Joseph Cannataci, Sonderberichterstatter der UN für Datenschutz, äußert sich im Interview mit der c't über die Probleme, die ihn seit anderthalb Jahren umtreiben.
Quelle: Heise Tech News
Getty Images
Rep. Ted Lieu and a group of security researchers have been warning for a year that a vulnerability in the global communications network supporting cell service could offer hackers and foreign powers a way to exploit our phones. Now, according to a cybersecurity expert who contacted Rep. Lieu’s office, it seems hackers may have taken advantage of this security hole to infiltrate cell networks in Washington, DC.
The Washington Free Beacon reported Thursday that it had reviewed documents suggesting that hackers had stolen massive amounts of location data from phones in the DC area. The Free Beacon wrote that the Department of Homeland Security originally compiled the data while monitoring cell towers for suspicious activity.
A spokesperson for Rep. Lieu told BuzzFeed News that his office received a tip late last week from a cybersecurity expert that T-Mobile's wireless mobile network in Washington, DC may have been compromised by a hack. Rep. Lieu’s office could not substantiate the claims of the security expert (whom Lieu&039;s office did not name), but it notified the Department of Homeland Security of the warning. According to the spokesperson, Homeland Security did not provide any additional information since the supposed security breach may involve a private company. Homeland Security declined to answer BuzzFeed News’ questions about the alleged T-Mobile breach.
T-Mobile declined to comment.
Craig Young, the principal security researcher for the vulnerabilities and exposures research team at the cybersecurity firm Tripwire, told BuzzFeed News that the government should ensure that carriers are vigilant in monitoring what could be hugely invasive threats.
One of the most vulnerable points of telephone companies is the way they connect to one another. An exposed network known as SS7 could let an intruder secretly re-route calls so that a third party could listen in without the caller or their recipient knowing. “The end effect is that anybody can potentially go from having a phone number to intercepting your calls by exploiting SS7 weaknesses,” Young said.
Prompted in part by the claims of the cybersecurity expert, as well as broader concerns of the SS7 vulnerability, Rep. Lieu wrote a letter to Homeland Security Secretary John Kelly on Wednesday. Along with Sen. Ron Wyden, Rep. Lieu asked Kelly what resources Homeland Security had dedicated to addressing SS7-related threats. The lawmakers also asked Kelly whether wireless carriers had done enough to help law enforcement identify vulnerabilities in their mobile infrastructure or disclose previous attempts by foreign actors to use SS7 vulnerabilities to breach their networks.
“We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones,” Lieu and Wyden wrote. “We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance.”
A spokesperson for Sen. Wyden told BuzzFeed News that his office had contacted Homeland Security “regarding reports of anomalous cellular network activity, which may involve the SS7 system.”
Since early last year Rep. Lieu has been urging his colleagues on Capitol Hill to investigate the SS7 vulnerability, which poses an array of startling risks. “The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S. government officials,” he said in a letter to the chair and ranking member of the House Government Oversight Committee last April.
It&039;s unclear if the alleged T-Mobile intrusion began through an attack on T-Mobile itself through spearfishing, an intruder posing as a legitimate wireless carrier, or through hardware that spoofs mobile phones into connecting with false cell towers.
Blake Montgomery contributed reporting for this story.
Quelle: <a href="A Security Expert Warned Congress That T-Mobile&039;s DC Cell Network Has Been Hacked“>BuzzFeed
Dado Ruvic / Reuters
The Justice Department charged four men — two of whom are Russian Federal Security Service, or FSB, officers — Wednesday for stealing the personal information of at least 500 million Yahoo customers in a massive breach that rocked the company's reputation and slashed hundreds of millions of dollars off its sale to Verizon.
The two non-FSB defendants were criminal hackers hired by the Russian officials to breach Yahoo&039;s network. The stolen account information was used to gain additional content from customers&039; Yahoo accounts and accounts tied to other email providers, including Google.
Both Russian journalists and American diplomatic officials were then targeted using the data stolen in the hack. The charges for what was one of the largest computer intrusions in American history included conspiracy, economic espionage, wire fraud, and aggravated identity theft.
