A.I. is increasing in leaps and bounds in what can be done with it.
As usual humans find ways to use technology for nefarious purposes.
Here is a benign example of a 'video' created totally by A.I.
This now at a new level, where can you truly tust what you see in 'social media' clips or even YouTube?
Source: László Gaál
There are too many people nowadays who are not what they portray to be.
It's too easy today to forge a fraudulent identity online where people pretend to be what they're not.
From 'social media's' 'influencers' to to finance and business 'gurus' (e.g. Robert Kiyosaki, of Rich Dad Poor Dad fame) to so called professionals in academia.
This can all come crashing to an end when some people start doing a 'deep dive' into who you really are.
Let's take a closer look at Lex Fridman, where a Wikipedia post says the following at the time of this writing:
Lex Fridman (/ˈfriːdmən/; born 15 August 1983) is an American computer scientist and podcaster. Since 2018, he has hosted the Lex Fridman Podcast, where he interviews notable figures from various fields such as science, technology, sports, and politics.
Fridman rose to prominence in 2019 after Elon Musk praised a study Fridman authored at MIT, which concluded that drivers remained focused while using Tesla's semi-autonomous driving system. The study was criticized by AI experts and was not peer-reviewed.[4][5] That year Fridman transitioned to an unpaid role at MIT AgeLab,[4] and since 2023 has worked as a research scientist at the MIT Laboratory for Information and Decision Systems (LIDS).[6]
Alexey Alexandrovich Fridman was born in Chkalovsk, Tajik Soviet Socialist Republic and grew up in Moscow.[7][4] He is Jewish.[8] His father, Alexander Fridman, is a plasma physicist and professor at Drexel University. His brother Gregory was also a professor at Drexel.[4]
When he was about 11, soon after the collapse of the Soviet Union, Fridman's family moved from Russia to the Chicago area.[4][9] He attended Neuqua Valley High School in Naperville, Illinois.[10] He then went on to obtain B.S. and M.S. degrees in computer science at Drexel University in 2010,[11] and completed his Ph.D. in electrical and computer engineering at Drexel in 2014.[12] His PhD dissertation, Learning of Identity from Behavioral Biometrics for Active Authentication, was completed under the advisement of engineering educators Moshe Kam and Steven Weber and sought to "investigate the problem of active authentication on desktop computers and mobile devices".[13]
In 2014, Fridman was hired by Google to continue his dissertation work on the use of AI for identity authentication, but left the company after only six months stating that he prefers the "chaos of research and the academic environment".[12] In 2015, he moved to MIT's AgeLab to work on "psychology and big-data analytics to understand driver behavior."[4]
In 2019, Fridman published a non-peer-reviewed study about Tesla Autopilot finding that drivers using semi-autonomous vehicles stayed focused, contrasting with established research on how humans interact with automated systems. Following his Tesla Autopilot study, Fridman was flown to Tesla offices for an interview with Elon Musk. Fridman's study on Tesla Autopilot was criticized for its methodology by Missy Cummings, a professor at Duke University and advisor for the National Highway Traffic Safety Administration, who described it as "deeply flawed". AI researcher Anima Anandkumar suggested Fridman should submit his study for peer review before seeking press coverage.[4][5] Following the interview with Musk, viewings of his podcast episodes increased significantly. The study was later removed from MIT's website.[4]
Following the publication of the study, he left AgeLab and took up an unpaid role in MIT's Department of Aeronautics and Astronautics.[4] As of 2023, he is a research scientist at the MIT Laboratory for Information and Decision Systems (LIDS).[6][14]
____________________________
But is is true what the wikipedia article states?
Some people even threathen to sue Wikipedia, if the truth is 'unflattering' to them, or maybe if it just hurts their feelings.
Telstra's CEO Solomon Trujillo, threatened to sue Wikipedia, where someone public the truth redarding his business dealings in the United States before he 'fled' to Australia to become head of a Telecom's giant.
See article: https://solomontrujillo.blogspot.com/ which is different from today's Wikipedia page on "Sol Trujillo", where there is no 'Controversies' section, how convenient.
Let's see what a couple of people have to say about Mr. Fridman.
Is Lex Fridman a FRAUD?: (12m19s)
Cybersecurity firm Mandiant has unveiled a groundbreaking discovery that demonstrates how threat actors could potentially bypass browser isolation technologies using QR codes as a covert command-and-control (C2) communication channel. The research, disclosed on December 8, 2024, raises significant concerns about the effectiveness of current browser isolation security measures.
The novel technique, developed by Mandiant's Red Team, leverages machine-readable QR codes embedded within web pages to establish unauthorized communication channels. This method proves effective against all major types of browser isolation solutions, including remote, on-premises, and local implementations, potentially compromising organizations' security infrastructure.
"The discovery highlights a critical weakness in what many organizations consider a robust security measure," explained a senior researcher at Mandiant. "By utilizing QR codes as a transmission medium, attackers can effectively circumvent traditional browser isolation protections that are designed to separate user browsing activity from the corporate network."
