29 July 2023

Israeli spyware used to hack across 10 countries, Microsoft and watchdog say

The entrance to an office listed as belonging to Quadream is seen in a high rise building in Ramat Gan, Israel, January 25, 2022. REUTERS/Nir Elias

April 11 (Reuters) - An Israeli firm's hacking tools have been used against journalists, opposition figures and advocacy organizations across at least 10 countries - including people in North America and Europe - according to new research published Tuesday by Microsoft Corp (MSFT.O) and the internet watchdog Citizen Lab.

Citizen Lab said in its report that it had been able to identify a handful of civil society victims whose iPhones had been hacked using surveillance software developed by the Israeli company, QuaDream Ltd - a lower-profile competitor to the Israeli spyware company NSO Group, which has been blacklisted by the U.S. government over allegations of abuse.

In its report published at the same time, Microsoft said it believed with "high confidence" that the spyware was "strongly linked to QuaDream."

In a statement, Microsoft Associate General Counsel Amy Hogan-Burney said that mercenary hacking groups like QuaDream "thrive in the shadows" and that publicly outing them was "essential to stopping this activity."

Israeli lawyer Vibeke Dank, whose email was listed on QuaDream's corporate registration form, did not return a message seeking comment. Repeated attempts by Reuters to reach QuaDream over the past year - including a visit to the company’s office outside Tel Aviv - have been unsuccessful.

Reuters reported in 2022 that QuaDream had previously developed a no-interaction-needed hacking tool similar to the programs deployed by NSO. Such hacking tools, known as "zero-click," are particularly prized by cybercriminals, spies, and law enforcement because they can remotely compromise devices without an owner needing to open a malicious link or download a tainted attachment.

NSO did not immediately return a message seeking comment.

Neither Citizen Lab nor Microsoft identified the targets of QuaDream's software, but the allegation could still be damaging for the firm.

The reports come on the heels of an announced crackdown on the international spyware industry by U.S. President Joe Biden. Last month, the White House announced an executive order intended to curb the purchase of surveillance software by U.S. agencies if the programs are also being used by repressive governments abroad.

The White House did not immediately respond to a message seeking comment.

Unlike NSO, which regularly briefed journalists amid allegations of abuse, QuaDream has kept a lower profile. The company has no website touting its business and employees have been told to keep any reference to their employer off social media, Reuters has previously reported.

Source:Reuters.


27 July 2023

Freedom of Information Act - Moderna, Pfizer


As a result of Defending the Republic’s (DTR) successful Freedom of Information Act (FOIA) litigation against the Food and Drug Administration (FDA), we are excited to announce that we are releasing nearly 15,000 pages of documents relating to testing and adverse events associated with Moderna’s COVID-19 vaccine “Spikevax.”

DTR filed its FOIA lawsuit after the FDA denied the expedited production of Moderna COVID-19 records, stating there was no compelling need or urgency for the public to review this information. This spring, DTR reached an agreement with the FDA for the production of approximately 24,000 pages of some of the most important records submitted by Moderna in support of its Biologics License Application (BLA). This is the first part of that production. Later this year the FDA will produce approximately 8,000 more pages of Moderna documents.

These documents are the first significant release of data from Moderna’s COVID-19 clinical trials. They reveal the causes of deaths, serious adverse events, and instances of neurological disorders (such as Bell’s Palsy and Shingles) potentially associated with Moderna’s COVID-19 vaccine.

Importantly, these records also demonstrate the utter lack of thoroughness of these studies. Many of those who died after receiving the Moderna vaccine were not given an autopsy. According to one study, 16 individuals died after being administered the Moderna vaccine.  The study’s authors indicated that out of those 16 deaths, only two autopsies were performed, five of the dead were not autopsied, and the autopsy status of nine of the dead was “unknown”.

See documents within the post:

https://defendingtherepublic.org/moderna/

25 July 2023

Google guilty of ad-fraud against its customers including NYTimes, Reuters, Wired, Mashable and Gizmodo

Did Google mislead advertisers about TrueView skippable in-stream ads for the past three years?

This report finds that advertisers including Fortune 500 brands, the US federal government, and many small businesses may have been misled for years about Google’s proprietary TrueView skippable in-stream video ads. This misalignment may have cost media buyers up to billions of digital ad dollars, which were ultimately spent on small, muted, out-stream, auto-playing or interstitial video ad units running on independent websites and mobile apps.

TrueView is Google's “proprietary cost-per-view, choice-based ad format that serves on YouTube, millions of apps, and across the web.” With TrueView, advertisers only pay “for actual views of their ads, rather than impressions.” TrueView asks users if they want to skip the video ad after 5 seconds with a visual prompt. Google’s policies state that TrueView ads must be skippable, audible, and playing of the video (and ad) cannot be solely initiated by passive user scrolling.