In a move that Acting Assistant Attorney General Mary McCord described as “beyond the pale,” the FSB officials behind the hack were members of a Russian unit that serves as the FBI&039;s liaison on cybercrime in Moscow. “These are the very people that we are supposed to work with cooperatively,” she said during a press conference Wednesday. “They turned against that type of work.”
One of the defendants, Alexsey Alexseyevich Belan, had been on the FBI&039;s most-wanted list for more than three years for cybercrime, McCord said. Another defendant, Karim Baratov, was arrested for the Yahoo breach yesterday in Canada. The US government will ask Russian law enforcement officials to extradite the remaining three defendants, who reside in Russia, said Paul Abbate, the executive assistant director of the FBI&039;s cyber branch.
“The indictment unequivocally shows the attacks on Yahoo were state-sponsored,” said Chris Madsen, Yahoo&039;s assistant general counsel and head of global law enforcement. “We’re committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cybercrime.”
In December, Yahoo first revealed that hackers had stolen customer information from 1 billion Yahoo accounts in an attack dating back to 2013. The colossal breach was separate from the major intrusion that the Russian officials were charged with. That data breach was announced in September, when Yahoo said 500 million accounts had been compromised by a state-sponsored hacker in 2014. In both cases Yahoo said users&039; email addresses, telephone numbers, dates of birth, and passwords were likely stolen.
News of the attacks came just months after Verizon announced plans to buy Yahoo for $4.83 billion last summer. The embarrassing disclosures prompted Verizon to seek a nearly 20% discount of Yahoo&039;s sale price, totaling $925 million. But the two companies instead agreed to slash $395 million off the deal price because of the damage from the breaches.
Following the company&039;s review of the 2014 breach, Yahoo said CEO Marissa Mayer would not receive her 2016 annual bonus. Mayer also said she would forgo her 2017 equity award. Together, the pay cut appears to amount to a personal loss of $14 million, but Mayer will still receive a $23 million “golden parachute” once Verizon&039;s purchase of Yahoo is completed later this year.
Quelle: <a href="Two Russian Spies Have Been Charged In The Massive Yahoo Email Hack“>BuzzFeed
Jeff Swensen / Getty Images
Human drivers were forced to take control of Uber's self driving cars about once per mile driven in early March during testing in Arizona, according to an internal performance report obtained by BuzzFeed News. The report reveals for the first time how Uber’s self-driving car program is performing, using a key metric for evaluating progress toward fully autonomous vehicles.
Human drivers take manual control of autonomous vehicles during testing for a number of reasons, for example, to address a technical issue or avoid a traffic violation or collision. The self-driving car industry refers to such events as “disengagements,” though Uber uses the term “intervention” in the performance report reviewed by BuzzFeed News. During a series of autonomous tests the week of March 5, Uber saw disengagement rates greater than those publicly reported by some of its rivals in the self-driving car space.
When regulatory issues in December 2016 forced Uber to suspend a self-driving pilot program in San Francisco, the company sent some of its cars to Arizona. Since then, Uber has been testing its autonomous cars along two routes in the state. The first is a multi-lane street called Scottsdale Road — a straight, 24-mile stretch that runs through the city of the same name. According to Uber&039;s performance report on tests for the week of March 5, the company&039;s self-driving cars were able to travel an average of 0.67 miles on Scottsdale Road without human intervention and an average of 2 miles without a “bad experience” — Uber’s classification for incidents in which a car brakes too hard, jerks forcefully or behaves in a way that might startle passengers. Uber described the overall passenger experience for this particular week as “not great,” but noted improvement compared to the prior week&039;s tests, which included one “harmful” incident — and event that might have caused human injury.
Uber has also been testing its autonomous vehicles on a “loop” at Arizona State University. According to the performance report reviewed by BuzzFeed News, self-driving cars used on the ASU loop saw “strong improvement” during the week of March 5, traveling a total of 449 miles in autonomous mode without a “critical” intervention (a case where the system kicked control back to the driver, or the driver regained control to prevent a likely collision). The vehicles were able to drive an average of 7 miles without a “bad experience” that might cause passenger discomfort (a 22% improvement over the week prior) and an average of 1.3 miles without any human intervention (a 15% improvement over the week prior). The cars made 128 trips with passengers, compared to 81 the prior week.
