An anonymous reader quotes a report from Reuters: Israel said on Thursday it was halting the use of mobile phone tracing to curb the spread of the new coronavirus variant Omicron, a practice that had been challenged by privacy watchdogs. Prime Minister Naftali Bennett's government authorized the surveillance technology, which matches virus carriers' locations against other mobile phones nearby to determine their contacts, to be used for Omicron cases on Nov. 27. That authorization will not be renewed after it lapses at midnight between Thursday and Friday, Bennett's office said in a statement, citing "up-to-date situational assessments."

The technology, originally developed by Israel's Shin Bet security agency for counter-terrorism and counter-espionage, had "contributed over the last week to the effort to break the chain of infection", the statement said. Israel has confirmed at three cases of the new variant and at least 30 others are suspected of having contracted it, the Health Ministry said. Earlier on Thursday, Israel's Supreme Court rejected a petition by four rights groups seeking to repeal the measure. "Considering the uncertainty around the Omicron variant and its effects..., it has not been proven that the Shin Bet authorization poses a disproportionate infringement on the right to privacy which would justify its striking down," the ruling said.

A U.K.-based company Engineered Arts has developed a humanoid robot that can display human-like expressions with ease. Interesting Engineering reports: In a short video released on YouTube, the company shows off its most advanced humanoid, dubbed Ameca, which is initially a platform for testing robotic technologies. As is seen in the video [...], the humanoid appears to have woken up in a robotic laboratory while an actual human is busy working in the background. The robot moves its arms, shows a flurry of expressions in a matter of seconds, and even expresses amazement at how its hands and fingers move fluidly before looking at the camera quite surprised. The teaser is a sufficient demonstration of what the robot can do when it comes to the upper half of the body.

Its lower half though is quite non-functional at the moment. For a humanoid robot, Ameca still can't walk, the Engineered Arts website says. Even though the company has carried out research on this, it hasn't transferred the learnings to the robot yet. [...] Engineered Arts uses a modular architecture for its building its robots. So, upgrades to both, software and hardware components can be made without having to purchase a new robot altogether. So, sooner or later, Ameca will walk too.

Ameca is powered by Engineered Arts' Tritium operating system that allows companies engaged in the development of robotics to test their technologies. Whether it is artificial intelligence or machine learning technology that companies or startups are developing, they can test and even demonstrate their tech in front of a live audience using Ameca. According to its website, Engineered Arts can even rent out Ameca for expos or live TV discussions.

Criminals have been selling fake vaccine certificates online and may be able to fool an EU system designed to verify the certificates' validity, researchers warn. BankInfoSecurity reports: [A] report released last week, "COVID-19 Vaccination Certificates in the Dark Web," which has not yet been peer-reviewed, notes that some darknet markets continue to sell supposed vaccine certificates for use in multiple countries. Four researchers - Dimitrios Georgoulias, Jens Myrup Pedersen, Morten Falch, Emmanouil Vasilomanolakis - who are all part of the Cyber Security Group at Aalborg University in Copenhagen, Denmark, reviewed vaccination certificate offerings from 17 marketplaces and 10 vendor shops. The researchers found that at least one vendor appears to be selling digital certificates, registered in Italy, that are being read as valid by mobile COVID-19 certificate-checking apps developed by both France and Denmark.

The Aalborg University researchers, however, note that many darknet markets forbid any listing containing any items related to COVID-19. But others, they say, do allow both physical and digital vaccine certificates to be offered for sale, and in some cases also "yellow vaccination cards" or other vaccination record cards that can be used as proof of vaccination, albeit only inside the country in which they were supposedly issued. "The listings are heavily focused on European countries and the United States, but there are also listings from other continents and countries, such as Brazil, Canada, Mexico and Australia," as well as Russia, the researchers write. "The pricing differs greatly between the different listings, with the cheapest certificate starting at $39 and the highest price reaching almost $2,800, which included both a physical and a digital certificate, registered in the United Kingdom," they write. Most markets accept bitcoin and monero cryptocurrencies as payment, they add, while a smaller number also take such digital coins as ethereum, cardano, litecoin and zcash. [...] The Aalborg University researchers note that buying a fake digital certificate gives the seller ample opportunity to scam a buyer.

If these fake COVID-19 certificates can indeed pass for valid ones, then one unanswered question remains: How? Many of the sites claim to have access to the systems used to issue certificates, either by hacking into them remotely, or having insiders who work at a healthcare or other health organization, the researchers say. "In the specific case of a listing on the Russian marketplace Hydra, the description even mentioned the exact location and hospital that the system was accessed from," they say. Another possibility, however, is that criminals have somehow stolen one or more private keys for the European system, which were issued to participating health organizations. If so, it would be difficult to revoke these keys, the researchers say, since doing so would invalidate what might be a large quantity of legitimate certificates too.