The proof-of-concept implementation demonstrated by Mandiant researchers utilizes Google Chrome in headless mode, integrated with Cobalt Strike's External C2 feature. The malicious implant operates by rendering web pages in a headless browser, capturing screenshots of embedded QR codes, and subsequently decoding them to extract command data.
However, the technique does come with notable limitations. The researchers found that the QR code-based C2 method is constrained by a maximum data capacity of 2,189 bytes, primarily due to streaming quality issues. Additionally, the communication process experiences significant latency, with each request taking approximately five seconds to complete, making high-throughput operations like SOCKS proxying impractical.
"While the current implementation may not be optimal for large-scale data exfiltration, it proves the concept that browser isolation can be circumvented through creative means," stated a Mandiant Research Team. "This should serve as a wake-up call for organizations relying solely on browser isolation as their primary defense mechanism.
"In response to these findings, Mandiant has issued several recommendations for organizations to strengthen their security posture. These include implementing comprehensive traffic inspection mechanisms to detect anomalous patterns indicative of QR code-based C2 activity, conducting regular domain reputation checks, and deploying advanced URL scanning solutions.
Security experts emphasize the importance of adopting a multi-layered "defense in depth" strategy rather than depending on a single security solution. "Organizations need to understand that no single security measure is foolproof," noted a cybersecurity analyst familiar with the research. "This discovery reinforces the need for comprehensive security strategies that combine multiple protective layers."
The revelation has prompted increased attention from the cybersecurity community, with several organizations already beginning to evaluate their browser isolation implementations in light of this new threat vector. Security vendors are also expected to develop countermeasures to detect and prevent such QR code-based bypass attempts.
As organizations continue to rely on browser isolation technologies as part of their security infrastructure, Mandiant's discovery serves as a crucial reminder of the ever-evolving nature of cyber threats and the importance of maintaining robust, multi-layered security defenses.
Found this article interesting? Keep visit thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this.
Source:thesecmaster.com
See also other articles on QR Codes:
Meta’s ‘asset’ illegally, at least in Australia, promotes ponzi schemes, gambling and phishing sites that will cause (financial) harm to people who click on those links.
If you’re running a dodgy business, wanting to defraud people of their hard earned cash, all you have to do is pay Meta the relevant ‘advertising’ fee and they will promote your post.
This has been going on for quite some time and the ‘Australian Government’ (Pty Ltd, LLC, etc etc) has been doing nothing about it.
What's also concerning, is that Australia's governments (state and federal) have also used taxpayer funds to falsely promote a trial drug as a so called 'vaccine' for a few years on this advertising forum referred to as Facebook, is also swept under the rug.
NO inquiry on that matter, thank you very much!
Forget the proposed 'Misinformation and Disinformation' law, legally referred to as the Communications Legislation Amendment (Combatting Misinformation and Disinformation) Bill 2024, this is plane Jane fraud 'supported' by Mark Zuckerberg.
Will the Australian Government truly put it's foot down on one of the resources it uses against people?
You can’t really trust the government to protect you now can you, as this is not the first job of government!
See what the first job of government is, in the post:
See also:
Google had a motto “Don’t be evil”, where it’s not a ‘normal’ company value.
This value is no longer current, why?
Is it because that goal has already been breached?
Google is one of the world’s largest advertising corporations and supplier of data to the FiveEyes global surveillance network, and as a result its (alleged) illegal actions, such as breach of copyright or monopolistic behaviour have long been overlooked by governments worldwide.
Depending on one’s interests ‘influencers’ such as the Kardashians, Khabane Lame, Mr Beast, PewDiePie etc, in fact all of them even collectively, pale in comparison to how Google can ‘influence’ people.
Google ‘falsifies’ search results, in one example based on a person’s login, where the internet history is used to profile the user’s religious, political and sexual beliefs, compared to another person’s different internet useage history rather than the metrics on hand of the topic concerned.
Google even removes topics from its search pool, see post from 14 years ago:
AS mentioned before Google is the world’s largest copyright breacher, where nothing has been done about it for decades, where now it allows the theft of creator’s content on its YouTube platform to be used for A.I. as an example.
So what’s the point of copyright law, if it’s not being enforced?
Is it only enforced if a kid downloaded a song for 'free'?
To make matters even worse, people coming to YouTube to obtain an honest review of a phone from a ‘content creator’ cannot even trust that source, as that source is ‘influenced’ by Google.
Google gets its creators on YouTube to falsify product reviews under a program called ‘Brand Love’ where the creator MUST agree to the following:
“By opting into this program, do you acknowledge that you are expected to feature the Google Pixel device in place of any competitor mobile devices? Please note that if it appears other brands are being preferred over the Pixel, we will need to cease the relationship between the brand and the creator”
Google should be charged at the very least with false, deceptive and misleading conduct in relation to this matter.