Uber told BuzzFeed its disengagements could also include instances in which awhere the system kicks back control to a driver, and when the car returns control to a human driver toward the end of a trip. The company declined to comment on the internal metrics obtained by BuzzFeed News and its disengagement rate compared to those of competitors. Uber also declined to say how many miles and hours the vehicles in Arizona drove in total the week of March 5.
“To take out the safety drivers, you would want far better performance than these numbers suggest.”
Bryant Walker Smith, a University of South Carolina law professor and a member of member of the US Department of Transportation&039;s Advisory Committee on Automation in Transportation said it’s difficult to draw conclusions about the progress of Uber’s self-driving car program based on just one week of disengagement metrics, adding that the figures suggest that safety drivers appear to intervene regularly out of caution – even in cases where an accident may not be imminent.
“To take out the safety drivers, you would want far better performance than these numbers suggest, and you’d want that to be consistently better performance,” Walker Smith said. “If these are actual bad experiences for someone inside the vehicle, then that probably doesn’t compare very favorably to human driving. How often do people go 10 miles or 10 minutes and have a viscerally bad experience?”
Uber’s internal metrics are specific to its vehicles in Arizona. The state does not require companies testing there to release data on how their self-driving cars perform. California is the only state that requires companies that test self-driving cars on public roads to submit annual reports detailing how many times they “disengage” autonomous mode. Because Uber only returned some self-driving vehicles to San Francisco’s roads this month, after its trials were shut down in the state for not obtaining the proper permits December, it has not yet submitted a public report. But reports submitted by other companies to the California DMV do offer a point of comparison.
Alphabet’s Waymo said in a Jan. 5 report filed with the CA DMV that during the 636,000 miles its self-driving vehicles drove on public roads in California from December 2016 through November 2016, human drivers were forced to take control of their self-driving vehicles 124 times. That’s a rate of 0.2 disengagements per thousand miles — or 0.0002 interventions per mile, compared to Uber’s 0.67 and 1.3 rates on Scottsdale Road and the ASU loop, respectively. But Google’s report also notes that its figures don’t include all disengagements: “As part of testing, our cars switch in and out of autonomous mode many times a day. These disengagements number in the many thousands on an annual basis though the vast majority are considered routine and not related to safety.”
(Here are the CA DMV reports to compare Uber’s testing the week of March 5th in Arizona to the other companies that test on public roads in California and reported their statistics to the DMV for December 2015 through November 2016.)
Uber CEO Travis Kalanick has called self-driving cars “existential threat” to his ride-hail business. (If a competitor were to develop autonomous vehicles and run an Uber-like service that did not require giving a cut to drivers, the rides would be cheaper.) In February 2015, Uber poached dozens of top roboticists from Carnegie Mellon University to jump start a self-driving car program. Eighteen months later, Uber launched a pilot program in Pittsburgh that put passengers in the backseats of cars manned by a safety driver and a “copilot” riding shotgun. “Your self-driving Uber is arriving now,” the company wrote on its website. Headlines called it a “landmark” trial, and “the week self-driving cars became real.”
Uber’s self-driving program is quarterbacked by Anthony Levandowski, who helped build the first self-driving Google (now called Waymo) car before leaving to create his own startup, Otto. The ride-hail giant’s self-driving program is embroiled in a lawsuit from Alphabet over allegations that Levandowski stole a crucial part of Waymo’s self-driving technology before leaving. Uber acquired Otto in August, about three months after Levandowski launched the company out of stealth mode.
Levandowski became the self-driving program’s fourth leader in less than two years. Uber CEO Travis Kalanick described their relationship as “brothers from another mother,” saying the pair shared a desire to move autonomous technology from the research phase to the market. A few weeks after the Pittsburgh pilot launched, Levandowski set a new, ambitious goal for Uber’s engineers, according to an internal planning document viewed by BuzzFeed News: Prepare self-driving cars to run with no humans behind the wheel in San Francisco by January 2017.
