An anonymous reader quotes a report from Tom's Hardware: An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound [PDF] proposes a side-channel attack on the sophisticated Automatic Fingerprint Identification System (AFIS). The attack leverages the sound characteristics of a user's finger swiping on a touchscreen to extract fingerprint pattern features. Following tests, the researchers assert that they can successfully attack "up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%." This is claimed to be the first work that leverages swiping sounds to infer fingerprint information.

Without contact prints or finger detail photos, how can an attacker hope to get any fingerprint data to enhance MasterPrint and DeepMasterPrint dictionary attack results on user fingerprints? One answer is as follows: the PrintListener paper says that "finger-swiping friction sounds can be captured by attackers online with a high possibility." The source of the finger-swiping sounds can be popular apps like Discord, Skype, WeChat, FaceTime, etc. Any chatty app where users carelessly perform swiping actions on the screen while the device mic is live. Hence the side-channel attack name -- PrintListener. [...]

To prove the theory, the scientists practically developed their attack research as PrintListener. In brief, PrintListener uses a series of algorithms for pre-processing the raw audio signals which are then used to generate targeted synthetics for PatternMasterPrint (the MasterPrint generated by fingerprints with a specific pattern). Importantly, PrintListener went through extensive experiments "in real-world scenarios," and, as mentioned in the intro, can facilitate successful partial fingerprint attacks in better than one in four cases, and complete fingerprint attacks in nearly one in ten cases. These results far exceed unaided MasterPrint fingerprint dictionary attacks.

Microsoft quietly launched a dedicated Copilot app on Android, giving users a way to access Copilot's AI features without the Bing mobile app. "Spotted by @technosarusrex on X, it is now available for download from the Google Play Store, and the app's listing suggests it arrived in the marketplace about a week ago," reports Neowin. From the report: The new Copilot app for Android is not entirely a new thing. At first sight, it looks similar to the Bing Chat app, which still lets you access the same chat features. In addition, you can use Copilot within the Microsoft Edge browser for Android, SwiftKey, Skype, and more. Copilot for Android supports plenty of features (you can also toggle between light and dark themes) that are already available on desktop. You can ask complex questions, generate images using DALL-E 3, draft documents or emails, or just have a casual conversation about anything. In addition, the app lets you turn off or on the recently added GPT-4.

"To meet the world's growing hunger for chips, a startup wants to upend the costly semiconductor fabrication plant with a nimbler, cheaper idea..." reports Fast Company, "an AI-enabled chip factory that can be assembled and expanded modularly with prefab pieces, like high-tech Lego bricks."

In other words, they want to enable what is literally a fast company... "We're democratizing the ownership of semiconductor fabs," says Matthew Putman, referring to chip fabrication plants. Putman is the founder and CEO of Nanotronics, a New York City-based industrial AI company that deploys advanced optical solutions for detecting defects in manufacturing procedures. Its new system, called Cubefabs, combines its modular inspection tools and other equipment with AI, allowing the proposed chip factories to monitor themselves and adapt accordingly — part of what Putman calls an "autonomous factory." The bulk of the facility can be preassembled, flat-packed and put in shipping containers so that the facilities can be built "in 80% of the world," says Putman.

Eventually, the company envisions hundreds of the flower-shaped fabs around the world, starting with a prototype in New York or Kuwait that it hopes to start building by the end of the year... Nanotronics says a single Cubefab installation could start at one acre with a single fab, and grow to a four-fab, six-acre footprint. Each fab could be built in under a year, the company says, with a four-fab installation estimated to cost under $100 million. Nanotronics declined to disclose how much it has raised for the project, but Putman says the company has previously raised $170 million from investors, including Peter Thiel and Jann Tallin, the Skype cofounder...

A single automated Cubefab will need only about 30 people to operate, "and they don't have to be semiconductor experts," says Putman. "AI takes away that need for that specialization that you would normally need in a fab." [...] Putman also hopes automation will help further reduce the environmental impact of an industry that's notoriously resource-intensive and produces thousands of tons of waste a year, much of it hazardous. "Because you have the AI fixing the material and the device before it's manufactured, you have less waste of the final material," he says.
Thanks to Slashdot reader tedlistens for sharing the news.