Will the legal system business take this course of action?
The answer would be, probably not!
MANY people may think that companies, or internet data hoovering corporations wrapping themselves up as 'social media' platforms require you to use 2FA (Two Factor Authentication) for your 'security', but that is a farce, where it's all about tying your number to your 'person'.
In any event your number can be 'spoofed' or hijacked / hacked.
Realistically this action is part of the Nanny State agenda.
For a more in-depth explanation see the following:
We’ve come to a new age, where A.I. generated ‘content’ will saturate the internet.
The worst part about it that it’s absolute garbage, low quality and low value to the user.
It's bad enough that Google has screwed the internet, where approximately 60% of one's traffic now is 'advertising' material, we the 'consumers' or products (if the service is 'free') have to contend with technologies to reduce that amount of unwanted/unnecessary advertising material that bombards our daily lives, and now we have to deal with this new 'fake news' like material.
The problem there is that this type of content will not be moderated, whereas conversely MANY people's posts are deleted if not in line with a political or medical agenda in play.
Too bad, so sad, 'we' (the 'consumers') lose, again!
When it comes to picking the right VPN provider, jurisdiction is important.
By jurisdiction, that means where the company providing a VPN is actually based, and not where its servers are located, but that matters too.
This is crucial for a number of reasons, but the major issue is state surveillance.
You may not be aware of it, but security agencies in most developed nations have the ability to snoop and monitor almost everything you do. And they use these powers to the full, as the NSA scandals showed.
It would be naïve to think that VPNs are immune to their intrusive activities.
It emerged from the UKUSA security agreement, signed in 1946, and has been updated for the digital age. The idea behind the agreement was to ensure that Cold War allies could share SIGINT (signal intelligence) seamlessly. And the treaty also sought to keep this information sharing under wraps, remaining secret to the public until 2005.
Nowadays, the core aim of the alliance is to monitor their citizens’ online activity. And if certain laws prevent one member from digging into its peoples’ internet escapades, they can just ask another Eye to do the dirty work for them. The UK was found guilty of just that – asking the NSA to provide any data they pulled about United Kingdom residents.
Why was the 5 Eyes agreement kept hidden from the people? Well, we still don’t know the full story and the true scope of information gathering carried out under the terms of the alliance. But the implication is that the USA and its allies were engaged in detailed surveillance and intrusive activities which electorates would find controversial.
It very likely included the use of ECHELON, STONEGHOST, PRISM, and various other surveillance systems, which tapped into electronic communications across the world.
If the intrusive operations permitted by the UKUSA treaty were the only global surveillance network, life would be easier for many spying-wary citizens. However, the core alliance doesn’t operate on its own. It has also gathered a series of satellite partners, that supplement its intelligence-gathering capabilities:
Israel operates hand in glove with the US government, providing and requesting security information on individuals of interest. It also has a thriving tech sector where cybersecurity is a major growth area. So users should be cautious about using Israeli VPNs.
Other partners include Asian nations like Singapore, Japan, and South Korea. All of these countries came under the US sphere of influence during the Cold War, and retain intelligence sharing systems with Washington. The same applies to British Overseas Territories like Bermuda or the Cayman Islands.
Here’s the full 9 Eyes list for reference:
Essentially the 9 Eyes network is an extension of the 5 Eyes group, and there is a debate about how formalized its structures are, and how powerful it is.
The main reason we are having this debate is down to one man: Edward Snowden. When he went public with his revelations about the NSA back in 2013, Snowden lifted the veil from the NSA’s global surveillance structures, confirming the existence of the 5 Eyes list.
What’s notable is that the 9 Eyes, and by extension the 14 Eyes, don’t have the same privileges as the 5 Eyes. Not all information collected by 5 Eyes members is available to the rest of the group, but the core nations are privy to all data gathered by the rest of the alliance countries, including satellite partners.
According to Snowden, the original 5 Eyes are not supposed to target each other. So, there should be no wiretapping by the USA of UK government meetings, and Australian ministers should be free to use the web without their activities being logged by the NSA. But that doesn’t really apply to other members.
This alliance also emerged directly from the Cold War and NATO structures, being christened the “SIGINT Seniors Europe” grouping. But it is much more loosely integrated into the circuits of global intelligence sharing than countries in the core alliance.
In fact, this has led to some friction, with Germany demanding greater access to intelligence data. In 2015, allegations emerged about the NSA spying on German government meetings, so it’s easy to see why they would want the protection from mutual spying that being in the 5 Eyes provides.
However, the core nations have sought to protect their privileges, leading some of the 14 Eyes countries to go their own way. In August 2018, the Germans announced a major new cybersecurity initiative along the lines of America’s DARPA, with the aim of establishing digital independence from the USA/UK.
Recent years have also seen the rise of “Pirate Parties” in nations like Sweden, which prioritize digital freedom and privacy, making governments less inclined to strengthen their ties to bodies like the NSA.