In the end, in response to concerns raised by engineers who worried the goal was too aggressive, Uber did something far less ambitious. In December 2016, it launched a trial in San Francisco that mirrored its Pittsburgh pilot program: a human safety driver, accompanied by a copilot,” would man each self-driving Volvo on the road in San Francisco. On its first day, one of the vehicles was caught running a red light. Uber attributed the traffic violation to human error, but the New York Times reported in February that “the self-driving car was, in fact, driving itself when it barreled through the red light.”
“When they let us know they were doing the test, we kind of had to play catch-up because nobody had ever asked us that question before.”
Meanwhile, Uber’s self-driving truck division Otto has been working toward its own goals. In October, Ottomade headlines for completing the first publicly known self-driving truck delivery – a 120-mile beer haul along a public highway in Colorado for Anheuser-Busch, with the driver in the back seat.
“When they let us know they were doing the test, we kind of had to play catch-up because nobody had ever asked us that question before,” Mark Savage, deputy chief for the Colorado State Patrol, told BuzzFeed News. “We did put together a protocol that we had them walk through in order to determine whether the test was done safely and it was pretty involved.”
For one month ahead of the demo, the company performed trials along that route for 16 hours a day with human safety drivers behind the wheel, according to a Colorado state planning document obtained by BuzzFeed News. A video showed the truck driver crawling into the sleeper berth for the duration of the ride.
After completing five consecutive tests – a total of 625 miles – that did not necessitate human intervention, Otto embarked on a fully driverless demo at midnight on Oct. 20, with the state patrol “packaging” the truck with troopers during the event much like a motorcade, according to the planning document. The truck included two emergency stop buttons: one near the steering wheel, and one in the sleeper berth, where the driver sat during the ride, Uber told BuzzFeed. The company added the second button specifically for the delivery; In all other tests, Otto drivers remain behind the wheel.
Steven Shladover, chair of the federal Transportation Research Board’s vehicle highway automation committee, said Otto’s testing before the demonstration “tells nothing about whether the system is safe.” He said crashes occur when “some other driver happens to do something stupid. You’re not going to run into those circumstances by driving a few hundred hours.”
“Just the fact that they have however many hundred hours of driving doesn’t prove safety,” Shladover told BuzzFeed. “Putting together a show like that is nice for marketing purposes, but it doesn’t prove anything about the readiness of the technology to be put into public use.”
Quelle: <a href="Internal Metrics Show How Often Uber’s Self-Driving Cars Need Human Help“>BuzzFeed
Users of the R language often require more compute capacity than their local machines can handle. However, scaling up their work to take advantage of cloud capacity can be complex, troublesome, and can often distract R users from focusing on their algorithms.
We are excited to announce doAzureParallel – a lightweight R package built on top of Azure Batch, that allows you to easily use Azure’s flexible compute resources right from your R session.
At its core, the doAzureParallel package is a parallel backend, for the widely popular foreach package, that lets you execute multiple processes across a cluster of Azure virtual machines. In just a few lines of code, the package helps you create and manage a cluster in Azure, and register it as a parallel backend to be used with the foreach package.
With doAzureParallel, there’s no need to manually create, configure, and manage a cluster of individual virtual machines. Instead, this package makes running your jobs at scale no more complex than running your algorithms on your local machine. With Azure Batch’s autoscaling capabilities, you can also increase or decrease the size of your cluster to fit your workloads, helping you to save time and/or money.
doAzureParallel also uses the Azure Data Science Virtual Machine (DSVM), allowing Azure Batch to easily and quickly configure the appropriate environment in as little time as possible.
There is no additional cost for these capabilities – you only pay for the Azure VMs you use.
doAzureParallel is ideal for running embarrassingly parallel work such as parametric sweeps or Monte Carlo simulations, making it a great fit for many financial modelling algorithms (back-testing, portfolio scenario modelling, etc).
