Zoom admits some calls were routed through China by mistake

This post was originally published on this site

Hours after security researchers at Citizen Lab reported that some Zoom calls were routed through China, the video conferencing platform has offered an apology and a partial explanation.

To recap, Zoom has faced a barrage of headlines this week over its security policies and privacy practices, as hundreds of millions forced to work from home during the coronavirus pandemic still need to communicate with each other.

The latest findings landed earlier today when Citizen Lab researchers said that some calls made in North America were routed through China — as were the encryption keys used to secure those calls. But as was noted this week, Zoom isn’t end-to-end encrypted at all, despite the company’s earlier claims, meaning that Zoom controls the encryption keys and can therefore access the contents of its customers’ calls. Zoom said in an earlier blog post that it has “implemented robust and validated internal controls to prevent unauthorized access to any content that users share during meetings.” The same can’t be said for Chinese authorities, however, which could demand Zoom turn over any encryption keys on its servers in China to facilitate decryption of the contents of encrypted calls.

Zoom now says that during its efforts to ramp up its server capacity to accommodate the massive influx of users over the past few weeks, it “mistakenly” allowed two of its Chinese datacenters to accept calls as a backup in the event of network congestion.

From Zoom’s CEO Eric Yuan:

During normal operations, Zoom clients attempt to connect to a series of primary datacenters in or near a user’s region, and if those multiple connection attempts fail due to network congestion or other issues, clients will reach out to two secondary datacenters off of a list of several secondary datacenters as a potential backup bridge to the Zoom platform. In all instances, Zoom clients are provided with a list of datacenters appropriate to their region. This system is critical to Zoom’s trademark reliability, particularly during times of massive internet stress.”

In other words, North American calls are supposed to stay in North America, just as European calls are supposed to stay in Europe. This is what Zoom calls its datacenter “geofencing.” But when traffic spikes, the network shifts traffic to the nearest datacenter with the most available capacity.

China, however, is supposed to be an exception, largely due to privacy concerns among Western companies. But China’s own laws and regulations mandate that companies operating on the mainland must keep citizens’ data within its borders.

Zoom said in February that “rapidly added capacity” to its Chinese regions to handle demand was also put on an international whitelist of backup datacenters, which meant non-Chinese users were in some cases connected to Chinese servers when datacenters in other regions were unavailable.

Zoom said this happened in “extremely limited circumstances.” When reached, a Zoom spokesperson did not quantify the number of users affected.

Zoom said that it has now reversed that incorrect whitelisting. The company also said users on the company’s dedicated government plan were not affected by the accidental rerouting.

But some questions remain. The blog post only briefly addresses its encryption design. Citizen Lab criticized the company for “rolling its own” encryption — otherwise known as building its own encryption scheme. Experts have long rejected efforts by companies to build their own encryption, because it doesn’t undergo the same scrutiny and peer review as the decades-old encryption standards we all use today.

Zoom said in its defense that it can “do better” on its encryption scheme, which it says covers a “large range of use cases.” Zoom also said it was consulting with outside experts, but when asked a spokesperson declined to name any.

Bill Marczak, one of the Citizen Lab researchers that authored today’s report, told TechCrunch he was “cautiously optimistic” about Zoom’s response.

“The bigger issue here is that Zoom has apparently written their own scheme for encrypting and securing calls,” he said, and that “there are Zoom servers in Beijing that have access to the meeting encryption keys.”

“If you’re a well-resourced entity, obtaining a copy of the Internet traffic containing some particularly high-value encrypted Zoom call is perhaps not that hard,” said Marcak.

“The huge shift to platforms like Zoom during the COVID-19 pandemic makes platforms like Zoom attractive targets for many different types of intelligence agencies, not just China,” he said. “Fortunately, the company has (so far) hit all the right notes in responding to this new wave of scrutiny from security researchers, and have committed themselves to make improvements in their app.”

Zoom’s blog post gets points for transparency. But the company is still facing pressure from New York’s attorney general and from two class-action lawsuits. Just today, several lawmakers demanded to know what it’s doing to protect users’ privacy.

Will Zoom’s mea culpas be enough?

Google research makes for an effortless robotic dog trot

This post was originally published on this site

As capable as robots are, the original animals after which they tend to be designed are always much, much better. That’s partly because it’s difficult to learn how to walk like a dog directly from a dog — but this research from Google’s AI labs make it considerably easier.