However, this research report finds that for years, significant quantities of TrueView skippable in-stream ads, purchased by many different brands and media agencies, appear to have been served on hundreds of thousands of websites and apps in which the consumer experience did not meet Google’s stated quality standards. For example, many TrueView in-stream ads were served muted and auto-playing as out-stream video or as obscured video players on independent sites. Often, there was little to no organic video media content between ads, the video units simply played ads only. 


For a major infrastructure brand, only ~16% of their TrueView skippable in-stream video ad budget was spent on YouTube.com or YouTube’s apps. The majority of their budget was spent on tens of thousands of different websites or mobile apps which make up the Google Video Partner (GVP) network. The majority of those GVP mobile apps and websites served the TrueView skippable in-stream video ads in outstream, muted, auto-playing, interstitial, and/or non-visible ad slots - which are inconsistent with the TrueView or skippable in-stream ad format.

Adalytics shared examples of these TrueView skippable in-stream placements with advertisers and media buyers. Several dozen marketers stated that they would not have purchased this TrueView skippable in-stream inventory running on 3rd party environments, if this fact was clearly explained to them in advance. Marketers also shared that they did not expect or want video ads to be run muted, and doing so was contrary to their understanding of TrueView. 

Critically, Youtube and Google’s own policies state that TrueView in-stream ads must be skippable, audible, and initiated by viewer action. TrueView in-stream ad placement reports from brands and advertisers - including Fortune 500 brands - showed that in some ad campaigns, between 42 to 75% of TrueView in-stream ad spend was allocated to GVP sites and apps which did not meet Google’s standards. 

Many media buyers were surprised to learn that the majority of their ad budgets against a so-called “walled garden” environment was spent on muted, auto-playing video ads on third party websites such as lebanonfiles.com and freewebnovel.com, or on foreign-developed Android mobile gaming apps for toddlers.

null

Screenshot of a YouTube TrueView ad for americanexpress.com, served in a muted, out-stream, auto-playing video player on a 3rd party website.

Many TrueView skippable “in-stream” ads that Adalytics reviewed were delivered on sites and apps in which the ads were rendered in a method that violates Google’s own definitions of in-stream. Specifically, ads were placed on pages with such characteristics as

  • in small, out-stream video players in the corner or side of the consumer’s device viewport

  • in a fully muted video player

  • with little to no video content in between consecutive TrueView ads

  • where the video ads auto-play without any viewer interaction or initiation

  • the ads played continuously, on a loop

One digital advertising professional who was shown an advanced copy of this report said “repackaging shitty, brand-unsafe outstream as instream is a big problem.” The professional further stated “that seems like a fraud”.

In some instances, multiple TrueView skippable in-stream ads were rendered on a consumer’s device at the same time. Other examples include TrueView skippable in-stream ads that were served “stacked” on top of another “in-stream” ad. Furthermore, in some instances, the “Skip” button from the video ad was hidden or obscured outside the user’s viewport, making it impossible for the consumer to “choose to skip” the video ads after 5 seconds, forcing the user to experience the ad – a direct violation of Google’s quality standards for TrueView ads. This may have artificially inflated TrueView skippable in-stream ad video completion rates, possibly resulting in higher costs for Google’s advertisers. 

Screenshot of a JPMorgan Chase TrueView skippable in-stream video ad serving on a 3rd party website, in a muted, auto-play, partially obscured video player that is covered by another ad.

Multiple Kayak.de TrueView skippable in-stream video ads being served on dostor.org, with both video ads playing in a muted, auto-play state.

Another media buyer who received an advanced copy of this research told Adalytics:

“Nobody goes to walled gardens like YouTube to run on audience networks which all have the same crappy inventory. This is a method for YouTube and Google to extract more budget and manufacture scale in a way that is palatable to the advertiser because they don’t fully understand it.”

Brands that may have purchased muted, auto-playing, mis-declared TrueView skippable in-stream inventory include:

  1. The Wall Street Journal (owned by Dow Jones & Company, a division of News Corp)

  2. The United States federal government, including the Department of Health & Human Services (Medicare, Army, Social Security Administration)