Installation / Pre-requisites
To use doAzureParallel, you need to have a Batch account and a Storage account set up in Azure. More information on setting up your Azure accounts.
You can install the package directly from Github. More information on install instructions and dependencies.
Getting Started
Once you install the package, getting started is as simple as few lines of code:
Load the package:
library(doAzureParallel)
Set up your parallel backend (which is your pool of virtual machines) with Azure:
# 1. Generate a pool configuration json file.
generateClusterConfig(“pool_config.json”)
# 2. Edit your pool configuration file.
# Enter your Batch account & Storage account information and configure your pool settings
# 3. Create your pool. This will create a new pool if your pool hasn’t already been provisioned.
pool <- makeCluster(“pool_config.json”)
# 4. Register the pool as your parallel backend
registerDoAzureParallel(pool)
# 5. Check that your parallel backend has been registered
getDoParWorkers()
Run your parallel foreach loop with the %dopar% keyword. The foreach function will return the results of your parallel code.
number_of_iterations <- 10
results <- foreach(i = 1:number_of_iterations) %dopar% {
# This code is executed, in parallel, across your Azure pool.
myAlgorithm(…)
}
When developing at scale, it is always recommended that you test and debug your code locally first. Switch between %dopar% and %do% to toggle between running in parallel on Azure and running in sequence on your local machine.
# run your code sequentially on your local machine
results <- foreach(i = 1:number_of_iterations) %do% { … }
# use the doAzureParallel backend to run your code in parallel across your Azure pool
results <- foreach(i = 1:number_of_iterations) %dopar% {…}
After you finish running your R code at scale, you may want to shut down your pool of VMs to make sure that you aren’t being charged anymore:
# shut down your pool
stopCluster(pool)
Monte Carlo Pricing Simulation Demo
The following demo will show you a simplified version of predicting a stock price after 5 years by simulating 5 million different outcomes of a single stock.
Let's imagine Contoso&039;s stock price gains on average 1.001 times its opening price each day, but has a volatility of 0.01. Given a starting price of $100, we can use a Monte Carlo pricing simulation to figure out what price Contoso&039;s stock will be after 5 years.
First, define the assumptions:
mean_change = 1.001
volatility = 0.01
opening_price = 100
Create a function to simulate the movement of the stock price for one possible outcome over 5 years by taking the cumulative product from a normal distribution using the variables defined above.
simulateMovement <- function() {
days <- 1825 # ~ 5 years
movement <- rnorm(days, mean=mean_change, sd=volatility)
path <- cumprod(c(opening_price, movement))
return(path)
}
On our local machine, simulate 30 possible outcomes and graph the results:
simulations <- replicate(30, simulateMovement())
matplot(simulations, type=&039;l&039;) # plots all 30 simulations on a graph
To understand where Contoso&039;s stock price will be in 5 years, we need to understand the distribution of the closing price for each simulation (as represented by the lines). But instead of looking at the distribution of just 30 possible outcomes, lets simulate 5 million outcomes to get a massive sample for the distribution.
Create a function to simulate the movement of the stock price for one possible outcome, but only return the closing price.
getClosingPrice <- function() {
days <- 1825 # ~ 5 years
movement <- rnorm(days, mean=mean_change, sd=volatility)
path <- cumprod(c(opening_price, movement))
closingPrice <- path[days]
return(closingPrice)
}
Using the foreach package and doAzureParallel, we can simulate 5 million outcomes in Azure. To parallelize this, lets run 50 iterations of 100,000 outcomes:
closingPrices <- foreach(i = 1:50, .combine=&039;c&039;) %dopar% {
replicate(100000, getClosingPrice())
}
After running the foreach package against the doAzureParallel backend, you can look at your Azure Batch account in the Azure Portal to see your pool of VMs running the simulation.
As the nodes in the heat map changes color, we can see it busy working on the pricing simulation.
When the simulation finishes, the package will automatically merge the results of each simulation and pull it down from the nodes so that you are ready to use the results in your R session.
Finally, we&039;ll plot the results to get a sense of the distribution of closing prices over the 5 million possible outcomes.