Naturally, this alliance has numerous ways to spy on people. And we only know about a fraction of systems used to monitor and gather citizen information. Here are a few that received media attention, bringing them to light.
This surveillance program was originally created in the 1960s to spy on the Soviet Union and its Eastern Bloc allies by the signatory states to the UKUSA Security Agreement. Now, they are the core 5 Eyes countries, and ECHELON has greatly expanded beyond the original scope.
According to the documents leaked by Snowden, ECHELON’s systems are capable of eavesdropping on telephones, faxes, computers, emails, bank accounts, and so much more. And the computers used for this purpose can store millions of records about individuals.
USA-led surveillance program the NSA uses to request user data from technology and telecommunication companies. Such information includes essentially anything that is passed over the company’s network. We’re talking about emails, chat logs, photographs, documents, videos, etc.
The confirmed companies participating in PRISM are:
As of today, the true extent of the PRISM program is still unknown.
Another NSA-led program that allows surveillance in real-time and the agents intercepting your communications don’t require a warrant to do so. With XKeyscore, they can parse through metadata, emails and the content on them, VoIPs, browser history, and any other internet activity associated with a person.
It shouldn’t be surprising that the 5 Eyes countries have access to these surveillance databases.
In recent years, 5 Eyes governments have passed numerous laws which should concern VPN users.
For instance, the UK’s Investigator Powers Act empowered GCHQ to collect the following:
These nations have also beefed up their powers to force Internet Service Providers (ISPs) to hand over data regarding individual users, again using national security as an excuse. And ISPs have tended to comply, adding backdoors when asked which allow security agencies to access the flow of consumer data.
Most importantly, governments have recognized the increasing usage of VPNs and taken steps to neutralize the threat they pose. Experts now generally advise users to avoid companies based in 5 Eyes nations and to exercise caution when using servers located in these nations.
While the intelligence-gathering abilities of Washington and GCHQ are formidable, they are generally focused on specific security threats and interests, not everyday web users.
So there’s room to question how dangerous the 5 Eyes is when choosing a VPN jurisdiction. But bear in mind that we simply don’t know the full scope of how VPNs interact with bodies like the NSA, and given the past history of governments, there’s a decent chance that VPNs in 5 Eyes countries have working relationships with spooks.
Here’s another area where things get interesting. On one hand, third parties on the 9 Eyes list tend to have less intrusive surveillance agencies than the 5 Eyes. So they should be more trustworthy as hosts for VPN providers. And plenty of VPNs have set up in these countries, such as GooseVPN (in the Netherlands) or ActiVPN (in France).
However, if you scroll through a list of the world’s most trusted VPNs, you’ll probably notice that many aren’t based in 9 eyes countries. The same security concerns apply to 9 Eyes jurisdictions as to those in the five eyes list. VPNs located in places like Norway or France are liable to be subpoenaed by the FBI or other agencies, forcing them to either release logs or hand over encryption key data.
Of course, you need to bear in mind that the risk is low for everyday users, but if you are using a VPN for sensitive business or political communications, the 9 Eyes alliance is just as perilous as the core 5 Eyes nations. In fact, given that the 5 Eyes nations have an agreement not to spy on each other, there may be a higher probability of VPNs in third party nations being compromised.
As with 5 Eyes nations, this tends to lead experts to advise those in need of the best possible security protection to avoid a VPN jurisdiction in the 9 Eyes network.
The answer to this question is exactly the same as with the other alliances. Yes, it tends to be riskier to use VPNs based in 14 Eyes countries than those outside the alliance.
There have been cases of these informal information-sharing networks being used to issue DMCA notices from US-based corporations, targeting file-sharers in other jurisdictions. And anyone in a 14 Eyes nation can expect the same kind of intrusion from state surveillance agencies, making them dangerous for transmitting sensitive information.
In general, 14 Eyes countries will be slightly more autonomous where privacy is concerned than their partners in the core alliances. And for ordinary users, the risks are small.
By now, you’re probably asking yourself whether you should always look for VPNs based outside the 14 Eyes umbrella. There are certainly plenty of good reasons to do so.
Most importantly, VPNs located outside the core nations will be much more tightly protected against legal challenges and state surveillance originating in the USA. So if you intend to work around geo-blockers or torrent large amounts of data, they could be the right option to go for.
This is especially important if you are worried about protecting personal communications from the eyes of the state. If privacy is your major concern, choosing a VPN jurisdiction outside the 14 Eyes is essential.
So, where should you look? Given that the world now has over 200 nations, there shouldn’t be any lack of contenders. Several things you should pay attention to while picking a VPN provider:
Generally, VPNs in countries like Switzerland or Panama will deliver enhanced protection against snoopers, especially if they offer techniques like “multi-hop” transmission. So when choosing your next VPN, take jurisdiction into account. It’s a key part of ensuring online security, so it pays to keep your eyes open and exercise caution.