Microsoft has released patches to fix zero-day vulnerabilities in two popular open source libraries that affect several Microsoft products, including Skype, Teams and its Edge browser. But Microsoft won't say if those zero-days were exploited to target its products, or if the company knows either way. From a report: The two vulnerabilities -- known as zero-days because developers had no advance notice to fix the bugs -- were discovered last month, and both bugs have been actively exploited to target individuals with spyware, according to researchers at Google and Citizen Lab. The bugs were discovered in two common open source libraries, webp and libvpx, which are widely integrated into browsers, apps and phones to process images and videos. The ubiquity of these libraries coupled with a warning from security researchers that the bugs were abused to plant spyware prompted a rush by tech companies, phone makers and app developers to update the vulnerable libraries in their products.

In a brief statement Monday, Microsoft said it had rolled out fixes addressing the two vulnerabilities in the webp and libvpx libraries which it had integrated into its products, and acknowledged that exploits exist for both vulnerabilities. When reached for comment, a Microsoft spokesperson declined to say if its products had been exploited in the wild, or if the company has the ability to know. Security researchers at Citizen Lab said in early September that they had discovered evidence that NSO Group customers, using the company's Pegasus spyware, had exploited a vulnerability found in the software of an up-to-date and fully patched iPhone.

Microsoft will unbundle its chat and video app Teams from its Office suite and make it easier for rival products to work with its software, the U.S. company said on Thursday in a move aimed at staving off a possible EU antitrust fine. From a report: The proposed changes came a month after the European Commission launched an investigation into Microsoft's tying of Office and Teams following a complaint by Salesforce-owned workspace messaging app Slack in 2020. Microsoft's preliminary concessions failed to address concerns. The EU competition enforcer on Thursday said it took note of the company's announcement and declined further comment.

Teams was added to Office 365 in 2017 for free. It eventually replaced Skype for Business and gained in popularity during the pandemic due in part to its video conferencing. "Today we are announcing proactive changes that we hope will start to address these concerns in a meaningful way, even while the European Commission's investigation continues and we cooperate with it," [...] The changes, effective from Oct. 1, will apply in Europe and Switzerland.

Slash_Account_Dot writes: Hackers are able to grab a target's IP address, potentially revealing their general physical location, by simply sending a link over the Skype mobile app. The target does not need to click the link or otherwise interact with the hacker beyond opening the message, according to a security researcher who demonstrated the issue and successfully discovered my IP address by using it. Yossi, the independent security researcher who uncovered the vulnerability, reported the issue to Microsoft earlier this month, according to Yossi and a cache of emails and bug reports he shared with 404 Media. In those emails Microsoft said the issue does not require immediate servicing, and gave no indication that it plans to fix the security hole. Only after 404 Media contacted Microsoft for comment did the company say it would patch the issue in an upcoming update.

Long-time Slashdot reader SonicSpike quotes this article from BleepingComputer: A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%...

Such an attack severely affects the target's data security, as it could leak people's passwords, discussions, messages, or other sensitive information to malicious third parties. Moreover, contrary to other side-channel attacks that require special conditions and are subject to data rate and distance limitations, acoustic attacks have become much simpler due to the abundance of microphone-bearing devices that can achieve high-quality audio captures. This, combined with the rapid advancements in machine learning, makes sound-based side-channel attacks feasible and a lot more dangerous than previously anticipated.
The researchers achieved 95% accuracy from the smartphone recordings, 93% from Zoom recordings, and 91.7% from Skype.

The article suggests potential defenses against the attack might include white noise, "software-based keystroke audio filters," switching to password managers — and using biometric authentication.

Mustafa Suleyman, co-founder of DeepMind, believes that for the UK to become an AI superpower, it needs to foster a culture of risk-taking and encourage large-scale investments. The BBC reports: Mustafa Suleyman added that he does not regret selling DeepMind to the US giant in 2014. "The US market is not only huge, but also more predisposed to taking big shots," he told the BBC. Prime Minister Rishi Sunak wants the UK to be a global hub for AI. He has pledged 1 billion pounds in funding over the next 10 years, and founded a UK taskforce with a remit of maximising the benefits of the tech while keeping it safe. This week BBC News is focusing on AI, how the technology affects our lives and what impacts it may have in the near future.