  3. The European Parliament

  4. Johnson & Johnson

  5. The New York City municipal government (nyc.gov/office-of-the-mayor)

  6. HP

  7. Ernst & Young

  8. Bayer

  9. Newark, Delaware Police Department (joinnewarkpd.com)

  10. The Dutch military cyber defense forces (werkenbijdefensie.nl/burgermedewerker/ict)

  11. JPMorgan Chase Bank

  12. American Express

  13. Public Service Alliance of Canada

  14. Alberta New Democratic Party

  15. National Volunteer Fire Council

  16. Environmental Defense Fund (EDF) (edf.giftplans.org)

  17. Samsung

  18. Empower Annuity Insurance Company of America

  19. Sephora

  20. Macy’s

  21. Disney Plus

  22. Best Buy

  23. Mercedes-Benz

  24. General Motors

  25. Office Depot

  26. Pizza Hut

  27. Microsoft

  28. Instacart

  29. IBM (Redhat)

  30. Ford

  31. Honda

  32. Vimeo

  33. HBO Max (owned by Warner Bros. Discovery)

  34. Novo Nordisk

  35. Intuit (owner of Quickbooks)

  36. The North Face

  37. Columbia (sportswear company)

  38. Volkswagen

  39. Abbott Laboratories (pediasure.ca)

  40. Petco

  41. cerebral.com

  42. servicetitan.com

  43. Google (Google Career Certificates and Google Workspace Domains)

  44. McDonald’s

  45. ​​Hyatt Hotels Corporation

  46. Lavazza

  47. Siemens

  48. Alberta Blue Cross Plan

  49. California Science and Technology University

  50. Edgewell Personal Care (owner of Schick razors)

  51. Enterprise Rent-A-Car

  52. Rocket Mortgage

  53. Church & Dwight (OxiClean)

  54. National Geographic

  55. American Committee for the Weizmann Institute of Science (weizmann-usa.org)

  56. Aflac Inc. (American Family Life Assurance Company)

  57. XM.com (trading name of Trading Point Holdings Ltd.)

  58. Wolters Kluwer

  59. Virgin Voyages

  60. Aeroméxico (aeromexico.com)

  61. Paramount Plus

  62. Lacoste

  63. James Hardie Industries

  64. Western Union

  65. National Harbor (nationalharbor.com) - from the Maryland Office of Tourism (visitmaryland.org)

  66. Ebay

  67. Klaviyo

  68. Okta

  69. Zillow

  70. St. George’s University

  71. Cisco

  72. Hyundai

  73. Mazda

  74. Notion (notion.so)

  75. Subaru

  76. Consumer Cellular

  77. Fandango (fandango.com)

  78. Michigan Economic Development Corporation (michigan.org)

  79. Tourism Nova Scotia (planyournovascotia.com)

  80. Kayak.com

  81. etoro.com

  82. Royal Dutch Gazelle bikes

  83. Terminix Pest Control & Termite Treatment

  84. Canadaisthesolution.com (Canadian Energy Centre Ltd)

  85. FreeTaxUsa.com

  86. Squarespace.com

  87. hotjar.com

  88. Carrefour

  89. Olt.com

  90. Netgear

  91. The Federalist Society

  92. Quirion AG

  93. MyFundedFX

  94. Scholastic Corporation

  95. Adobe

  96. Miele (domestic appliances)

  97. Hertz

  98. Bosch

  99. Vimeo

  100. Plaid

  101. Hollister

  102. TikTok

  103. United Wholesale Mortgage

  104. Indeed.com (jobs website)

  105. Bellroy (Australian accessories brand)

  106. Fiverr

  107. Tommy John

  108. Micro Focus International Plc

  109. NewRelic

  110. sitechange.com

  111. vda-global.lilisi.com

  112. Comarch

  113. Circa Resort & Casino Las Vegas (circalasvegas.com)

  114. Dyson

  115. Beliani

  116. Semrush

  117. McCain Foods

  118. Expedia, Vrbo, and hotels.com

  119. kodiakcakes.com

  120. tablethotels.com

  121. Pancreatic Cancer Action Network (PAN)

  122. Grammarly

  123. GrubHub

  124. Allbirds

  125. Bristol Myers Squibb

  126. Pfizer

  127. Haleon (formerly GSK Consumer Healthcare)

  128. Athletic Greens

  129. Fever-Tree

  130. KitchenAid (American home appliance brand owned by Whirlpool Corporation)

  131. Doptelet (AkaRx, Inc)

The list of media agencies and media buying companies that appeared to have transacted muted, auto-playing, out-stream TrueView ads include:

  1. Interpublic Group (Matterkind, Initiative, Mediabrands)

  2. Dentsu (Amnet)

  3. Publicis (Audience on Demand, Precision)

  4. Omnicom (Accuen)

  5. WPP (Xaxis, Headlight, Essence)

  6. Havas (Affiperf)

  7. Jellyfish

  8. Brain Labs Digital

  9. Horizon Media (Canvas WorldWide)

  10. MiQ

This mis-declared TrueView in-stream inventory has been observed going back as far as 2020.

Google was observed serving brands’ TrueView ads on websites that have had tens of thousands of copyright violation takedown requests filed against them (potential “piracy sites”), raising possible brand safety concerns and questions about the validity of Google’s TAG Certification and MRC Brand Safety accreditation.