With so much data and our lives being shared on the web, you should think about minimizing how much you share of yourself online. We recommend:
If the parent companies are actually located in Fourteen Eyes countries, which are typically high-surveillance countries, users’ data could be wide open to the governments.
Suppose they are in Russia, China, and other authoritarian or repressive regimes. Then, the governments force them to provide data on a default basis (we discussed this in our Chinese surveillance analysis). The parent company may also be willing to sell user data.
In 2019, US senators planned an investigation into the foreign servers used to redirect traffic when using a VPN. Senators Marco Rubio (R-FL) and Ron Wyden (D-OR) noted the following [pdf]:
“If US intelligence experts believe Beijing and Moscow are leveraging Chinese and Russian-made technology to surveil Americans, surely DHS should also be concerned about Americans sending their web browsing data directly to China and Russia.”
For ultimate safety, a VPN shouldn’t operate in any of the 5, 9, or 14 Eyes alliance countries. A privacy-friendly jurisdiction means there’s no push to collect your data or what you do while the VPN is turned on. As such, locations like Panama, Switzerland, The British Virgin Islands, Romania, and so on, are what you should look for. If you want the best VPN service tucked away from the clutches of the Eyes alliance, we recommend getting NordVPN, now 74% off.
If the owning company is untrustworthy, it could bring up many problems. We’re talking about parent companies with major vulnerabilities or even suspicious add-ons and possible phishing emails with malware. This could lead to stolen data user data or even hacked computers.
This is especially applicable if you’re entrusting yourself to free VPN brands. We understand the appeal, but, ultimately, they aren’t worth it since you’re paying for these services with your data instead. In fact, numerous costless VPN providers have been caught collecting various information about their users.
Let’s take Betternet. They promise utmost privacy and security, yet what’s actually happening behind the scenes couldn’t be further away from it. The company behind it was busted for logging and selling user data to third parties, as well as embedding third-party trackers into its VPN Android app.
Another example is Hola VPN. For them, stealing and reselling your bandwidth is fair game. And the VPN itself isn’t really a private virtual network, but rather a P2P network. Here, the user itself is the endpoint other people connect to, meaning strangers are cloaking themselves in your IP address. If they do something that’s illegal, you’re the one who’s going to get busted for it, not the actual perpetrators.
Worldwide, governments hate the general population/serfs/plebs having ‘private’ communications, citing the obvious excuse, that being not crime but this next level thing called ‘terrorism’, where some nation’s governments are the very definition of terrorists.
End-to-end encrypted services such as Proton Mail, Signal, Telegram et al, are under attack by governments where in the colony called Australia, the uneducated MPs in government want the manufacturers to build a “systemic weakness” or a backdoor into the product.
Apple or Meta 'encrypted' products aren't truly 'private' as your communications data is handed over to authorities, once requested.
They do not want the plebs to have ANY sort of (digital) privacy, where if they could in the colony, they would install a law that bans houses from having curtains/drapes/shutters.
The Indian government used a ‘convenient’ excuse to ban Proton Mail, alleging that hoax bomb threat was sent to 13 schools.
The Indian government 'supports' the criminal actions of 'scammers' from call centres specifically set-up to rip-off westerners.
As if they (the Indian government) cares that some pensioner in the US/Australia was robbed of their life savings, because if the government factually did care, these criminal actions would have stopped decades ago.
In any event, would this also have been the case if a Hotmail or Gmail address was used?
Was the source of the email an actual hoax or a job seconded by the government?
In reality we will never know, as governments lie to people every single day.
What we do know is that end-to-end encryption services are under attack!
We therefore encourage more people to use them and support them financially if one can.
This action is part of the global Nanny State agenda.
This 'internet scam' that is delivered via Australia Post, and it's a scam, or a hijacking of your Domain Name Registration.
This type of scam has been going on for over 20 years where the authorities have done nothing to shut this scam down.
This scam is aimed at the larger corporations, whose accountants 'just pay the bills' presented before them.
Sure if you factually read this so called bill 'like' piece of paper, it does state that it is not a renewal notice or bill, but its sheer existence falls under unconscionable conduct, no?
A domain name registration can cost you $20, where they'll hijack yours for nearly 5 times as much.
See other registrations by 'Registry Australia':
Surely this cannot be an 'honest' business?
Anyone care to take them to court over unconscionable / deceptive conduct?
https://spyware.neocities.org/articles/
If you want to contribute to this website, you can always make a pull request.
Microsoft should be in the courts for this action, BUT alas the legal profession is asleep on this matter.
Microsoft Edge has numerous features to make the browsing experience better. For example, Startup Boost ensures Edge launches instantly, and improved text rendering delivers better fonts on Windows. These, in addition to several more, make Edge stand out among competitors. However, some services are head-scratching at best or outright bewildering at first sight.
