China is a step closer to cracking down on unscrupulous data collection by app developers. This week, the country’s cybersecurity watchdog began seeking comment on the range of user information that apps from instant messengers to ride-hailing services are allowed to collect.
The move follows in the footstep of a proposed data protection law that was released in October and is currently under review. The comprehensive data privacy law is set to be a “milestone” if passed and implemented, wrote the editorial of China Daily, the Chinese Communist Party’s official mouthpiece. The law is set to restrict data practices not just by private firms but also among government departments.
“Some leaking of personal information has resulted in economic losses for individuals when the information is used to swindle the targeted individual of his or her money,” said the party paper. “With increasingly advanced technology, the collection of personal information has been extended to biological information such as an individual’s face or even genes, which could result in serious consequences if such information is misused.”
Apps in China often force users into surrendering excessive personal information by declining access when users refuse to consent. The draft rules released this week take aim at the practice by defining the types of data collection that are “legal, proper and necessary.”
According to the draft, “necessary” data are those that ensure the “normal operation of apps’ basic functions.” As long as users have allowed the collection of necessary data, apps must grant them access.
Here are a few examples of what’s considered “necessary” personal data for different types of apps, as translated by China Law Translate.
- Navigation: location
- Ride-hailing: the registered user’s real identity (normally in the form of one’s mobile phone number in China) and location information
- Messaging: the registered user’s real identity and contact list
- Payment: the registered user’s real identity, the payer/payee’s bank information
- Online shopping: the registered user’s real identity, payment details, information about the recipient like their name, address and phone number
- Games: the registered user’s real identity
- Dating: the registered user’s real identity, and the age, sex and marital status of the person looking for marriage or dating
There are also categories of apps that are required to grant users access without gathering any personal information upfront: live streaming, short video, video/music streaming, news, browsers, photo editors, and app stores.
It’s worth noting that while the draft provides clear rules for apps to follow, it gives no details on how they will be enforced or how offenders will be punished. For instance, will app stores incorporate the benchmark into their approval process? Or will internet users be the watchdog? It remains to be seen.
Apple said to be planning new 14- and 16-inch MacBook Pros with MagSafe and Apple processors
Apple has planned new upgraded MacBook Pros for launch “later this year” according to a new report from Bloomberg. These new models would come in both 14-inch and 16-inch sizes, with new and improved Apple Silicon processors like those that Apple debuted on the new MacBook Air and 13-inch MacBook Pro model late last year. They would also see the return of Apple’s MagSafe charger, a magnetic dedicated charging port that would replace USB-C for power, and they could potentially do away with the Touch Bar, the small strip of OLED display built in to the keyboard on modern MacBook Pros.
Bloomberg’s report suggests that these MacBook Pro models will have processors with more cores and better graphics capabilities than the existing M1 chips that power Apple’s current notebooks with in-house silicon, and that they’ll also have displays with brighter panels that offer higher contrast. Physically, they’ll resemble existing notebooks, according to the report’s sources, but they’ll see the return of MagSafe, the dedicated magnetic charging interface that Apple used prior to switching power delivery over to USB-C on its laptops.
MagSafe had the advantage of easily disconnecting in case of anyone accidentally tripping across the power cord while plugged in, without yanking the computer with it. It also meant that it kept all data ports free for accessories. Bloomberg says that the revitalized MagSafe for new notebooks will also offer faster charging vs. USB-C, in addition to those other benefits.
As for the Touch Bar, it has been a topic of debate since its introduction. Pro users in particular seem to dislike the interface option, especially because it replaces a row of dedicated physical keys that could be useful in professional workflows. The report claims that Apple has “tested versions that remove the Touch Bar,” so it seems less clear that Apple will finally unring that particular bell, but I personally know a lot of people who would be excited if that does come to pass.
Finally, Bloomberg says Apple is also planning a new redesigned MacBook Air. That was updated most recently just a couple of months ago, and the report says it’ll only follow “long after” these new MacBook Pros, so it seems unlikely to arrive in 2021.
Want a job in tech? Flockjay pitches its sales training service as an on-ramp to tech careers
“Most people don’t even know that a job in tech sales is even a possibility,” says Shaan Hathiramani, the founder and chief executive of Flockjay, a company offering a tech sales training curriculum to the masses.