Australians have been named the heaviest drinkers in the world after spending more time drunk in 2020 than any other nation. The Guardian reports: An international survey (PDF) has found Australians drank to the point of drunkenness an average of 27 times a year, almost double the global average of 15. Almost a quarter of Australians reported feeling regret for becoming intoxicated. The Global Drug Survey asked more than 32,000 people from 22 countries what their drug and alcohol consumption was last year. On average, Australians drank alcohol in line with the global average of two nights a week, and became heavily drunk about once every two weeks. The French topped that metric, drinking around three times a week. Australian participants also tripled the global average on seeking emergency care for their drinking (3.9% compared with the global average of 1.2%). "Global Drug Survey researcher Dr Monica Barratt said Australia's high rate of drunkenness might be related to most of the country avoiding Covid lockdowns in 2020," the report adds. "Bar Victoria, most states and territories only went through short and sharp lockdowns, with relatively few cases or deaths, allowing hospitality venues to remain open and events to continue."

On the opposite end of the spectrum were New Zealanders, who became intoxicated "fewer times than almost any other country in the survey, getting drunk about 10 times a year," reports the Guardian. "Danes and Finns spent the most time drinking to excess after Australians, tied at 23.8 times a year. Americans came in third place, becoming intoxicated an average of 23 times in 2020, followed by the British (22.5 times)."

Since at least 2017, a mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network in what a security researcher has described as an attempt to deanonymize Tor users. The Record reports: Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to 9,000-10,000. Some of these servers work as entry points (guards), others as middle relays, and others as exit points from the Tor network. Their role is to encrypt and anonymize user traffic as it enters and leaves the Tor network, creating a giant mesh of proxy servers that bounce connections between each other and provide the much-needed privacy that Tor users come for. Servers added to the Tor network typically must have contact information included in their setup, such as an email address, so Tor network administrators and law enforcement can contact server operators in the case of a misconfiguration or file an abuse report. However, despite this rule, servers with no contact information are often added to the Tor network, which is not strictly policed, mainly to ensure there's always a sufficiently large number of nodes to bounce and hide user traffic.

But a security researcher and Tor node operator going by Nusenu told The Record this week that it observed a pattern in some of these Tor relays with no contact information, which he first noticed in 2019 and has eventually traced back as far as 2017. Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds at any given point. The actor's servers are typically located in data centers spread all over the world and are typically configured as entry and middle points primarily, although KAX17 also operates a small number of exit points. Nusenu said this is strange as most threat actors operating malicious Tor relays tend to focus on running exit points, which allows them to modify the user's traffic.

KAX17's focus on Tor entry and middle relays led Nusenu to believe that the group, which he described as "non-amateur level and persistent," is trying to collect information on users connecting to the Tor network and attempting to map their routes inside it. In research published this week and shared with The Record, Nusenu said that at one point, there was a 16% chance that a Tor user would connect to the Tor network through one of KAX17's servers, a 35% chance they would pass through one of its middle relays, and up to 5% chance to exit through one. While all signs point to a nation-level and well-resourced threat actor who is behind this group, neither Nusenu nor the Tor Project wanted to speculate.

Dozens of printers across the internet are printing out a manifesto that encourages workers to discuss their pay with coworkers, and pressure their employers. Motherboard reports: "ARE YOU BEING UNDERPAID?" one of the manifestos read, according to several screenshots posted on Reddit and Twitter. "You have a protected LEGAL RIGHT to discuss your pay with your coworkers. [...] POVERTY WAGES only exist because people are 'willing' to work for them." On Tuesday, a Reddit user wrote in a post that the manifesto was getting randomly printed at his job. "Which one of you is doing this because it's hilarious," the user wrote. "Me and my co-workers need answers."

Some people on Reddit have suggested that the messages are fake (i.e. printed by people with access to a receipt printer and posted for Reddit clout) or as part of a conspiracy to make it seem like the r/antiwork subreddit is doing something illegal. But Andrew Morris, the founder of GreyNoise, a cybersecurity firm that monitors the internet, told Motherboard that his firm has seen actual network traffic going to insecure receipt printers, and that it seems someone or multiple people are sending these printing jobs all over the internet indiscriminately, as if spraying or blasting them all over. Morris has a history of catching hackers exploiting insecure printers. "Someone is using a similar technique as 'mass scanning' to massively blast raw TCP data directly to printer services across the internet," Morris told Motherboard in an online chat. "Basically to every single device that has port TCP 9100 open and print a pre-written document that references /r/antiwork with some workers rights/counter capitalist messaging."