# plot the 5 million closing prices in a histogram
hist(closingPrices)
Based on the distribution above, Contoso&039;s stock price will most likely move from the opening price of $100 to a closing price of roughly $500, after a 5 year period.
We look forward to you using these capabilities and hearing your feedback. Please contact us at razurebatch@microsoft.com for feedback or feel free to contribute to our Github repository.
Additional information:
Download and get started with doAzureParallel
For questions related to using the doAzureParallel package, please see our docs, or feel free to reach out to razurebatch@microsoft.com
Please submit issues via Github
Additional Resources:
See Azure Batch, the underlying Azure service used by the doAzureParallel package
More general purpose HPC on Azure
Quelle: Azure
Am Donnerstag ab 17 Uhr versucht das Team von c't zockt live, beim Weltraum-Entdecker-Spiel Starbound auf fremden Planeten zu überleben und Hunger beziehungsweise Monstern zu trotzen – and to boldly go where no man (and extraterrestrial) has gone before.
Quelle: Heise Tech News
Late last night, hackers took over hundreds of prominent Twitter accounts and started pushing tweets in Turkish that accused Holland and Germany of being Nazis. The hackers accessed the accounts, which include Forbes, Reuters Japan, Nike Spain, Starbucks Argentina, Duke University, through a third party app called the Counter, according to Gizmodo.
A translation of the above tweet reads: “#nazigermany #nazinetherlands this is a little #ottomanslap see you on #april16 what did I write? LEARN Turkish.”
The tweet links to a YouTube video praising Turkish president Recep Tayyip Erdogan titled “Reis'i Üzeni de biz üzeriz. @sebomubu” (“If someone makes our Captain sad, we will make them sad”). The description of the video reads “Nazi Almanya, Nazi Hollanda ! Türk&039;ün sabrın&x131; zorlamay&x131;n. Biz bu yola kefenimizi giyerek ç&x131;kt&x131;k. Derken şaka yapm&x131;yor idik.” (“Nazi Germany, Nazi Netherlands don&039;t try the patience of Turks. We were not joking when we said &039;we set off on this path wearing our burial shrouds.”) The user @sebomubu, named in the video&039;s title, has also been suspended from Twitter.
After a failed coup against him in 2016, Turkey&039;s Erdogan is campaigning for an April 16 referendum that would rewrite parts of Turkey&039;s constitution. Erdogan&039;s critics say he&039;s trying to consolidate power amidst a crackdown, and he&039;s been publicly feuding with Dutch Prime Minister Mark Rutte and German chancellor Angela Merkel over the referendum. Both countries have tried to block his attempts to campaign with expat Turks in the Netherlands and Germany.
Twitter said in a statement that it was aware of the hack and had responded: “Our teams worked at pace and took direct action. We quickly located the source which was limited to a third party app. We removed its permissions immediately. No additional accounts are impacted.”
Third party apps have long been an issue for Twitter, especially after the Saudi hacking group OurMine started exploiting their vulnerabilities to hack prominent users&039; accounts last year. The group hacked into the accounts of Facebook CEO Mark Zuckerberg, Google CEO Sundar Pichai, and Uber CEO Travis Kalanick. The social network has also struggled with harassment and hate speech for nearly its entire existence.
The Counter, which provides analytics on an account&039;s followers, tweeted before its account was suspended that it had begun investigating the hack and had attempted to contain the damage. The app&039;s site also displays a “down for maintenance” message. Twitter did not publicly provide an official reason for suspending the app.
Even if your Twitter account wasn&039;t hacked, this incident is a reminder to check your third-party Twitter extensions, de-authorize ones you don&039;t use, and make sure you&039;ve set up two-factor authentication for your account.
The hack comes at a bad time for Twitter. The marketing research firm Emarketer released a study Tuesday projecting that Twitter&039;s revenue from mobile ads would decline by nearly $1 billion in 2017. If the paper&039;s findings bear out, it will be the first time the company&039;s share of the mobile advertising industry decreases, even at a time when companies are spending more money on mobile ads.