Recently we covered a feature that could make one think Microsoft can see every picture you view online. Here is another one: an upcoming release will add a toggle enabling Edge to take screenshots of each page you visit. And no, it is not a clickbait-like assumption: Microsoft clearly states it wants to screenshot everything you view online.
Microsoft Edge 117, currently available for testing in the Canary and Dev channels, has a new toggle called "Save screenshots of site for History" with the following description:
We'll take screenshots of the sites you visit and save it so that you can quickly revisit the site you want from history.
Turning on the feature will let you revisit any page from your browsing history without an internet connection. In other words, you get a built-in Pocket-like service for offline reading. Besides, you will be able to hover a cursor over a webpage in history to preview its thumbnail.
That sounds great and useful—no more downloading third-party extensions or apps for reading pages offline (something Apple introduced in Safari years ago). However, Microsoft again falls flat on its face with a confusing feature name and description.
You cannot blame an average consumer for making false assumptions after reading about a service taking screenshots of each and every webpage without exception. There is no extra information about privacy, encryption, and other safeguards to give the user peace of mind.
Also, the initial implementation lacks the exception capability for preventing the browser from taking "screenshots" of specific websites (a button for manually saving a select page would also be great).
"Save pages for offline reading," or something similar, sounds much less alarming, but Microsoft decided to go the other way. One can only hope developers will ship this confusing-looking feature to the Stable channel in a much more polished and refined form.
Fortunately, the toggle is off by default, and now you know why Microsoft Edge Dev and Canary want to screenshot everything you view online. You can enable or disable the "Save screenshots of site for History" feature by heading to Settings > Privacy and Services. Alternatively, use the edge://settings/privacy link.
If you MUST use the Windows spyware operating system, the recommendation is NOT to use the Edge browser, instead to look into ther alternatives such as Brave or Mullvad.
April 11 (Reuters) - An Israeli firm's hacking tools have been used against journalists, opposition figures and advocacy organizations across at least 10 countries - including people in North America and Europe - according to new research published Tuesday by Microsoft Corp (MSFT.O) and the internet watchdog Citizen Lab.
Citizen Lab said in its report that it had been able to identify a handful of civil society victims whose iPhones had been hacked using surveillance software developed by the Israeli company, QuaDream Ltd - a lower-profile competitor to the Israeli spyware company NSO Group, which has been blacklisted by the U.S. government over allegations of abuse.
In its report published at the same time, Microsoft said it believed with "high confidence" that the spyware was "strongly linked to QuaDream."
In a statement, Microsoft Associate General Counsel Amy Hogan-Burney said that mercenary hacking groups like QuaDream "thrive in the shadows" and that publicly outing them was "essential to stopping this activity."
Israeli lawyer Vibeke Dank, whose email was listed on QuaDream's corporate registration form, did not return a message seeking comment. Repeated attempts by Reuters to reach QuaDream over the past year - including a visit to the company’s office outside Tel Aviv - have been unsuccessful.
Reuters reported in 2022 that QuaDream had previously developed a no-interaction-needed hacking tool similar to the programs deployed by NSO. Such hacking tools, known as "zero-click," are particularly prized by cybercriminals, spies, and law enforcement because they can remotely compromise devices without an owner needing to open a malicious link or download a tainted attachment.
NSO did not immediately return a message seeking comment.
Neither Citizen Lab nor Microsoft identified the targets of QuaDream's software, but the allegation could still be damaging for the firm.
The reports come on the heels of an announced crackdown on the international spyware industry by U.S. President Joe Biden. Last month, the White House announced an executive order intended to curb the purchase of surveillance software by U.S. agencies if the programs are also being used by repressive governments abroad.
The White House did not immediately respond to a message seeking comment.
Unlike NSO, which regularly briefed journalists amid allegations of abuse, QuaDream has kept a lower profile. The company has no website touting its business and employees have been told to keep any reference to their employer off social media, Reuters has previously reported.
Source:Reuters.
Did Google mislead advertisers about TrueView skippable in-stream ads for the past three years?
This report finds that advertisers including Fortune 500 brands, the US federal government, and many small businesses may have been misled for years about Google’s proprietary TrueView skippable in-stream video ads. This misalignment may have cost media buyers up to billions of digital ad dollars, which were ultimately spent on small, muted, out-stream, auto-playing or interstitial video ad units running on independent websites and mobile apps.
TrueView is Google's “proprietary cost-per-view, choice-based ad format that serves on YouTube, millions of apps, and across the web.” With TrueView, advertisers only pay “for actual views of their ads, rather than impressions.” TrueView asks users if they want to skip the video ad after 5 seconds with a visual prompt. Google’s policies state that TrueView ads must be skippable, audible, and playing of the video (and ad) cannot be solely initiated by passive user scrolling.
However, this research report finds that for years, significant quantities of TrueView skippable in-stream ads, purchased by many different brands and media agencies, appear to have been served on hundreds of thousands of websites and apps in which the consumer experience did not meet Google’s stated quality standards. For example, many TrueView in-stream ads were served muted and auto-playing as out-stream video or as obscured video players on independent sites. Often, there was little to no organic video media content between ads, the video units simply played ads only.
