California recently became the first state to ban deceptive sales of so-called "disappearing media."

On Tuesday, Governor Gavin Newsom signed AB 2426 into law, protecting consumers of digital goods like books, movies, and video games from being duped into purchasing content without realizing access was only granted through a temporary license.

cross-posted from: https://lemmy.world/post/20236250

By Jeremy Hsu on September 24, 2024

Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.

Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.

“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.

Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.

They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.

The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.

By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.

Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.

“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.

https://www.newscientist.com/article/2449198-smart-tvs-take-snapshots-of-what-you-watch-multiple-times-per-second/ (paywall!!)

Apologies for posting a pay walled article. Consider subscribing to 404. They’re a journalist-founded org, so you could do worse for supporting quality journalism.

Trained repair professionals at hospitals are regularly unable to fix medical devices because of manufacturer lockout codes or the inability to obtain repair parts. During the early days of the COVID-19 pandemic, broken ventilators sat unrepaired for weeks or months as manufacturers were overwhelmed with repair requests and independent repair professionals were locked out of them. At the time, I reported that independent repair techs had resorted to creating DIY dongles loaded with jailbroken Ukrainian firmware to fix ventilators without manufacturer permission. Medical device manufacturers also threatened iFixit because it posted ventilator repair manuals on its website. I have also written about people with sleep apnea who have hacked their CPAP machines to improve their basic functionality and to repair them.

PS: he got it repaired.

The blocked resources in question? Automatic security and features updates and plugin/theme repository access. Matt Mullenweg reasserted his claim that this was a trademark issue. In tandem, WordPress.org updated its Trademark Policy page to forbid WP Engine specifically (way after the Cease & Desist): from "you are free to use ['WP'] n any way you see fit" to a diatribe:

The abbreviation “WP” is not covered by the WordPress trademarks, but please don’t use it in a way that confuses people. For example, many people think WP Engine is “WordPress Engine” and officially associated with WordPress, which it’s not. They have never once even donated to the WordPress Foundation, despite making billions of revenue on top of WordPress.

https://techcrunch.com/2024/09/26/wordpress-vs-wp-engine-drama-explained attempts to provide a full chronology so far.

The move embodies how ads are a growing and virtually inescapable part of the TV-viewing experience—even when you're not watching anything.

As you might have expected, LG didn’t make a big, splashy announcement to consumers or LG TV owners about this new ad format. Instead, and ostensibly strategically, the September 5 announcement was made to advertisers. LG appears to know that screensaver ads aren't a feature that excites users. Still, it and many other TV makers are happy to shove ads into the software of already-purchased devices.

LG TV owners may have already spotted the ads or learned about them via FlatpanelsHD, which today reported seeing a full-screen ad on the screensaver for LG's latest flagship TV, the G4. “The ad appeared before the conventional screensaver kicks in," per the website, “and was localized to the region the TV was set to.”

LG has put these ads on by default, according to FlatpanelsHD, but you can disable them in the TVs' settings. Still, the introduction of ads during a screensaver, shown during a pause in TV viewing that some TVs use as an opportunity to show art or personal photos that amplify the space, illustrates the high priority that ad dollars and tracking have among today’s TVs—even new top-of-the-line ones.

The addition of screensaver ads that users can disable may sound like a comparatively smaller disruption as far as TV operating system (OS) ads go. But the incorporation of new ad formats into TV OSes' various nooks and crannies is a slippery slope. Some TV brands are even centered more on ads than selling hardware. Unfortunately, it’s up to OS operators and TV OEMs to decide where the line is, including for already-purchased TVs. User and advertiser interests don’t always align, making TV streaming platforms without third-party ads, such as Apple TV, increasingly scarce gems.

Crashing is caused by a confluence of four separate power and voltage bugs.

Simone Margitelli's post on the find

Margitelli posted a screenshot that implies he submit this bug to Canonical and Red Hat, who rated the vulnerability to have a CVSS of 9.9. If this is true, this bug would be more critical than the infamous Heartbleed, Spectre, and Meltdown exploits. Information is really limited right now about this bug, and also somewhat contradictory. I cannot find a public statement from Red Hat or Canonical confirming the existance of this bug, but have yet to deny it. This is typical for an exploit of this magnitude. However, according to Security Online, both insitutions have confirmed its severity.

Full disclaimer, this thing could be totally overhyped/overblown right now. Its going to take a few weeks before all the information comes out. It wouldn't be the first time a vulnerability has been overhyped to pressure the dev into fixing it. In the mean time, Linux users should make sure to keep their systems up to date.

Note: this article is from 08 September 2024.

Here is the text of the NIST sp800-63b Digital Identity Guidelines.