Mr Suleyman said the UK had "every chance" of becoming an AI superpower and praised its research facilities, but added there were not the same opportunities for businesses to grow as there are in the US. "I think the culture shift that it needs to make is to be more encouraging of large scale investments, more encouraging of risk taking, and more tolerant and more celebratory of failures," he said. "The truth is, the US market is not only huge, but also more predisposed to big risk taking, taking big shots and having big funding rounds." Mr Suleyman has chosen to base his new company, Inflection AI, in Palo Alto, California, which is also home to the headquarters of Google, Facebook and Tesla.

Mustafa Suleyman's views represent one of the challenges facing Ian Hogarth, a British entrepreneur and investor who has been appointed to lead the UK's AI taskforce. He took up the position five weeks ago. In his first interview since getting the job, Mr Hogarth told the BBC that while the UK was a good place for start-ups, it should also be easier for them to grow. "We've had some great [tech] companies and some of them got bought early, you know - Skype got bought by eBay, DeepMind got bought by Google. I think really our ecosystem needs to rise to the next level of the challenge."

CNBC has created a 15-minute video titled "The Rise and Fall of Skype," telling the story of how Skype was developed in just nine months in 2003 by a six-person group of childhood friends in Estonia. "We were smart engineers," says Skype's former chief technical architect Ahti Heinla. "We learned on the go. None of us had any telecoms background." But at the end of the interview, he concedes "I myself use Skype right now fairly little. I still have it installed on my phone, but my primary communication methods now are elsewhere."

GigaOm founder Om Malik tells CNBC it was Skype's missteps that enabled the massive growth of WhatsApp, and shared this succinct diagnosis of what's happening to Skype. "Microsoft is where consumer brands go to die." From an accompanying article on CNBC's web site: In 2005 eBay bought it. That deal didn't work out as planned, and an investor group led by Silver Lake purchased a majority stake. Microsoft then stepped in, shelling out $8.5 billion for the company in 2011. Even backed by the world's largest software company, Skype is falling by the wayside. During the pandemic, consumers and business workers turned to tools like Zoom and Meta's WhatsApp, and now there are any number of options to quickly connect with groups of friends and colleagues over smartphones... Microsoft has promoted Skype in Outlook and Windows and even enriched the app with its Bing generative artificial intelligence chatbot. But the numbers still don't look great.

In March 2020, Microsoft said Skype had 40 million daily active users, a number that's since slipped to 36 million, according to a spokesperson. Microsoft's newer Teams communication app, by contrast, is growing in popularity, rising from nearly 250 million monthly users in July 2021 to a record of over 300 million in the first quarter.
Microsoft Teams reached an all-time high of 300 million active users in the second quarter of 2023, according to CNBC's video report. But a research VP at International Data Corp says Microsoft Teams was successful — in taking users away from Skype.

GigaOm's Malik says Microsoft "failed to capitalize on Skype, 100%. Steve Balmer was the king of buying things and not knowing what to do with them... What happened with Skype is the story of every large company with a lot of middle management: they didn't innovate on the product for a very long time."

Jordan Novet from CNBC Business News calls Skype "a product with an uncertain future," arguing that Microsoft "is pouring a lot of engineering resources into making Teams a big destination for communication. It's not doing the same thing with Skype." Could Skype make a comeback? "Anything is possible," Novet concedes. "Microsoft is trying to make Skype happen in a bigger way now." He points out that Skype is now equipped with Bing's AI-powered chatbot, so "You can talk to Bing in Skype. Will that make Skype explode in popularity, or make a comeback? I don't think so."

Microsoft's current head of Skype was not available for CNBC's video. But as a kind of epilogue, they report that Jaan Tallinn, one of Skype's original programmers, now "spends most of his time discussing the dangers of unchecked AI development."

"I don't know what the future holds for Skype..." he tells CNBC. "I'm concerned about humans being wiped out, so it's unlikely that we'll need Skype if that happens."

LinkedIn has been hit by a rise in sophisticated recruitment scams, as fraudsters seek to take advantage of the trend towards remote working and widespread lay-offs across the tech sector. From a report: Jobseekers on the world's largest professional network are being defrauded out of money after taking part in fake recruitment processes set up by scammers who pose as employers, before obtaining personal and financial information. "There's certainly an increase in the sophistication of the attacks and the cleverness," Oscar Rodriguez, vice-president of product management at LinkedIn told the Financial Times "We see websites being set up, we see phone numbers with a seemingly professional operator picking up the phone and answering on the company's behalf. We see a move to more sophisticated deception," he added.