Adalytics shared examples of these TrueView skippable in-stream placements with advertisers and media buyers. Several dozen marketers stated that they would not have purchased this TrueView skippable in-stream inventory running on 3rd party environments, if this fact was clearly explained to them in advance. Marketers also shared that they did not expect or want video ads to be run muted, and doing so was contrary to their understanding of TrueView.
Critically, Youtube and Google’s own policies state that TrueView in-stream ads must be skippable, audible, and initiated by viewer action. TrueView in-stream ad placement reports from brands and advertisers - including Fortune 500 brands - showed that in some ad campaigns, between 42 to 75% of TrueView in-stream ad spend was allocated to GVP sites and apps which did not meet Google’s standards.
Many media buyers were surprised to learn that the majority of their ad budgets against a so-called “walled garden” environment was spent on muted, auto-playing video ads on third party websites such as lebanonfiles.com and freewebnovel.com, or on foreign-developed Android mobile gaming apps for toddlers.
Many TrueView skippable “in-stream” ads that Adalytics reviewed were delivered on sites and apps in which the ads were rendered in a method that violates Google’s own definitions of in-stream. Specifically, ads were placed on pages with such characteristics as
in small, out-stream video players in the corner or side of the consumer’s device viewport
in a fully muted video player
with little to no video content in between consecutive TrueView ads
where the video ads auto-play without any viewer interaction or initiation
the ads played continuously, on a loop
One digital advertising professional who was shown an advanced copy of this report said “repackaging shitty, brand-unsafe outstream as instream is a big problem.” The professional further stated “that seems like a fraud”.
In some instances, multiple TrueView skippable in-stream ads were rendered on a consumer’s device at the same time. Other examples include TrueView skippable in-stream ads that were served “stacked” on top of another “in-stream” ad. Furthermore, in some instances, the “Skip” button from the video ad was hidden or obscured outside the user’s viewport, making it impossible for the consumer to “choose to skip” the video ads after 5 seconds, forcing the user to experience the ad – a direct violation of Google’s quality standards for TrueView ads. This may have artificially inflated TrueView skippable in-stream ad video completion rates, possibly resulting in higher costs for Google’s advertisers.
Another media buyer who received an advanced copy of this research told Adalytics:
“Nobody goes to walled gardens like YouTube to run on audience networks which all have the same crappy inventory. This is a method for YouTube and Google to extract more budget and manufacture scale in a way that is palatable to the advertiser because they don’t fully understand it.”
Brands that may have purchased muted, auto-playing, mis-declared TrueView skippable in-stream inventory include:
The Wall Street Journal (owned by Dow Jones & Company, a division of News Corp)
The United States federal government, including the Department of Health & Human Services (Medicare, Army, Social Security Administration)
The European Parliament
Johnson & Johnson
The New York City municipal government (nyc.gov/office-of-the-mayor)
HP
Ernst & Young
Bayer
Newark, Delaware Police Department (joinnewarkpd.com)
The Dutch military cyber defense forces (werkenbijdefensie.nl/burgermedewerker/ict)
JPMorgan Chase Bank
American Express
Public Service Alliance of Canada
Alberta New Democratic Party
National Volunteer Fire Council
Environmental Defense Fund (EDF) (edf.giftplans.org)
Samsung
Empower Annuity Insurance Company of America
Sephora
Macy’s
Disney Plus
Best Buy
Mercedes-Benz
General Motors
Office Depot
Pizza Hut
Microsoft
Instacart
IBM (Redhat)
Ford
Honda
Vimeo
HBO Max (owned by Warner Bros. Discovery)
Novo Nordisk
Intuit (owner of Quickbooks)
The North Face
Columbia (sportswear company)
Volkswagen
Abbott Laboratories (pediasure.ca)
Petco
cerebral.com
servicetitan.com
Google (Google Career Certificates and Google Workspace Domains)
McDonald’s
Hyatt Hotels Corporation
Lavazza
Siemens
Alberta Blue Cross Plan
California Science and Technology University
Edgewell Personal Care (owner of Schick razors)
Enterprise Rent-A-Car
Rocket Mortgage
Church & Dwight (OxiClean)
National Geographic
American Committee for the Weizmann Institute of Science (weizmann-usa.org)
Aflac Inc. (American Family Life Assurance Company)
XM.com (trading name of Trading Point Holdings Ltd.)