Whoever is doing this, Morris said, is doing it "in an intelligent way." "The person or people behind this are distributing the mass-print from 25 separate servers so blocking one IP isn't enough," he said. "A technical person is broadcasting print requests for a document containing workers rights messaging to all printers that are misconfigured to be exposed to the internet and we've confirmed that it is printing successfully in some number of places the exact number would be difficult to confirm but Shodan suggests that thousands of printers are exposed," he added, referring to Shodan, a tool that scans the internet for insecure computers, servers, and other devices.

An anonymous reader quotes a report from Ars Technica: This week, Canadian police announced that car thieves have been using AirTags to track vehicles they want to steal. York Regional Police (which serves an area north of Toronto) revealed that it has investigated five incidents in the past three months in which thieves have hidden AirTags on vehicles parked in public. Later, the thieves tracked down their targets to steal the cars at their leisure.

Other Bluetooth-based trackers have been available for some time now, but the ubiquity of Apple devices (which communicate with AirTags via Apple's Find My app) means it's generally faster and more accurate to track something remotely via an AirTag than a rival device like a Tile. And while they undoubtedly make it easier for users to recover lost stuff, the tags are being exploited by criminals. Apple did build some anti-stalking functions into AirTags -- if your Apple device detects that you're being followed by an unfamiliar device, it will alert you, as long as you're running iOS 14.5 or newer.

An anonymous reader quotes a report from NPR: New rules approved by the Consumer Financial Protection Bureau that took effect on Tuesday dictate how collection agencies can email and text people as well as message them on social media to seek repayment for unpaid debts. Kathleen L. Kraninger, the former CFPB director who oversaw the rule changes, said last year that they were a necessary update to the Fair Debt Collection Practices Act, which is more than four decades old. "We are finally leaving 1977 behind and developing a debt collection system that works for consumers and industry in the modern world," Kraninger said in a blog post.

Under the new rules, debt collectors who contact you on social media have to identify themselves as debt collectors but can attempt to join your network by sending you a friend request. Collectors must give you the option to opt out of being contacted online, and any messages they send have to be private -- collectors can't post on your page if it can be seen by your contacts or the public. Collection agencies can also email and text message debtors, but must still offer the ability to opt out. Industry officials praised the move as a welcome change to the outdated methods currently used by the collections industry. The new rules were devised during the Trump administration, when the bureau became more business-friendly than it had been in the past. The new rules also set a limit for the first time on how often debt collectors can call you. Agencies will be restricted to seven calls per week per account in collection.

Zoom is rolling out a number of new updates for its video conferencing software and one of them might finally encourage users to ensure they're on time for their next big meeting. TechRadar reports: According to a new blog post from the company, Attendance Status makes it easier for organizations to streamline the start of their Zoom Meetings by allowing meeting hosts and co-hosts using its Google Calendar or Outlook Calendar integrations to view who has accepted or declined a meeting invite. However, this new feature also gives them the ability to see whether everyone invited to a meeting has joined. If you're used to arriving earlier for video calls, you should be fine but for those that try to slink in unnoticed later on in a meeting, your boss or manager will now be aware of your absence, so tread carefully. You'll also no longer be able to use the excuse that you had to update your Zoom client as Zoom recently added a new automatic update feature for Windows and macOS that ensures everyone in a meeting is running the latest version of the company's software. Zoom is also rolling out other new features, such as the ability for users to select multiple people to control the movements of slides in a presentation. They've also "added more options for creating polls including ranked responses, matching, short and long answers and even fill in the blank," adds TechRadar. "Finally, Zoom is adding additional watermark settings to its software to help organizations and individuals get the most out of their recorded content and avoid distracting watermarks."

An anonymous reader quotes a report from The Hill: The Chinese rideshare app Didi announced Friday that it will delist from the New York Stock Exchange just months after its initial public offering. The company's brief announcement on the microblog Weibo noted plans to relist on Hong Kong's exchange, but gave few other details. Didi had been valued at nearly $70 billion after its first day of trading in June, but has since seen its shares collapse amid a crackdown from Beijing. [China says the company broke data privacy laws and posed cybersecurity risks.]

Chinese authorities announced a probe of the company's data security practices shortly after its listing, but that investigation has not yet been closed. The company, which successfully held Uber out of its domestic market, owns a vast trove of data on Chinese users. The company's market capitalization now sits at roughly $38 billion. Its shares tumbled even further Friday following the news of the delisting. "Didi's repatriation to [Hong Kong] is a significantly worrying indicator for the larger US-Sino economic relationship," Brock Silvers, chief investment officer at Kaiyuan Capital in Hong Kong, told CNN. "Beijing essentially forced Didi's hand. [...] Didi's repatriation looks likely to be the start of a trend, and the market should expect that others will follow. Equity investors may not wait for the other shoe to drop."