According to Google’s stated policies, Google complies with valid copyright requests and frequently delists content as a result of copyright infringements. However, it appears Google permits repeated infringement offenders to continue monetizing their content through TrueView ads. 

Furthermore, Google was observed delivering thousands of TrueView ads to declared bots running out of Google Cloud data center servers. YouTube has not allowed independent 3rd party measurement and verification tags to be applied to its ad inventory since 2016.

Fortune 500 brands’ TrueView skippable in-stream ads were reported as being delivered on Russian websites, including “pravda.ru” - a website which has been characterized as “being a tool of the Russian state” and has been cited by NewsGuard as “publishing false, pro-Russian disinformation, including false claims related to the invasion of Ukraine.”

Ad campaign placement reports regarding TrueView skippable in-stream ads include references to mobile apps and websites which either do not currently exist, or do not contain any ads whatsoever, raising the possibility that either Google’s placement reporting tools have software bugs or are susceptible to deception by invalid ad traffic.

Lastly, in some instances, TrueView skippable in-stream ads from brands were reported as serving on delisted or side-loaded Android apps that are not allowed on the Google app Play Store. Some of these delisted or side-loaded apps are developed and maintained by software vendors based in US Treasury OFAC sanctioned countries such as Iran, which raises the question of whether Google’s advertisers are inadvertently sending funds to Treasury sanctioned entities.

Adalytics shared an advanced copy of this report with Ebiquity, a major marketing and media consultancy which helps brands audit their ad buys. Ruben Schreurs, the Chief Product Office of Ebiquity noted:

"The research report by Adalytics is highly incriminating. Based on the findings and allegations represented within, I see this as a structural misrepresentation of advertising products at best, and downright fraudulent misleading practices at worst. If true, this will have major repercussions in the industry and lead to a significant negative impact on Google's perceived quality and reliability. Ebiquity works for over 75 of the top 100 brands, nearly all listed in this report as possibly being exposed, and we will initiate a large-scale review of this immediately. We thank Adalytics for their hard work in this and previous cases, and look forward to a detailed reply from Google."

A Member of the European Parliament (MEP) in Brussels - Paul Tang, also said:

"Google deliberately makes itself the play doll of dictators, also dragging the European Parliament through the mud. The same Parliament that declared the Russian Federation in November 2022 a state sponsor of terrorism, advertises on Russian propaganda websites like Pravda because of Youtube's scandalous system. Exposing once again the AdTech duopoly of Google and Facebook is a highly opaque game of billions which threatens democracy."

Read more at:

https://adalytics.io/blog/invalid-google-video-partner-trueview-ads


See also video by Louis Rossman

Youtube wants us to pay for views - this platform is circling the drain



23 July 2023

Spain hits Apple and Amazon with $218 million combined antitrust fine


Apple's consolidation of its third party iPhone, Mac, and iPad resellers to Amazon has induced Spain's antitrust agency to levy a $218 million fine in total on the pair.

Spain's Comision Nacional De Los Mercados Y La Competencia (CNMC) announced in July 2021 that it was investigating if Apple and Amazon have unfairly colluded to "reduce competition in the Internet retail market for electronic products."

Specifically, the group was looking for proof of any deals that the pair made limiting sale of Apple products to Amazon itself. Two years later, it appears to have found the proof it was looking for, and has fined the pair 194.1 million euros in total.

"We reject the suggestion made by CNMC that Amazon benefits from excluding sellers from its market place, as our business model hinges precisely on the success of the companies selling through Amazon," Amazon said in a statement to Reuters on Tuesday morning.

Both Apple and Amazon have stated that the deal benefits consumers, protects buyers from fake products, and increases the number and magnitude of discounts offered to customers.

Of the 194.1 million euro fine, Apple was hit with 143.6 million, and Amazon 50.5 million euro. Both companies have already said that they will appeal the matter, and they have two months to do so.

Apple selling directly in Amazon began at the same time almost worldwide. The deal, which applied to the United States, United Kingdom, France, Germany, India, Italy, Japan, and Spain started in November 2018.

Prior to the deal, the products were either not available or only sold through the third-party marketplace. This process led to products being offered to Amazon customers at varying price points, and not necessarily in perfect condition.

In the US, terms of the Apple-Amazon agreement mean that resellers must either be authorized by Apple, or buy at least $2.5 million in refurbished inventory every 90 days. The latter must come directly from Apple or through a third party with over $5 billion in annual sales, typically meaning carriers and national retailers. It's not clear if the terms in Spain are the same.

Third-party vendors not meeting those purchase thresholds were prevented from selling Apple products on the Amazon store in January 2019.

In the United States, most of the Specialists in the country doing Apple resale have closed, with the rate accelerating in the last few years. The first wave started and continues with Apple's retail store expansion, and the Amazon deal was and is another nail in the coffin.

Source:appleinsider