Hathiramani sees his startup as an onramp to the tech industry for legions of workers who have the skillsets to work in tech, but lack the network to see themselves in the business. Just like coding bootcamps have enabled thousands to get jobs as programmers in the tech business, Flockjay can get talented people who had never considered a job in tech into the industry.
The company, which had previously raised $3 million from investors including Serena Williams and Will Smith, along with tech industry luminaries like Microsoft chairman John Thompson; Airtable head of sales Liat Bycel; Gmail inventor Paul Buchheit; and former Netflix CPO Tom Willerer, has just raised new capital to expand its business in a time when accelerated onramps to new jobs have never been more important.
The healthcare response to the ongoing COVID-19 epidemic, which has closed businesses and torn through the American economy. The unemployment rate in the country sits at 6.4% and the nation lost 140,000 jobs again in December — with all of those job losses coming from women.
A former financier with the multi-billion dollar investment firm, Citadel, Hathiramani sees Flockjay, and the business of tech sales as a way for a number of people to transform their lives.
“We provide a premier sales academy,” Hathiramani said. “It costs zero dollars if you take the course and don’t get a job and costs 10% of your income for the first year if you do get a job. That nets out to 6 or 7K.”
A few hundred students have gone through the program so far, Hathiramani said, and the goal is to train 1,000 people over the course of 2021. The average income of a student before they go through Flockjay’s training program is $30,000 to $35,000 typically, Hathiramani said.
Upon graduation, those students can expect to make between $75,000 and $85,000, he said.
Increasing access among those students who have not necessarily been exposed to the tech world is critical for what Hathiramani wants to do with his sales bootcamp.
The entrepreneur said roughly 40% of students don’t have a four-year college degree; half of the students identify as female or non-binary, and half of the company’s students identify as Black or hispanic. About 80% of the company’s students find a job within the first six months of graduation.
These are students like Elise Cox, a former Bojangles’ manager and Flockjay graduate, who moved from Georgia to Denver to be a sales tech representative for Gusto. Tripling her salary from $13 an hour in the food service industry to a salaried position with wages and benefits.
“I enjoy being able to generate revenue for the company,” Cox, a 41-year-old grandmother, whose five-year plans include a sales leadership role, told Fast Company two years ago. “The revenue is the lifeblood of the company and being part of the team gives me sense of fulfillment.”
Partnerships with Opportunity@Work, Hidden Genius Project, Peninsula Bridge, and TechHire Oakland, help to ensure a diverse pool of applicants and a more diverse workforce for the tech industry — where diversity is still a huge problem.
As Hathiramani looks to take his company from training a couple of hundred students to over a thousand, the founder has raised new cash from previous investors including Lightspeed, Coatue, and Y Combinator, and new investors like eVentures, Salesforce Ventures, along with the Impact America Fund, Cleo Capital and Gabrielle Union.
For the New Jersey-born entrepreneur, Flockjay was a way to give back to a community that he knew intimately. After his family settled in New Jersey after immigrating to the United States, Hathiramani went first to Horace Mann on a scholarship and then attended Harvard before getting his job at Citadel.
Even while he was working at the pinnacle of the financial services world he started non-profits like the Big Shoulders Fund and taught financial literacy.
After a while, he moved to the Bay Area to begin plotting a way to merge his twin interests in education and financial inclusion.
“That led to me spending a year helping startups for free and trying to understand their problems with hiring and training” said Hathiramani. “It helped me surface this economic waste in plain sight. There were all these people talking to customers and they were spending three months on the job learning the job and they didn’t want to do the job or they weren’t very good at it.”
Tech salesforces were a point of entry in the system that almost anyone could access, if they could get in through the door, Hathiramani said. Flockjay wants to be the key to opening the door.
So, the company now has $11 million in new funding to bring its sales training bootcamp to a larger audience. Hathiramani also wants to make the bootcamp model more of a community with continuous development after a student completes the program. “I view education as a membership and not a transaction,” he said. “We focus on continuous learning and continuous up-skilling.”
Part of that is the flywheel of building up networks in a manner similar to YCombinator, the accelerator program from which Flockjay graduated in 2019.
“We went through YC to learn… how they manufacture the privilege in the world that they have afforded,” said Hathiramani. “How do you take some of that and provide it to someone who is starting their careers in tech. You get better at your job the more connections you have. As we accelerate the alumni piece… they can draw on other alums that they’re selling into.”