The warning comes as the Microsoft-owned social media company said it has sought to block tens of millions of fake accounts in recent months, while US regulators warn of an increase in jobs-related cons. Last month, cyber security company Zscaler revealed a scam that targeted jobseekers and a dozen US companies, where fraudsters approached people through LinkedIn's direct messaging feature InMail. Scammers identified businesses that were already hiring, including enterprise software company Zuora, software developer Intellectsoft and Zscaler itself. They then created "lookalike" websites with similar job ads and, via LinkedIn's InMail feature, invited jobseekers to enter personal information into the websites, before conducting remote interviews via Skype.

Staff working at the European Commission have been ordered to remove the TikTok app from their phones and corporate devices. The BBC reports: The commission said it was implementing the measure to "protect data and increase cybersecurity." EU spokeswoman Sonya Gospodinova said the corporate management board of the European Commission, the EU's executive arm, had made the decision for security reasons. "The measure aims to protect the Commission against cybersecurity threats and actions which may be exploited for cyberattacks against the corporate environment of the commission," she said. The ban also means that European Commission staff cannot use TikTok on personal devices that have official apps installed.

The commission says it has around 32,000 permanent and contract employees. They must remove the app as soon as possible and no later than March 15. For those who do not comply by the set deadline, the corporate apps -- such as the commission email and Skype for Business -- will no longer be available. [...] TikTok, owned by Chinese company ByteDance, has faced allegations that it harvests users' data and hands it to the Chinese government.

Richard Stallman celebrated his 69th birthday last month. And Wednesday, he gave a 92-minute presentation called "The State of the Free Software Movement."

Stallman began by thanking everyone who's contributed to free software, and encouraged others who want to help to visit gnu.org/help. "The Free Software movement is universal, and morally should not exclude anyone. Because even though there are crimes that should be punished, cutting off someone from contributing to free software punishes the world. Not that person."

And then he began by noting some things that have gotten better in the free software movement, including big improvements in projects like GNU Emacs when displaying external packages. (And in addition, "GNU Health now has a hospital management facility, which should make it applicable to a lot more medical organizations so they can switch to free software. And [Skype alternative] GNU Jami got a big upgrade.")

What's getting worse? Well, the libre-booted machines that we have are getting older and scarcer. Finding a way to support something new is difficult, because Intel and AMD are both designing their hardware to subjugate people. If they were basically haters of the public, it would be hard for them to do it much worse than they're doing.

And Macintoshes are moving towards being jails, like the iMonsters. It's getting harder for users to install even their own programs to run them. And this of course should be illegal. It should be illegal to sell a computer that doesn't let users install software of their own from source code. And probably shouldn't allow the computer to stop you from installing binaries that you get from others either, even though it's true in cases like that, you're doing it at your own risk. But tying people down, strapping them into their chairs so that they can't do anything that hurts themselves -- makes things worse, not better. There are other systems where you can find ways to trust people, that don't depend on being under the power of a giant company.

We've seen problems sometimes where supported old hardware gets de-supported because somebody doesn't think it's important any more — it's so old, how could that matter? But there are reasons...why old hardware sometimes remains very important, and people who aren't thinking about this issue might not realize that...

Stallman also had some advice for students required by their schools to use non-free software like Zoom for their remote learning. "If you have to use a non-free program, there's one last thing... which is to say in each class session, 'I am bitterly ashamed of the fact that I'm using Zoom for this class.' Just that. It's a few seconds. But say it each time.... And over time, the fact that this is really important to you will sink in."

And then halfway through, Stallman began taking questions from the audience...

Read on for Slashdot's report on Stallman's remarks, or jump ahead to...