The goal of this research, a collaboration with UC Berkeley, was to find a way to efficiently and automatically transfer “agile behaviors” like a light-footed trot or spin from their source (a good dog) to a quadrupedal robot. This sort of thing has been done before, but as the researchers’ blog post points out, the established training process can often “require a great deal of expert insight, and often involves a lengthy reward tuning process for each desired skill.”

That doesn’t scale well, naturally, but that manual tuning is necessary to make sure the animal’s movements are approximated well by the robot. Even a very doglike robot isn’t actually a dog, and the way a dog moves may not be exactly the way the robot should, leading the latter to fall down, lock up, or otherwise fail.

The Google AI project addresses this by adding a bit of controlled chaos to the normal order of things. Ordinarily, the dog’s motions would be captured and key points like feet and joints would be carefully tracked. These points would be approximated to the robot’s in a digital simulation where a virtual version of the robot attempts to imitate the motions of the dog with its own, learning as it goes.

So far, so good, but the real problem comes when you try to use the results of that simulation to control an actual robot. The real world isn’t a 2D plane with idealized friction rules and all that. Unfortunately, that means that uncorrected simulation-based gaits tend to walk a robot right into the ground.

To prevent this, the researchers introduced an element of randomness to the physical parameters used in the simulation, making the virtual robot weigh more, or have weaker motors, or experience greater friction with the ground. This made the machine learning model describing how to walk have to account for all kinds of small variances and the complications they create down the line — and how to counteract them.

Learning to accommodate for that randomness made the learned walking method far more robust in the real world, leading to a passable imitation of the target dog walk, and even more complicated moves like turns and spins, without any manual intervention and only little extra virtual training.

Naturally manual tweaking could still be added to the mix if desired, but as it stands this is a large improvement over what could previously be done totally automatically.

In another research project described in the same post, another set of researchers describe a robot teaching itself to walk on its own, but imbued with the intelligence to avoid walking outside its designated area and to pick itself up when it falls. With those basic skills baked in, the robot was able to amble around its training area continuously with no human intervention, learning quite respectable locomotion skills.

The paper on learning agile behaviors from animals can be read here, while the one on robots learning to walk on their own (a collaboration with Berkeley and the Georgia Institute of Technology) is here.

Zoom Bombings Started Off as Pranks. Now Someone Could End Up Dead

This post was originally published on this site

For those unaware, Zoom officially has a porn problem. The multibillion-dollar video messaging mainstay among employees at Johnson & Johnson and the Department of Homeland Security—not to mention a household name among currently house-bound citizens across the country—has been rocked by story after story of pranksters…

Read more…

The pandemic is already reshaping tech’s misinformation crisis

This post was originally published on this site

Since 2016, social media companies have faced an endless barrage of bad press and public criticism for failing to anticipate how their platforms could be used for dark purposes at the scale of populations—undermining democracies around the world, say, or sowing social division and even fueling genocide.

As COVID-19 plunges the world into chaos and social isolation, those same companies may face a respite from focused criticism, particularly with the industry leveraging its extraordinary resources to pitch in with COVID-19 relief efforts as the world looks to tech upstarts, adept at cutting through red tape and fast-forwarding scientific progress in normal times, while government bureaucracies lag. But the same old problems are rearing their ugly heads just the same, even if less of us are paying attention.

On YouTube, new report from The Guardian and watchdog group Tech Transparency Project found that a batch of videos promoting fake coronavirus cures are making the company ad dollars. The videos, which promoted unscientific methods including “home remedies, meditative music, and potentially unsafe levels of over-the-counter supplements like vitamin C” as potential treatments for the virus, ran ads from unwitting advertisers including Liberty Mutual, Quibi, Trump’s 2020 reelection campaign and Facebook. In Facebook’s case, a banner ad for the company ran on a video suggesting music that promotes “cognitive positivity by using subtle yet powerful theta waves” could ward off the virus.

In the early days of the pandemic, YouTube prohibited ads on any videos related to the coronavirus. In mid-March, as the real scope of the event became clear, the company walked that policy back, allowing some channels to run ads. On Thursday, the company expanded that policy to allow ads for any videos that adhere to the company’s guidelines. One the major tenets in those guidelines forbids the promotion of medical misinformation including “promotion of dangerous remedies or cures.” Most of the videos in the new report were removed after being flagged by a journalist.

This example, and the many others like it, calls into question how to judge major tech platforms during these exceedingly strange times. Social media companies have been uncharacteristically transparent about the shifts the pandemic is creating within their own workflows. On a call in March, Facebook founder Mark Zuckerberg admitted that users can expect more “false positives” as the company shifts to rely more heavily on artificial intelligence to filter what belongs on the platform and what does not with its army of 15,000 contract moderators sent home on paid leave. The work of sorting through a platform’s most unsavory content—child pornography, extreme violence, hate speech and the like—is not particularly portable, given its potential psychological and legal ramifications.