Quelle: <a href="A Bunch Of Hacked Twitter Accounts Tweeted Swastikas And Turkish Propaganda“>BuzzFeed
Hundreds of Twitter accounts were hacked with a swastika through a third party app, which means it’s probably time to check on your Twitter apps.
Earlier this morning, hackers took over hundreds of Twitter accounts and posted a message in Turkish that included swastikas and a “NaziHolland” hashtag. BBC North America, Reuters Japan, Nike Spain, and Duke University's Twitter accounts were some of the targets.
A statement from Twitter revealed that the source of the hack was a third party app. The company claims users don&039;t need to take any action, but now might be a good time to review which apps you&039;ve authenticated with your Twitter login details and revoke apps that you no longer use.
bravotv.com / Via realitytvgifs.tumblr.com
Nicole Nguyen / BuzzFeed News
Nicole Nguyen / BuzzFeed News / Emoji One
Quelle: <a href="How To De-Authorize All Of Those Twitter Apps You Forgot About“>BuzzFeed
We-Vibe
Yes, even your vibrator might be spying on you.
A sex toy company has agreed to pay $3.75 million for secretly collecting customers' data while they were using its vibrators.
Under the agreement, We-Vibe will set aside about $3 million for people who downloaded and used an app that accompanied the vibrator and about $750,000 to customers who just bought its “smart vibrator” before Sept. 26, 2016. Those who controlled the toy with the We-Connect app will get up to $10,000 each, while those who just it will get up to $199.
However, people will probably receive much less due to fees, administration costs, and the number of claims submitted.
The amount of the actual payment to Class members will depend on the number of claims submitted and the total amount available in the respective settlement funds after applicable notice and administration costs, the incentive award, and attorney fees have been paid..
The high-end vibrators are designed for couples, enabling partners to text and video chat on the app, as well as adjust and control the toy through Bluetooth. But what they didn&039;t know was that the Canadian company was tracking how they used their devices, including intimate details like the time and date, the vibration intensity, temperature, and pattern, court documents show.
We-Vibe&039;s app, We-Connect
We-Vibe
The company, which has denied wrongdoing and liability, said it will destroy most of the information it collected.
A woman from Chicago, identified as N.P., sued Standard Innovation Corp., which owns We-Vibe, company back in September. She bought a Rave vibrator for $130 last May and frequently used the app, but said she was never notified We-Vibe was monitoring her. Another woman joined the complaint last month. They both claimed that the “highly offensive” secret data collection caused embarrassment and anxiety.
The women also say We-Vibe violated the Federal Wire Tap Act, privacy law, and made money at their expense.
“(N.P.) would never have purchased a We-Vibe had she known that in order to use its full functionality, (Standard Innovation) would monitor, collect and transmit her usage information through We-Connect,” the claim states.
About 300,000 people purchased We-Vibe devices covered by the settlement, and about 100,000 downloaded and used the app, according to court documents.
We-Vibe said in a statement to BuzzFeed News that it collected “certain analytical information to help us improve our products and the quality” of its app and that users could opt-out of this.
The company has now agreed to clarify and be more transparent about its privacy notices and data collecting practices.
Going forward, customers no longer have to register, create an account, or share their personal information. They can also opt out of sharing anonymous app usage data, the company said, noting that they now have a “new plain language privacy notices” that outlines “how we collect and use data for the app to function and improve We-Vibe products.”
Quelle: <a href="This Vibrator Maker Was Secretly Tracking Its Customers&039; Sexual Activity“>BuzzFeed
We’re excited to announce that we have expanded the SQL grammar in DocumentDB to support aggregate functions with the last service update. Support for aggregates is the most requested feature on the user voice site, so we are thrilled to roll this out everyone that's voted for it.
Azure DocumentDB is a fully managed NoSQL database service built for fast and predictable performance, high availability, elastic scaling, global distribution, and ease of development. DocumentDB provides rich and familiar SQL query capabilities with consistent low latencies on JSON data. These unique benefits make DocumentDB a great fit for web, mobile, gaming, IoT, and many other applications that need seamless scale and global replication.