• How far should copyright law go?
• That NPM package that deleted files in Russia
• Does the free software world need more videogames?
• Stallman's upcoming manual for 'GNU C'
• Free Software's role in protecting our planet's environment

Boffins at two US universities have found that muting popular native video-conferencing apps fails to disable device microphones -- and that these apps have the ability to access audio data when muted, or actually do so. The research is described in a paper titled, "Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing App." The Register reports: Among the apps studied -- Zoom (Enterprise), Slack, Microsoft Teams/Skype, Cisco Webex, Google Meet, BlueJeans, WhereBy, GoToMeeting, Jitsi Meet, and Discord -- most presented only limited or theoretical privacy concerns. The researchers found that all of these apps had the ability to capture audio when the mic is muted but most did not take advantage of this capability. One, however, was found to be taking measurements from audio signals even when the mic was supposedly off. "We discovered that all of the apps in our study could actively query (i.e., retrieve raw audio) the microphone when the user is muted," the paper says. "Interestingly, in both Windows and macOS, we found that Cisco Webex queries the microphone regardless of the status of the mute button." They found that Webex, every minute or so, sends network packets "containing audio-derived telemetry data to its servers, even when the microphone was muted."

This telemetry data is not recorded sound but an audio-derived value that corresponds with the volume level of background activities. Nonetheless, the data proved sufficient for the researchers to construct an 82 per cent accurate background activity classifier to analyze the transmission and infer the likely activity among six possibilities -- e.g. cooking, cleaning, typing, etc. -- in the room where the app is active. Worse still from a security standpoint, while other apps encrypted their outgoing data stream before sending it to the operating system's socket interface, Webex did not. "Only in Webex were we able to intercept plaintext immediately before it is passed to the Windows network socket API," the paper says, noting that the app's monitoring behavior is inconsistent with the Webex privacy policy. The app's privacy policy states Cisco Webex Meetings does not "monitor or interfere with you your [sic] meeting traffic or content." After the researchers reached out about their findings, Cisco altered Webex so it no longer transmits microphone telemetry data. "Cisco is aware of this report, and thanks the researchers for notifying us about their research," said a Cisco spokesperson. "Webex uses microphone telemetry data to tell a user they are muted, referred to as the 'mute notification' feature. Cisco takes the security of its products very seriously, and this is not a vulnerability in Webex."

Although Microsoft Edge has recently faced a lot of ridicule because the Redmond tech giant keeps adding what many consider as "bloat" in its web browser, it seems that the company is hell-bent on this path. Now, it appears that a Skype Meet Now panel is being added to Microsoft Edge. From a report: The integration was spotted by eagle-eyed Redditor and regular Neowin news tipster u/Leopeva64-2, who spotted the change in the latest Edge Canary build. Essentially, you now have a new toggle in the Appearance setting that adds a Skype Meet Now button to the Edge omnibar. Clicking on it in the omnibar opens a Skype Meet Now panel directly in Microsoft Edge.

"Since its own brush with antitrust regulation decades ago, Microsoft has slipped past significant scrutiny," argues a new article from The Atlantic.

But it also asks if there's now a case for another antitrust action — or if we're convinced instead that "The company is reluctantly guilty of the sin of bigness, yes, but it is benevolent, don't you see? Reformed, even! No need to cast your pen over here!" Right now, it's not illegal to be big. It's not illegal to be really big. In fact, it's not even illegal to be a monopoly. Current antitrust law allows for the possibility that you might be the sole player in your industry because you're just that well managed and your product is just that good, or it's just cost-prohibitive for any other company to compete with you. Think power utilities, such as Duke Energy, or the TV and internet giant Comcast. Antitrust law comes into play only if you use your monopoly to suppress competition or to charge unfairly high prices. (If this feels like a legal tautology, it sort of is: Who's to know what's a fair price if there isn't any competition? Nevertheless, here we are...) Yet if bigness alone is enough to draw scrutiny, Microsoft must draw it. Courts have disagreed on what size market share a product or company must own to be considered a monopoly, but the historical benchmark is about 75 percent. Estimates vary as to what percentage of computers run Microsoft's Windows operating system, but Gartner research puts it as high as 83 percent...

