Month: March 2023

Enlarge (credit: Getty)

Piecing together why so many people are willing to share misinformation online is a major focus among behavioral scientists. It's easy to think partisanship is driving it all—people will simply share things that make their side look good or their opponents look bad. But the reality is a bit more complicated. Studies have indicated that many people don't seem to carefully evaluate links for accuracy, and that partisanship may be secondary to the rush of getting a lot of likes on social media. Given that, it's not clear what induces users to stop sharing things that a small bit of checking would show to be untrue.

So, a team of researchers tried the obvious: We'll give you money if you stop and evaluate a story's accuracy. The work shows that small payments and even minimal rewards boost the accuracy of people's evaluation of stories. Nearly all that effect comes from people recognizing stories that don't favor their political stance as factually accurate. While the cash boosted the accuracy of conservatives more, they were so far behind liberals in judging accuracy that the gap remains substantial.

Money for accuracy

The basic outline of the new experiments is pretty simple: get a bunch of people, ask them about their political leanings, and then show them a bunch of headlines as they would appear on a social media site such as Facebook. The headlines were rated based on their accuracy (i.e., whether they were true or misinformation) and whether they would be more favorable to liberals or conservatives.

Enlarge / A GitHub-made image accompanying all the company's communications about 2FA. (credit: GitHub)

Software development tool GitHub will require more accounts to enable two-factor authentication (2FA) starting on March 13. That mandate will extend to all user accounts by the end of 2023.

GitHub announced its plan to roll out a 2FA requirement in a blog post last May. At that time, the company's chief security officer said that it was making the move because GitHub (which is used by millions of software developers around the world across myriad industries) is a vital part of the software supply chain. Said supply chain has been subject to several attacks in recent years and months, and 2FA is a strong defense against social engineering and other particularly common methods of attack.

When that blog post was written, GitHub revealed that only around 16.5 percent of active GitHub users used 2FA—far lower than you'd expect from technologists who ought to know the value of it.

Enlarge (credit: Getty Images)

Threat actors connected to the North Korean government have been targeting security researchers in a hacking campaign that uses new techniques and malware in hopes of gaining a foothold inside the companies the targets work for, researchers said.

Researchers from security firm Mandiant said on Thursday that they first spotted the campaign last June while tracking a phishing campaign targeting a US-based customer in the technology industry. The hackers in this campaign attempted to infect targets with three new malware families, dubbed by Mandiant as Touchmove, Sideshow, and Touchshift. The hackers in these attacks also demonstrated new capabilities to counter endpoint detection tools while operating inside targets’ cloud environments.

“Mandiant suspects UNC2970 specifically targeted security researchers in this operation,” Mandiant researchers wrote.

Enlarge (credit: picture alliance / Contributor | picture alliance)

A YouTuber, Marshall Daniels—who has posted far-right-leaning videos under the name “Young Pharaoh” since 2015—tried to argue that YouTube violated his First Amendment rights by removing two videos discussing George Floyd and COVID-19. Years later, Daniels now owes YouTube nearly $40,000 in attorney fees for filing a frivolous lawsuit against YouTube owner Alphabet, Inc.

A United States magistrate judge in California, Virginia K. DeMarchi, ordered Daniels to pay YouTube $38,576 for asserting a First Amendment claim that “clearly lacked merit and was frivolous from the outset.” YouTube said this represents a conservative estimate and likely an underestimate of fees paid defending against the meritless claim.

In his defense, Daniels never argued that the fees Alphabet was seeking were excessive or could be burdensome. In making this rare decision in favor of the defendant Alphabet, DeMarchi had to consider Daniels’ financial circumstances. In his court filings, Daniels described himself as “a fledgling individual consumer,” but also told the court that he made more than $180,000 in the year before he filed his complaint. DeMarchi ruled that the fees would not be a burden to Daniels.