Amazon’s newest product lets companies build their own Alexa assistant for cars, apps and video games
Amazon is selling access to the underlying technology stack of Alexa to let companies — starting with Fiat Chrysler Automobiles — build their own intelligent assistants with unique voices, skills and wake words.
The new Alexa Custom Assistant product, which was announced Friday, can coexist and cooperate with the Alexa assistant. Theoretically, this means an automaker could choose to use the custom assistant to interact with drivers on specific products and services tied to the vehicle as well as integrate the Alexa voice assistant for other needs. For instance, if a driver asks Alexa to roll down a car window, the request will be routed to the brand’s assistant, Amazon explained. If a customer asks the brand’s assistant to play an audio book, the request will be routed to Alexa.
Yes, that means your next car could have two Alexas.
Here’s a video showing how it works.
Fiat Chrysler Automobiles will be the first Alexa Custom Assistant customer. An FCA-branded intelligent assistant is being built for integration in select vehicle models, according to Amazon.
Amazon’s pitch isn’t just to automakers, however. The e-commerce giant said it can be used to build intelligent assistants into mobile applications, smart properties, video games and consumer electronics. The Alexa Custom Assistant is based on the Alexa technology stack. The custom wake words are created with the same process used for developing the Alexa wake word. Amazon will give companies access to Alexa’s voice science experts to help guide them through the recording process and develop the voice using advanced machine learning algorithms. Developers also have access to Alexa’s pre-built capabilities such as communications, local search, traffic, and navigation, to further accelerate time to market.
The aim of this new product, Amazon says, is to give companies an efficient and cost-effective way of delivering an intelligent assistant to its customers. The path of building an intelligent AI-based assistant is complex, typically involves long development cycles, and requires resources to build it from scratch and maintain over time, Amazon argues.
Of course, it’s also another way to ensure Alexa is in more devices, even if it goes by another name.
A security researcher commandeered a country’s expired top-level domain to save it from hackers
In mid-October, a little-known but critically important domain name for one country’s internet space began to expire.
The domain —
scpt-network.com — was one of two nameservers for the
.cd country code top-level domain, assigned to the Democratic Republic of Congo. If it fell into the wrong hands, an attacker could redirect millions of unknowing internet users to rogue websites of their choosing.
Clearly, a domain of such importance wasn’t supposed to expire; someone in the Congolese government probably forgot to pay for its renewal. Luckily, expired domains don’t disappear immediately. Instead, the clock started on a grace period for its government owners to buy back the domain before it was sold to someone else.
By chance, Fredrik Almroth, a security researcher and co-founder of cybersecurity startup Detectify, was already looking at nameservers of country code top-level domains (or ccTLDs), the two-letter suffixes at the end of regional web addresses, like
.fr for France or
.uk for the United Kingdom. When he found this critical domain name was about to expire, Almroth began to monitor it, assuming someone in the Congolese government would pay to reclaim the domain.
But nobody ever did.
By the end of December, the clock was almost up and the domain was about to fall off the internet. Within minutes of the domain becoming available, Almroth quickly snapped it up to prevent anyone else from taking it over — because, as he told TechCrunch, “the implications are kind of huge.”
It’s rare but not unheard of for a top-level domain to expire.
In 2017, security researcher Matthew Bryant took over the nameservers of the
.io top-level domain, assigned to the British Indian Ocean Territory. But malicious hackers have also shown interest in targeting top-level domains hack into companies and governments that use the same country-based domain suffix.
Read more on TechCrunch
Taking over a nameserver is not supposed to be an easy task because they are a vital part of how the internet works.
Every time you visit a website your device relies on a nameserver to convert a web address in your browser to the machine-readable address that tells your device where on the internet to find the site you’re looking for. Some liken nameservers to the phone directory of the internet. Sometimes your browser looks no further than its own cache for the answer, and sometimes it has to ask the nearest nameserver for the answer. But the nameservers that control top-level domains are considered authoritative and know where to look without having to ask another nameserver.
With control of an authoritative nameserver, malicious hackers could run man-in-the-middle attacks to silently intercept and redirect internet users going to legitimate sites to malicious webpages.
These kinds of attacks have been used in sophisticated espionage campaigns aimed at cloning websites to trick victims into handing over their passwords, which hackers use to get access to company networks to steal information.