Biden, Khan, Senator Amy Klobuchar, and others are asking whether consumers suffer any nonfinancial harm from this lack of competition. Is switching from Windows to Apple's Mac OS unnecessarily hard? Is Windows as good a product as it would be if it faced more robust competition? When Windows has major security flaws, for example, billions of customers and companies are impacted, because of its market share. If we're wondering whether crappy airline experiences are a competition problem, should the same question apply to crappy computer security? In fact, in areas where Microsoft faces strong competition, it's reverting to some of the behaviors that got it sued in the '90s — namely, bundling. Microsoft and Amazon are essentially a duopoly when it comes to cloud services... Microsoft offers its big business customers an "integrated ecosystem" of Windows, Office, and its back-end cloud services; some analysts even point to this as a reason to keep buying Microsoft stock. That's just smart business, right? Yes, unless you're at a disadvantage by not taking the bundle. Some customers have complained that Microsoft charges extra for some Windows licenses if you're not using its cloud-computing business, Azure...

Microsoft does much more that we're happy to call "evil" when other companies are involved. It defied its own workers in favor of contracts with the Department of Defense; it's been quietly doing lots of business with China for decades, including letting Beijing censor results on its Bing search engine and developing AI that critics say can be used for surveillance and repression; it reportedly tried to sell facial-recognition technology to the DEA.

So why does none of it stick? Well, partly because it's possible that Microsoft isn't actually doing anything wrong, from a legal perspective. Yet it's so big and so dominant and owns so much expensive physical infrastructure that hardly any company can compete with it. Is that illegal? Should it be?
It's now the world's second largest tech company by market valuation — over $2 trillion and even ahead of Google, Amazon, Facebook, and Tesla (and behind only Apple). For the three months ended in June, Microsoft's net income rose 47% over the same period a year ago, according to TechCrunch, with a revenue for just those three months of $46.2 billion.

The Atlantic argues Microsoft has successfully rebranded itself as nice and a little boring, while playing up the fact that it lost a decade in consumer markets like smartphones because it was distracted by its last antitrust lawsuit. Yet meanwhile it's acquired major tech brands like LinkedIn, Minecraft, Skype, and even attempted to buy TikTok, Pinterest, and Discord (as well as "almost two dozen game-development studios to beef up its Xbox offerings"). And of course, GitHub.

Microsoft is shoving Skype out of sight in favor of Microsoft Teams, which gets a highlight spot in the new center-aligned taskbar and deep integration into Windows. The Verge reports: Today's Windows 11 news is all about where Microsoft sees computing going over the next few years, but it's just as much the story of how Skype has flourished and ebbed since its $8.5 billion acquisition a decade ago. Five years ago, Skype was the big name in internet calling and video, and Microsoft made it an "inbox app" for Windows 10 that was included at installation and launched at startup by default. Now, after a pandemic year that has had more people using their PCs for voice and video than ever before, Skype was nowhere to be seen in the Windows 11 presentation or materials.

The future vision that Microsoft had for Skype everywhere has turned into a reality -- but that reality made competitors Zoom and FaceTime into household names instead. Back in June, when Microsoft made Teams available for personal accounts, the company still paid lip service to Skype, saying, "For folks that just want a very purpose-built app, Skype is a great solution, and we support it and encourage it." But now, if you want to use Skype, you're going to have to go find it in the Microsoft Store like any other app. A company spokesperson tells The Verge: "Skype is no longer an inbox app for new devices that run Windows 11. The Skype app is available to download through the Microsoft Store for free."; Skype joins OneNote, Paint 3D, and 3D Viewer as the apps that will no longer come with the OS.

Microsoft is launching the personal version of Microsoft Teams today. After previewing the service nearly a year ago, Microsoft Teams is now available for free personal use amongst friends and families. From a report: The service itself is almost identical to the Microsoft Teams that businesses use, and it will allow people to chat, video call, and share calendars, locations, and files easily. Microsoft is also continuing to offer everyone free 24-hour video calls that it introduced in the preview version in November. You'll be able to meet up with up to 300 people in video calls that can last for 24 hours. Microsoft will eventually enforce limits of 60 minutes for group calls of up to 100 people after the pandemic, but keep 24 hours for 1:1 calls. While the preview initially launched on iOS and Android, Microsoft Teams for personal use now works across the web, mobile, and desktop apps. Microsoft is also allowing Teams personal users to enable its Together mode -- a feature that uses AI to segment your face and shoulders and place you together with other people in a virtual space. Skype got this same feature back in December.

sandbagger shares a report from The Register: FingerprintJS, maker of a browser-fingerprinting library for fraud prevention, on Thursday said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser. Konstantin Darutkin, senior software engineer at FingerprintJS, said in a blog post that the company has dubbed the privacy vulnerability "scheme flooding." The name refers to abusing custom URL schemes, which make web links like "skype://" or "slack://" prompt the browser to open the associated application. "The scheme flooding vulnerability allows an attacker to determine which applications you have installed," explains Darutkin. "In order to generate a 32-bit cross-browser device identifier, a website can test a list of 32 popular applications and check if each is installed or not."