YouTube similarly warned that it will “temporarily start relying more on technology” to fill in for human reviewers, warning that the automated processes will likely mean more video removals “including some videos that may not violate policies.” Twitter noted the same new reliance on machine learning “to take a wide range of actions on potentially abusive and manipulative content,” though the company will offer an appeals process that loops in a human reviewer. Companies offered fewer warnings about what might fall through the cracks in the interim.

What will become of moderation once things return to normal, or, more likely, settle on a new normal? Will artificial intelligence have mastered the task, obviating the need for human reviewers once and for all? (Unlikely.) Will social media companies have a fresh appreciate for the value of human efforts and bring more of those jobs in-house, where they can perform their bleak work with more of the sunny perks afforded to their full-time counterparts? Like most things examined through the nightmarish haze of the pandemic, the outcomes are hazy at best.

If the approach to holding platforms to account was already piecemeal, an uneven mix of investigative reporting, anecdotal tweets and official corporate post-mortems, the truth will be even more difficult to get at now, even as the coronavirus pandemic provides countless new deadly opportunities for price-gougers and myriad bad actors to create chaos within chaos.

We’ve seen deadly consequences already in Iran, where hundreds died after drinking industrial alcohol—an idea they got “in messages forwarded and forwarded again” amplifying a tabloid story that suggested the act could protect them from the virus. Most consequences will likely go unnoticed beyond the lives they impact and unreported due to tighetened newsroom resources and perhaps even more constricted attention spans.

Much has been written about the coronavirus and the fog of war, most of it rightly focused on scientific research pressing on as the virus threatens the globe and the devastating on-the-ground reality in hospitals and health facilities overwhelmed with COVID-19 patients while life-saving supplies dwindle. But the crisis of viral misinformation—and deliberately-sown disinformation—is its own fog, now intermixing with an unprecedented global crisis that has entirely upended business and relentlessly dominated the news cycle. This as the world’s foremost power heads into a completely upended presidential election cycle—its first since four years ago, when an unexpected election outcome coupled with deep U.S.-centrism in tech circles revealed nefarious forces at play just under the surface of the social networks we hadn’t thought all that much about.

In the present, it will be difficult for outsiders to determine where new systems implemented during the pandemic have failed and what bad outcomes would have happened anyway. To sort those causes out, we’ll have to take a company’s word for it, a risky kind of credulity that already offered mixed results in normal times. Even as we rely on them now more than ever to forge and nurture connections, the virtual portals we immerse ourselves in daily remain black boxes, inscrutable as ever. And as with so many aspects of life in these norm-shattering times, the only thing to expect is change.

Thousands of Zoom recordings exposed because of the way Zoom names recordings

This post was originally published on this site

Illustration by Alex Castro / The Verge

Thousands of Zoom cloud recordings have been exposed on the web because of the way Zoom names its recordings, according to a report by The Washington Post. The recordings are apparently named in “an identical way” and many have been posted onto unprotected Amazon Web Services (AWS) buckets, making it possible to find them through an online search.

One search engine that can look through cloud storage space turned up more than 15,000 Zoom recordings, according to The Washington Post. “Thousands” of clips have apparently also been uploaded to YouTube and Vimeo. The Washington Post said it was able to view recordings of therapy sessions, orientations, business meetings, elementary school classes, and more.

Continue reading…

GM and Honda are co-developing two new electric vehicles due to arrive in 2024

This post was originally published on this site

GM and Honda will jointly develop two new electric vehicles slated for 2024, the latest move by the two automakers to deepen their existing partnership.

Under the plan, the automakers will focus on their respective areas of expertise. Honda will design the exterior and interiors of the new electric vehicles. GM will contribute its new electric vehicle architecture and Ultium batteries. This new architecture, which GM unveiled last month to showcase its own EV plans, is capable of 19 different battery and drive unit configurations. The architecture includes large-format pouch battery cells manufactured as part of a joint venture between LG Chem and GM.

The vehicles, which will have a Honda nameplate, will incorporate GM’s OnStar safety and security services. GM’s hands-free advanced driver assistance technology known as Super Cruise will also be available in the new vehicles.

The vehicles will be produced at GM plants in North America. Sales are expected to begin in the 2024 model year in Honda’s U.S. and Canadian markets.

The aim is to pull the strengths of both companies to unlock economies of scale around electric vehicles, according to Rick Schostek, executive vice president of American Honda Motor Co.., who added that the two companies are already in discussions about further extending the partnership.

