open source assets to ensure license compliance in order to avoid pitfalls such as lawsuits, penalties, and lost business. Developers and managers use White Source’s free cloud-based solution to track, audit and report on open source components throughout the software development life cycle. Unlike other solutions, White Source is a convenient cost-effective solution even for medium and small companies. With White Source’s easy-to-use, cloud-based platform companies can: Track the inventory of Open Source Software (OSS) modules used by development Automate the adoption and approval process Get continuous updates about legal and technical vulnerabilities Audit and report on OSS status and compliance White Source Software is offered as a free, cloud-based service. White Source fully supports Java and plans to support additional languages in the future. Mojo License Plugin This plugin is mainly to manage licenses of a Maven project and its dependencies. It carries out updating file headers, check third-party licenses, download dependencies license, retrieving license information from dependencies, updating license.txt files, etc. Project Release and Version Management Plugins Versions Maven Plugin Different versions of artifacts in a project’s POM can be managed. Updating artifacts referenced in a Maven pom.xml file can be carried out. Rereading modifications of the pom.xml within one invocation of Maven is not possible in Maven 2.0, 2.1, 2.2 and 3.0. Enforcer Rules can be executed for projects in a multi-project build. Environmental constraints in a project such as Maven version, OS family and JDK version can be controlled through the Enforcer plugin goals with user-created and standard rules. Build Number A distinctive build number for each project can be obtained by this plugin. A version for a project may remain the same, but many iterations will be done till the release. Each build will have a unique identifying build number. Unit and Functional Testing Plugins Surefire Unit tests of a particular application during the test stage of a build life cycle can be executed with this plugin. Reports are generated in plain text files (*. Txt) format and XML files (*. Xml).

Selenium As the name suggests, this plugin supports the use of Selenium with Maven. Automated web-application testing can be done by invoking the Selenium Remote control server through the Selenium Maven Plugin. Surefire Report Plugin Using this plugin XML files can be parsed and rendered to DOXIA which enables the creation of a web interface version of the test results. The results are generated in HTML format. Code Quality Plugins Findbugs Findbugs is a plugin for Java programs to tackle bugs. The bug patterns concept is used. Basically, the bug pattern is a code idiom. Most often it is an error. Java bytecode is inspected for bug patterns using static analysis. Cobertura As the name suggests, Cobertura features can be brought into the Maven 2 environment by this plugin. Unit testing efforts can be determined by this plugin which helps to understand the part of Java program lacking test coverage. Relational Database Integration Plugins SQL Plugin SQL statements can be executed in the combination of a string, a list or set of files through SrcFiles, SqlCommand and fileset configurations respectively. DB Plugin A database can have administrative access to the support of this plugin. Database statements can be also be executed. It has the ability to create and drop databases. Liquibase This an open source plugin licensed under Apache 2.0. It has a database-independent library. The database can be managed or tracked for any changes. The database is saved in human readable formats. NoSQL DB Integration Plugins Cassandra Plugin A test instance of Apache Cassandra can be controlled within Apache Maven build with the support of Mojo’s Cassandra Plugin. MongoDB Plugin This plugin is mainly designed to create, execute database scripts. The updated scripts can also be executed. This plugin supports the attribute. This helps in storing host/usr/pass in maven settings.xml. HBase Plugin Mini HBase can be started and stopped by this Maven plugin. The testing code can be integrated to interact with the HBase cluster with the support of this plugin. Light Weight Web Container Plugins Tomcat Plugin Manipulation of WAR projects within the servlet container of Apache Tomcat is made possible with the support of the Apache Tomcat Maven plugin. The WAR Apache Maven project can be implemented with the help of Apache Maven. However, the WAR file need not be deployed to an Apache TomCat every time. Jetty Plugin The last two steps of a web application testing can be skipped with the help of this application. Its default function is to scan target/classes for changes in Java sources. Application Server Plugin JBoss Plugin JBoss application can be started or stopped with his plugin. Files can be deployed or undeployed to the JBoss application server. Glassfish Glassfish domains can be managed and the components deployed within the Maven build lifecycle. The integration loop can be rapidly developed from this plugin. Other Utility Plugins Maven Eclipse Plugin Eclipse IDE files like wtpmodules, settings folder and Classpath can be generated for use within a project with the support of this plugin. This plugin proves to be very powerful for project generated using maven archetypes. In case you are using Eclipse for your project development, you would also find this post useful: Best Free Eclipse Productivity Plugins for Developers Assembly The project output can be aggregated along with its site documentation, modules, dependencies, and other files into a single archive with the support of the Assembly Plugin. AntRun A way to pollute the POM is possible with this plugin. It is better to move all Ant tasks to a build.xml file and when required calls it from the POM with Ant task command. Exec Execution of system, Java programs in a separate process is possible with the help of this plugin. Java programs can also be executed in the same VM. JSPC JSP pages can be pre-compiled and be included in the War file through this plugin.

JSPC plugin has to be used in conjunction with maven-war-plugin. There are both free and paid plugins available. Even though it is tempting to go for a free plugin, developers and teams should choose the right plugin based on the requirements. Furthermore, advanced features, full support, and updates for the plugin have to be checked while choosing the plugin. I hope you found this post useful. What maven plug-ins do you use in your project? Feel free to share in the comments section. Article Updates Updated on May 2019: Minor changes and updates to the introduction section. Images are updated to HTTPS.

0 notes