Visiting the schemeflood.com site using a desktop (not mobile) browser and clicking on the demo will generate a flood of custom URL scheme requests using a pre-populated list of likely apps. A browser user would typically see a pop-up permission modal window that says something like, "Open Slack.app? A website wants to open this application. [canel] [Open Slack.app]." But in this case, the demo script just cancels if the app is present or reads the error as confirmation of the app's absence. It then displays the icon of the requested app if found, and moves on to its next query. The script uses each app result as a bit to calculate the identifier. The fact that the identifier remains consistent across different browsers means that cross-browser tracking is possible, which violates privacy expectations.

This week Swedish developer Daniel Stenberg posted a remarkable reflection on the 23rd anniversary of his command-line data tool, cURL: curl was adopted in Red Hat Linux in late 1998, became a Debian package in May 1999, shipped in Mac OS X 10.1 in August 2001. Today, it is also shipped by default in Windows 10 and in iOS and Android devices. Not to mention the game consoles, Nintendo Switch, Xbox and Sony PS5.

Amusingly, libcurl is used by the two major mobile OSes but not provided as an API by them, so lots of apps, including many extremely large volume apps bundle their own libcurl build: YouTube, Skype, Instagram, Spotify, Google Photos, Netflix etc. Meaning that most smartphone users today have many separate curl installations in their phones.

Further, libcurl is used by some of the most played computer games of all times: GTA V, Fortnite, PUBG mobile, Red Dead Redemption 2 etc.

libcurl powers media players and set-top boxes such as Roku, Apple TV by maybe half a billion TVs.

curl and libcurl ships in virtually every Internet server and is the default transfer engine in PHP, which is found in almost 80% of the world's almost two billion websites.

Cars are Internet-connected now. libcurl is used in virtually every modern car these days to transfer data to and from the vehicles.

Then add media players, kitchen and medical devices, printers, smart watches and lots of "smart"; IoT things. Practically speaking, just about every Internet-connected device in existence runs curl.

I'm convinced I'm not exaggerating when I claim that curl exists in over ten billion installations world-wide...

Those 300 lines of code in late 1996 have grown to 172,000 lines in March 2021.
Stenberg attributes cURL's success to persistence. "We hold out. We endure and keep polishing. We're here for the long run. It took me two years (counting from the precursors) to reach 300 downloads. It took another ten or so until it was really widely available and used." But he adds that 22 different CPU architectures and 86 different operating systems are now known to have run curl.

In a later blog post titled "GitHub Steel," Stenberg also reveals that GitHub gave him a 3D-printed steel version of his 2020 GitHub contribution matrix — accompanied by a friendly note. "Please accept this small gift as a token of appreciation on behalf of all of us here at GitHub, and everyone who benefits from your work."

Footage of a Texan lawyer denying he was a cat as he appeared with a feline filter on a live call was created using a decades-old piece of software pre-installed on some Dell laptops. The BBC reports: The Live Cam Avatar software was also available for people to download. It is not clear how the lawyer found himself speaking through the face of a worried-looking cat. But it seems even in its heyday, there was a history of people becoming trapped as the avatar and finding it hard to remove.

One, ChemBark, describes in a blog how he appeared "as a sad kitten" during a job interview via Skype. "I started frantically scrolling down all of the menus in Skype, trying to remedy the situation," he writes. Tweeting now the filter is back in the news, he says it "was the default setting on Dell's webcam software." Another blog, written in 2010, offers a detailed explanation of how to remove "the stupid white cat." The company behind the filter, Reallusion, described it as a "customizable emotive facial animation that gives you much more fun that the conventional video chatting." Reallusion now provides sophisticated real-time 3D animation software -- but the cat filter seems no longer to be available in its online shop.