Yellowstone National Park is most famous for Old Faithful, a geyser with fairly predictable periodic eruptions that delight visiting tourists. But it's also home to many other geothermal features like Doublet Pool, a pair of hot springs connected by a small neck with the geothermic equivalent of a pulse. The pool "thumps" every 20-30 minutes, causing the water to vibrate and the ground to shake. Researchers at the University of Utah have measured those thumping cycles with seismometers to learn more about how they change over time. Among other findings, they discovered that the intervals of silence between thumps correlate with how much heat is flowing into the pool, according to a new paper published in the journal Geophysical Research Letters.

“We knew Doublet Pool thumps every 20-30 minutes,” said co-author Fan-Chi Lin, a geophysicist at the University of Utah. “But there was not much previous knowledge on what controls the variation. In fact, I don’t think many people actually realize the thumping interval varies. People pay more attention to geysers.”

Yellowstone's elaborate hydrothermal system is the result of shallow groundwater interacting with heat from a hot magma chamber. The system boasts some 10,000 geothermal features, including steam vents (fumaroles), mud pots, and travertine terraces (chalky white rock), as well as geysers and hot springs.

Enlarge / Rep. Darin LaHood (R-Ill.) (credit: Bill Clark / Contributor | CQ-Roll Call, Inc.)

Last month, a declassified FBI report revealed that the bureau had used Section 702 of the Foreign Intelligence Surveillance Act (FISA) to conduct multiple unlawful searches of a sitting Congress member’s personal communications. Wired was the first to report the abuse, but for weeks, no one knew exactly which lawmaker was targeted by the FBI. That changed this week when Rep. Darin LaHood (R-Ill.) revealed during an annual House Intelligence Committee hearing on world threats that the FBI’s abuse of 702 was “in fact” aimed at him.

“This careless abuse by the FBI is unfortunate,” LaHood said at the hearing, suggesting that the searches of his name not only “degrades trust in FISA” but was a “threat to separation of powers” in the United States. Calling the FBI’s past abuses of Section 702 “egregious,” the congressman—who is leading the House Intelligence Committee's working group pushing to reauthorize Section 702 amid a steeply divided Congress—said that “ironically,” being targeted by the FBI gives him a “unique perspective” on “what’s wrong with the FBI.”

LaHood has said that having his own Fourth Amendment rights violated in ways others consider “frightening” positions him well to oversee the working group charged with implementing bipartisan reforms and safeguards that would prevent any such abuses in the future.

Enlarge / RIP Google Stadia. (credit: Aurich Lawson / Getty Images)

Poor Google Stadia; the service seemed like a slow-motion trainwreck from the moment it started. The service's launch, life, and death played out exactly how the "nobody trusts Google" naysayers (your author included) would have predicted, but we were all forced to go through the motions anyway. When Google killed the service, the narrative from the company was that Stadia's technology would live on in Google Cloud, but, according to Stephen Totilo of Axios, even Stadia's white-label game-streaming service is now dead.

Stadia was supposed to be Google's big foray into AAA gaming, with a cloud-based game "console" that actually had no console—the console was the data center, and it streamed the video game to you, just like a YouTube video. The service launched in November 2019 to sales that were much lower than Google expected, and manufacturing dates on the boxes suggest the company never sold out of the initial run of controllers. The first signs that Google was getting sick of its gaming experiment came 14 months in, when it shut down Stadia's only first-party studio, relegating the service to third-party ports only.

Two years in, the news broke that Stadia would be "deprioritized" and pivot to a white-label streaming service. Later, Google confirmed it was salvaging the service as a new Google Cloud offering called "Immersive Stream for Games." This meant that Google would resell Stadia's technology to various companies, allowing them to offer game streaming on their own platforms without any Google branding. This is a normal thing for Google Cloud, which offers a ton of cloud services to companies like Apple, and you'll never see a Google logo. Immersive Games saw three main customers—AT&T offered Batman: Arkham Knight to its subscribers, Peloton launched a biking game called Lanebreak on its exercise bikes, and Capcom launched a Resident Evil Village demo on the web.