DocumentDB is truly schema-free. By virtue of its commitment to the JSON data model directly within the database engine, it provides automatic indexing of JSON documents without requiring explicit schema or creation of secondary indexes. DocumentDB supports querying JSON documents using SQL. DocumentDB query is rooted in JavaScript&039;s type system, expression evaluation, and function invocation. This, in turn, provides a natural programming model for relational projections, hierarchical navigation across JSON documents, self joins, spatial queries, and invocation of user defined functions (UDFs) written entirely in JavaScript, among other features. We have now expanded the SQL grammar to include aggregations in addition to these capabilities.
Aggregates for planet scale applications
Whether you’re building a mobile game that needs to calculate statistics based on completed games, designing an IoT platform that triggers actions based on the number of occurrences of a certain event, or building a simple website or paginated API, you need to perform aggregate queries against your operational database. With DocumentDB you can now perform aggregate queries against data of any scale with low latency and predictable performance.
Aggregate support has been rolled out to all DocumentDB production datacenters. You can start running aggregate queries against your existing DocumentDB accounts or provision new DocumentDB accounts via the SDKs, REST API, or the Azure Portal. You must however download the latest version of the SDKs in order to perform cross-partition aggregate queries or use LINQ aggregate operators in .NET.
Aggregates with SQL
DocumentDB supports the SQL aggregate functions COUNT, MIN, MAX, SUM, and AVG. These operators work just like in relational databases, and return the computed value over the documents that match the query. For example, the following query retrieves the number of readings from the device xbox-1001 from DocumentDB:
SELECT VALUE COUNT(1)
FROM telemetry T
WHERE T.deviceId = "xbox-1001"
(If you’re wondering about the VALUE keyword – all queries return JSON fragments back. By using VALUE, you can get the scalar value of count e.g., 100, instead of the JSON document {"$1": 100})
We extended aggregate support in a seamless way to work with the existing query grammar and capabilities. For example, the following query returns the average temperature reading among devices within a specific polygon boundary representing a site location (combines aggregation with geospatial proximity searches):
SELECT VALUE AVG(T.temperature?? 0)
FROM telemetry T
WHERE ST_WITHIN(T.location, {"type": "polygon": … })
As an elastically scalable NoSQL database, DocumentDB supports storing and querying data of any storage or throughput. Regardless of the size or number of partitions in your collection, you can submit a simple SQL query and DocumentDB handles the routing of the query among data partitions, runs it in parallel against the local indexes within each matched partition, and merges intermediate results to return the final aggregate values. You can perform low latency aggregate queries using DocumentDB.
In the .NET SDK, this can be performed via the CreateDocumentQuery<T> method as shown below:
client.CreateDocumentQuery<int>(
"/dbs/devicedb/colls/telemetry",
"SELECT VALUE COUNT(1) FROM telemetry T WHERE T.deviceId = &039;xbox-1001&039;",
new FeedOptions { MaxDegreeOfParallelism = -1 });
For a complete example, you can take a look at our query samples in Github.
Aggregates with LINQ
With the .NET SDK 1.13.0, you can query for aggregates using LINQ in addition to SQL. The latest SDK supports the operators Count, Sum, Min, Max, Average and their asynchronous equivalents CountAsync, SumAsync, MinAsync, MaxAsync, AverageAsync. For example, the same query shown previously can be written as the following LINQ query:
client.CreateDocumentQuery<DeviceReading>("/dbs/devicedb/colls/telemetry",
new FeedOptions { MaxDegreeOfParallelism = -1 })
.Where(r => r.DeviceId == "xbox-1001")
.CountAsync();
Learn more about DocumentDB’s LINQ support, including how asynchronous pagination is performed during aggregate queries.
Aggregates using the Azure Portal
You can also start running aggregate queries using the Azure Portal right away.
Next Steps
In this blog post, we looked at support for aggregate functions and query in Azure DocumentDB. To get started running queries, create a new DocumentDB account from the Azure Portal.
Stay up-to-date on the latest DocumentDB news and features by following us on Twitter @DocumentDB or reach out to us on the developer forums on Stack Overflow.
Quelle: Azure