Wolters Kluwer
Virgin Voyages
Aeroméxico (aeromexico.com)
Paramount Plus
Lacoste
James Hardie Industries
Western Union
National Harbor (nationalharbor.com) - from the Maryland Office of Tourism (visitmaryland.org)
Ebay
Klaviyo
Okta
Zillow
St. George’s University
Cisco
Hyundai
Mazda
Notion (notion.so)
Subaru
Consumer Cellular
Fandango (fandango.com)
Michigan Economic Development Corporation (michigan.org)
Tourism Nova Scotia (planyournovascotia.com)
Kayak.com
etoro.com
Royal Dutch Gazelle bikes
Terminix Pest Control & Termite Treatment
Canadaisthesolution.com (Canadian Energy Centre Ltd)
FreeTaxUsa.com
Squarespace.com
hotjar.com
Carrefour
Olt.com
Netgear
The Federalist Society
Quirion AG
MyFundedFX
Scholastic Corporation
Adobe
Miele (domestic appliances)
Hertz
Bosch
Vimeo
Plaid
Hollister
TikTok
United Wholesale Mortgage
Indeed.com (jobs website)
Bellroy (Australian accessories brand)
Fiverr
Tommy John
Micro Focus International Plc
NewRelic
sitechange.com
vda-global.lilisi.com
Comarch
Circa Resort & Casino Las Vegas (circalasvegas.com)
Dyson
Beliani
Semrush
McCain Foods
Expedia, Vrbo, and hotels.com
kodiakcakes.com
tablethotels.com
Pancreatic Cancer Action Network (PAN)
Grammarly
GrubHub
Allbirds
Bristol Myers Squibb
Pfizer
Haleon (formerly GSK Consumer Healthcare)
Athletic Greens
Fever-Tree
KitchenAid (American home appliance brand owned by Whirlpool Corporation)
Doptelet (AkaRx, Inc)
The list of media agencies and media buying companies that appeared to have transacted muted, auto-playing, out-stream TrueView ads include:
Interpublic Group (Matterkind, Initiative, Mediabrands)
Dentsu (Amnet)
Publicis (Audience on Demand, Precision)
Omnicom (Accuen)
WPP (Xaxis, Headlight, Essence)
Havas (Affiperf)
Jellyfish
Brain Labs Digital
Horizon Media (Canvas WorldWide)
MiQ
This mis-declared TrueView in-stream inventory has been observed going back as far as 2020.
Google was observed serving brands’ TrueView ads on websites that have had tens of thousands of copyright violation takedown requests filed against them (potential “piracy sites”), raising possible brand safety concerns and questions about the validity of Google’s TAG Certification and MRC Brand Safety accreditation.
According to Google’s stated policies, Google complies with valid copyright requests and frequently delists content as a result of copyright infringements. However, it appears Google permits repeated infringement offenders to continue monetizing their content through TrueView ads.
Furthermore, Google was observed delivering thousands of TrueView ads to declared bots running out of Google Cloud data center servers. YouTube has not allowed independent 3rd party measurement and verification tags to be applied to its ad inventory since 2016.
Fortune 500 brands’ TrueView skippable in-stream ads were reported as being delivered on Russian websites, including “pravda.ru” - a website which has been characterized as “being a tool of the Russian state” and has been cited by NewsGuard as “publishing false, pro-Russian disinformation, including false claims related to the invasion of Ukraine.”
Ad campaign placement reports regarding TrueView skippable in-stream ads include references to mobile apps and websites which either do not currently exist, or do not contain any ads whatsoever, raising the possibility that either Google’s placement reporting tools have software bugs or are susceptible to deception by invalid ad traffic.
Lastly, in some instances, TrueView skippable in-stream ads from brands were reported as serving on delisted or side-loaded Android apps that are not allowed on the Google app Play Store. Some of these delisted or side-loaded apps are developed and maintained by software vendors based in US Treasury OFAC sanctioned countries such as Iran, which raises the question of whether Google’s advertisers are inadvertently sending funds to Treasury sanctioned entities.
Adalytics shared an advanced copy of this report with Ebiquity, a major marketing and media consultancy which helps brands audit their ad buys. Ruben Schreurs, the Chief Product Office of Ebiquity noted:
"The research report by Adalytics is highly incriminating. Based on the findings and allegations represented within, I see this as a structural misrepresentation of advertising products at best, and downright fraudulent misleading practices at worst. If true, this will have major repercussions in the industry and lead to a significant negative impact on Google's perceived quality and reliability. Ebiquity works for over 75 of the top 100 brands, nearly all listed in this report as possibly being exposed, and we will initiate a large-scale review of this immediately. We thank Adalytics for their hard work in this and previous cases, and look forward to a detailed reply from Google."
A Member of the European Parliament (MEP) in Brussels - Paul Tang, also said:
"Google deliberately makes itself the play doll of dictators, also dragging the European Parliament through the mud. The same Parliament that declared the Russian Federation in November 2022 a state sponsor of terrorism, advertises on Russian propaganda websites like Pravda because of Youtube's scandalous system. Exposing once again the AdTech duopoly of Google and Facebook is a highly opaque game of billions which threatens democracy."
Read more at:
https://adalytics.io/blog/invalid-google-video-partner-trueview-ads
See also video by Louis Rossman
Youtube wants us to pay for views - this platform is circling the drain