GM and Honda have worked together on projects before. The two automakers partnered on hydrogen fuel cells, electric vehicle batteries and are both invested in autonomous vehicle company Cruise .

The automakers formed a joint venture in 2017 to produce hydrogen fuel cell systems. A year later, the companies announced an agreement for Honda to use battery cells and modules from GM in electric vehicles built for the North American market.

GM acquired Cruise in 2016; Honda later committed $2.75 billion as part of an exclusive agreement with GM and its self-driving technology subsidiary Cruise to develop and produce a new kind of autonomous vehicle. Cruise Origin, an electric, self-driving and shared vehicle and the first product of that arrangement, was revealed January 21.

Walk-out ranch in Bear Creek Village is one of eight homes overlooking 10-acre lake

This post was originally published on this site

On the western side of the Denver area, where resale homes face less competition from new homes than in other areas, agents are still reporting very brisk sales even as the stay-at-home order offsets the market.

That’s the experience of broker Amy Berglund, with a large walk-out ranch being listed in Bear Creek Village, a gated enclave of just 17 homes that overlook the private fairways of Bear Creek Golf Club near Morrison.

With open houses out of the question, prequalified buyers can set up a showing for 2441 S. Xenon Way in Lakewood, a three-bedroom ranch that’s the only home on the market in the enclave, and one of just eight that back to a 10-acre lake between fairways.

It has a wide-open, contemporary interior with formal and informal dining areas, a custom kitchen, and a large master suite with fireplace and steam shower that opens onto a deck with lake-golf views.

The walk-out level is nicely finished, with two guest bedrooms, an office and a media room, taking the total square footage to over 3,600.

Berglund, of Re/Max Professionals, specializes in west Denver areas, particularly Highland and its surroundings, where she continues to see sales that defy the gloomy COVID-19 picture.

Although she’s seen three sellers who have withdrawn listings to wait out the crisis, she sold a home last week in Edgewater, just west of the Denver city line, at $30,000 over list, and another in Sunnyside, just north of Highland, at $40,000 over.

“All of the deals I have so far are solid; nobody backing out,” she said, while readying another listing at 4479 W. 30th in West Highland, near Highland Square’s restaurant row, that’s coming on the market today.

The Bear Creek home is at $949,500.

“The unique thing about Bear Creek,” she says, “is that it’s a very limited supply.”

In keeping with the governor’s order, Berglund is vetting her buyers before providing tours (the gate is locked), and tours avoid any overlapping showings, with shoe covers and latex gloves required. You can find a Facebook tour via the Facebook link at LoveWhereYouLiveDenver.com.

The news and editorial staffs of The Denver Post had no role in this post’s preparation.

Schools across Denver area will remain closed rest of academic year due to coronavirus

This post was originally published on this site

Students in public schools across the Denver region will not return to their classrooms for the remainder of the academic year as districts keep their buildings closed to in-person learning in a continued effort to slow the spread of the highly contagious coronavirus, Denver Public Schools announced Friday.

The following school districts announced a continuation of remote learning for the rest of the school year:

  • 27J Schools
  • Adams 12 Five Star Schools
  • Adams 14 Schools
  • Aurora Public Schools
  • Cherry Creek School District
  • Clear Creek School District
  • Denver Public Schools
  • Douglas County Schools
  • Englewood Schools
  • Jeffco Public Schools
  • Littleton Public Schools
  • Mapleton Public Schools
  • Sheridan School District 2
  • Westminster Public Schools

On Wednesday, Gov. Jared Polis extended the closure of all public and private schools in Colorado through April 30 due to the pandemic, noting that some districts would make the decision to continue with remote learning for the remainder of the school year.

Larimer County’s Thompson and Poudre school districts were the first in the state to announce the end to in-person learning for the rest of this school year on Thursday as the global COVID-19 pandemic upended most aspects of daily life.

Since mid-March, the classroom desks of Colorado’s more than 900,000 students have been vacant. Some of Colorado’s nearly 180 districts already had shuttered to align with social distancing guidelines that public health experts urged would help lessen the spread of the respiratory illness. By March 18, Polis mandated a four-week statewide closure for all K-12 schools in Colorado, an order that has since been extended.

Some districts transitioned to remote learning early like Jeffco Public Schools and Westminster Public Schools.

Denver Public Schools officials have taken the few weeks since the district closure to prepare to teach their more than 90,000 students at a distance, trying to account for equity issues like lack of technology and internet access.

Remote learning begins Tuesday in DPS.