Worse, Almroth said with control of the nameserver it was possible to obtain valid SSL (HTTPS) certificates, allowing for an attacker to intercept encrypted web traffic or any email mailbox for any
.cd domain, he said. To the untrained eye, a successful attacker could redirect victims to a spoofed website and they would be none the wiser.
“If you can abuse the validation schemes used to issue certificates, you can undermine the SSL of any domain under
.cd as well,” Almroth said. “The capabilities of being in such a privileged position is scary.”
Almroth ended up sitting on the domain for about a week as he tried to figure out a way to hand it back. By this point the domain had been inactive for two months already and nothing had catastrophically broken. At most, websites with a
.cd domain might have taken slightly longer to load.
Since the remaining nameserver was running normally, Almroth kept the domain offline so that whenever an internet user tried to access a domain that relied on the nameserver under his control, it would automatically timeout and pass the request to the remaining nameserver.
In the end, the Congolese government didn’t bother asking for the domain back. It spun up an entirely new but similarly named domain —
scpt-network.net — to replace the one now in Almroth’s possession.
We reached out to the Congolese authorities for comment but did not hear back.
ICANN, the international non-profit organization responsible for internet address allocation, said country code top-level domains are operated by their respective countries and its role is “very limited,” a spokesperson said.
For its part, ICANN encouraged countries to follow best practices and to use DNSSEC, a cryptographically more secure technology that makes it nearly impossible to serve up spoofed websites. One network security engineer who asked not to be named as they were not authorized to speak to the media questioned whether DNSSEC would be effective at all against a top-level domain hijack.
At least in this case, it’s nothing a calendar reminder can’t solve.
The Countdown is on: Bitcoin has 3 Days Before It Reaches Apex of Key Formation
Litecoin, VeChain, Ethereum Classic Price Analysis: 17 January
Is Ethereum Undervalued, or Polkadot Overvalued?
Here’s why Bitcoin or altcoins aren’t the best bets
Chainlink Futures OI follows asset’s price to hit ATH
The merger of FCA and Groupe PSA has been completed
5 Best Bitcoin Alternatives in 2021
Bitcoin Worth $140 Billion Lost Says UK Council
Data Suggests Whales are Keen on Protecting One Key Bitcoin Support Level
Bitcoin Cash Price Analysis: 17 January
eToro’s New Bitcoin Account Incentives Are So Good, They Had To Disable Buy Orders
Mitsubishi and Tokyo Tech Tap Blockchain for P2P Energy Trading Network
Cardano, Cosmos, BAT Price Analysis: 17 January
Grayscale’s Bitcoin Trust adds over 5k BTC in 24 hours
Mt. Gox Creditors Could Get Bankruptcy-tied Bitcoin
New Highs Inbound: Ethereum is About to See an Explosive Rally Against BTC
Why Bitcoin denominated payments won’t be mainstream anytime soon
Rob Joyce to Take Over as NSA Cybersecurity Director
Scientists’ discovery is paving the way for novel ultrafast quantum computers
Was Bitcoin’s rally overextended? If yes, what next
Amb Crypto5 days ago
Ethereum, Dogecoin, Maker Price Analysis: 15 January
Blockchain1 week ago
Bitcoin, Altcoins Dip. Are Crypto Entering Bear Territory?
Amb Crypto5 days ago
How are Chainlink’s whales propping up its price?
Gaming1 week ago
CD Projekt RED Could be Fined 10% of its Annual Income by Polish Government if Cyberpunk 2077 Patches Don’t Fix the Game
Amb Crypto5 days ago
NavCoin releases its new privacy protocol, one day after Binance adds NAV to its staking program
SPAC Insiders1 week ago
Churchill Capital Corporation IV (CCIV) Reportedly in Talks for Merger with Lucid Motors
NEWATLAS1 week ago
Lenovo AR glasses let you multi-screen virtually anywhere
Gaming1 week ago
Cyberpunk 2077 Support To Be Monitored by Polish Consumer Protection Agency
Blockchain1 week ago
2.5 Crore INR Scam: Pluto Exchange CEO Arrested in India
Blockchain6 days ago
Warp Finance Relaunches With ‘Additional Security’ from Chainlink
Blockchain6 days ago
Litecoin Regains Footing After Being Knocked Back by Resistance
Gaming1 week ago
Xbox Series S Specs Will be Adequate for Graphically Intensive Next-Gen Games, Super Meat Boy Forever Dev Believes