"Chinese founders previously looked to [New York] for a number of reasons, including looser listing standards, often higher multiples and a domicile beyond Beijing's financial [and] regulatory grasp," Silvers added. "That calculus has rapidly changed, and today's companies -- especially established market leaders or those in certain tech sectors -- will likely face increasing pressure to list on China-controlled exchanges."

For a measured perspective on how much quantum computing is actually advancing as a field, IEEE Spectrum spoke with John Martinis, a professor of physics at the University of California, Santa Barbara, and the former chief architect of Google's Sycamore. From a report: IEEE Spectrum: So it's been about two years since you unveiled results from Sycamore. In the last few weeks, we've seen announcements of a 127-qubit chip from IBM and a 256-qubit neutral atom quantum computer from QuEra. What kind of progress would you say has actually been made?
John Martinis: Well, clearly, everyone's working hard to build a quantum computer. And it's great that there are all these systems people are working on. There's real progress. But if you go back to one of the points of the quantum supremacy experiment -- and something I've been talking about for a few years now -- one of the key requirements is gate errors. I think gate errors are way more important than the number of qubits at this time. It's nice to show that you can make a lot of qubits, but if you don't make them well enough, it's less clear what the advance is. In the long run, if you want to do a complex quantum computation, say with error correction, you need way below 1% gate errors. So it's great that people are building larger systems, but it would be even more important to see data on how well the qubits are working. In this regard, I am impressed with the group in China who reproduced the quantum supremacy results, where they show that they can operate their system well with low errors.

To better understand the coronavirus's journey from one person to another, a team of 50 scientists has for the first time created an atomic simulation of the coronavirus nestled in a tiny airborne drop of water. From a report: To create the model, the researchers needed one of the world's biggest supercomputers to assemble 1.3 billion atoms and track all their movements down to less than a millionth of a second. This computational tour de force is offering an unprecedented glimpse at how the virus survives in the open air as it spreads to a new host. "Putting a virus in a drop of water has never been done before," said Rommie Amaro, a biologist at the University of California San Diego who led the effort, which was unveiled at the International Conference for High Performance Computing, Networking, Storage and Analysis last month. "People have literally never seen what this looks like."

How the coronavirus spreads through the air became the subject of fierce debate early in the pandemic. Many scientists championed the traditional view that most of the virus's transmission was made possible by larger drops, often produced in coughs and sneezes. Those droplets can travel only a few feet before falling to the floor. But epidemiological studies showed that people with Covid-19 could infect others at a much greater distance. Even just talking without masks in a poorly ventilated indoor space like a bar, church or classroom was enough to spread the virus. Those findings pointed to much smaller drops, called aerosols, as important vehicles of infection. Scientists define droplets as having a diameter greater than 100 micrometers, or about 4 thousandths of an inch. Aerosols are smaller -- in some cases so small that only a single virus can fit inside them. And thanks to their minuscule size, aerosols can drift in the air for hours.

Germany's incoming government is throwing its weight behind a ban on the use of biometric identification technologies such as facial recognition in public places. From a report: According to their coalition deal, the Social Democrats (SPD), Greens and liberal Free Democrats (FDP) want to "exclude" biometric recognition in public spaces as well as automated state scoring systems by AI through European law. "Biometric recognition in public spaces as well as automated state scoring systems by AI are to be excluded under European law," reads the coalition agreement, presented on Wednesday.

The EU's Artificial Intelligence Act, proposed in April, creates product safety rules for "high risk" AI that is likely to cause harm to humans. It also bans certain "unacceptable" AI uses, such as social scoring and restricts the use of remote biometric identification in public places from law enforcement, unless it is to fight serious crime, such as terrorism. The AI Act's prohibitions are some of the bill's most contentious articles, and many European countries have yet to decide what they think. Germany's support of a ban could rally other countries to the same view. Belgium and Slovakia have already expressed their support.

Tesla boss Elon Musk said on Friday the electric-car maker's much-anticipated Cybertruck would come with a high- end four-motor variant. From a report: "Initial production will be 4 motor variant, with independent, ultra fast response torque control of each wheel," Musk said in a tweet. Calling the electric pick-up truck "insane technology bandwagon," Musk said the Cybertruck would have both front and rear-wheel steer that would "not just (turn) like a tank -- it can drive diagonally like a crab." The vehicle would compete with pickup trucks such as GMC's Hummer EV, Ford's F-150 Lightning and Rivian's R1T. Of those, R1T is driven by four individual motors powering all four wheels and GMC's Hummer can drive diagonally.