An anonymous reader quotes a report from ZDNet: Singapore has confirmed its law enforcers will be able to access the country's COVID-19 contact tracing data to aid in their criminal investigations. To date, more than 4.2 million residents or 78% of the local population have adopted the TraceTogether contact tracing app and wearable token, which is one of the world's highest penetration rates. [...] In its efforts to ease privacy concerns, the Singapore government had stressed repeatedly that COVID-19 data would "never be accessed unless the user tests positive" for the virus and was contacted by the contact tracing team. Personal data such as unique identification number and mobile number also would be substituted by a random permanent ID and stored on a secured server.

However, the Singapore government now has confirmed local law enforcement will be able to access the data for criminal investigations. Under the Criminal Procedure Code, the Singapore Police Force can obtain any data and this includes TraceTogether data, according to Minister of State for Home Affairs, Desmond Tan. He was responding to a question posed during parliament Monday on whether the TraceTogether data would be used for criminal probes and the safeguards governing the use of such data. Tan said the Singapore government was the "custodian" of the contact tracing data and "stringent measures" had been established to safeguard the personal data. "Examples of these measures include only allowing authorized officers to access the data, using such data only for authorized purposes, and storing the data on a secured data platform," he said. He added that public officers who knowingly disclose the data without authorization or misuse the data may be fined up to SG$5,000 or jailed up to two years, or both.

Asked if police use of the data violated the TraceTogether privacy pledge, Tan said: "We do not preclude the use of TraceTogether data in circumstances where citizens' safety and security is or has been affected, and this applies to all other data as well." He noted that "authorized police officers" may invoke the Criminal Procedure Code to access TraceTogether data for such purposes as well as for criminal investigation, but this data would, otherwise, be used only for contact tracing and to combat the spread of COVID-19.

Amazon announced Wednesday that it's acquiring podcasting company Wondery, expanding its catalog of original audio content. From a report: As part of the deal, Wondery will join Amazon Music, the e-commerce giant's music streaming business. Amazon Music in September added podcasts to its platform, looking to carve out a share of the increasingly competitive podcasting market, in which Spotify, Apple and others have gained ground. Terms of the deal weren't disclosed. Wondery, founded in 2016, has produced some of the most popular podcasts in recent years, including true crime series like "Dirty John," "Dr. Death" and "Over My Dead Body." The podcast producer and network says it counts more than 10 million unique listeners each month. WSJ reported earlier this month that Amazon was valuing Wondery at over $300 million in advanced stages of talks before the acquisition.

Wednesday Twitch warned its users to delete any videos containing copyrighted music. PC Gamer reports on what happened next: Since October, Twitch has been deleting significant quantities of videos over copyright claims, leaving the affected streamers with no way to respond or issue counter-claims. Twitch eventually explained that the number of DMCA notifications it receives from major record labels has surged, going from "fewer than 50" each year to "thousands" beginning in May. The recommendation offered to streamers was to play games with the music muted, which obviously isn't great advice when it comes to rhythm games, or games that don't have the option to mute music separately from other audio. Meanwhile, some streamers have had videos muted due to sound effects, with claims coming via automated content recognition software Audible Magic. These claims can be contested, but it's still frustrating for those affected by content ID software that can't tell the difference between copyrighted audio and the noise of a grandfather clock chiming in a horror game.

In response, streamers have been protesting by playing games with the sound off completely to highlight the absurdity of the situation, some using the hashtag #DMCAsoundoff. Watching Rocksmith players grunt or silently nod along to songs nobody can hear highlights the problem while still entertaining their viewers, as does hearing them improvise their own the sound effects for games like Resident Evil 2.
Polygon argues it's "alarming that these are the lengths players are going to in order to try and protest Twitch's policy..." But they also applauded the creativity of the protesters It's a surprising look at the transformative nature of streaming. When players are forced to play in dead silence, people still tune in and watch. Even while complying with copyright law to the absolute letter, each stream is different, and each act of protest feels wholly unique.

Twitch recently posted a long statement in response to the controversy, writing: "Your frustration and confusion with recent music-related copyright issues is completely justified. Things can — and should — be better for creators than they have been recently. We should have developed more sophisticated and user-friendly tools long ago. To all the creators who lost their community's best moments, we're sorry. This shouldn't have happened."

Despite the statement, Twitch has yet to provide concrete solutions for the ongoing problem, and the platform has yet to address the issue of in-game audio triggering the DMCA process (besides a suggestion to mute in-game audio.)

In a lengthy blog post, Twitch told streamers that they must stop playing recorded music on their streams (unless it's officially licensed) and that "if you haven't already, you should review your historical VODs and Clips that may have music in them and delete any archives that might." Variety reports: The Amazon-owned live-streaming platform also claimed that it is "actively speaking with the major record labels about potential approaches to additional licenses that would be appropriate for the Twitch service." However, the company also said that the "current constructs for licenses" that record labels have with other services (which typically take a cut of revenue from creators for payment to record labels) "make less sense for Twitch." "We're open-minded to new structures that could work for Twitch's unique service, but we must be clear that they may take some time to materialize or may never happen at all," the company said in the blog.

Twitch's music-copyright communique comes after several major U.S. music organizations -- including the RIAA, the Recording Academy, the National Music Publishers Association, the Music Managers Forum, the American Association of Independent Music and SAG-AFTRA -- sent a letter last month to Amazon CEO Jeff Bezos (copying Twitch CEO Emmet Shear). The letter, among other things, accused Twitch of "allowing and enabling its streamers to use our respective members' music without authorization, in violation of Twitch's music guidelines." Twitch said it was caught off guard by the music industry's crackdown on unlicensed music on its service. According to the company, starting this May, reps for music companies began sending thousands of Digital Millennium Copyright Act (DMCA) copyright-takedown notices targeted at users' archived content, "mostly for snippets of tracks in years-old clips." Before then, Twitch said, it received fewer than 50 music-related DMCA notifications per year.

Twitch said it analyzed DMCA notifications received from the end of May through mid-October and found that more than 99% of them were for tracks that streamers were playing in the background of their stream. Twitch apologized to creators for the angst the DMCA takedowns have caused, noting that a warning email it sent to many last month about the videos deleted from their accounts "didn't include all the information that you'd typically get in a DMCA notification." "We could have developed more sophisticated, user-friendly tools a while ago. That we didn't is on us," it said. "And we could have provided creators with a longer time period to address their VOD and Clip libraries -- that was a miss as well. We're truly sorry for these mistakes, and we'll do better."

An anonymous reader quotes a report from Insider: Netflix is killing its most interesting shows in their infancy and it could be the streaming giant's downfall. In the seven years that Netflix has produced original content, the world of TV streaming has dramatically changed. Now Netflix is getting left behind in the race it started. Many of its unique and ambitious shows have been canceled before they could reach their full potential. And Netflix keeps churning out more shows each year, without replicating the breakout success of 2016's "Stranger Things."

Statements from executives have described the cancellations as the result of a cost analysis that tells Netflix a longer-running show won't lead to new subscribers. Still, with syndicated shows such as "The Office" and "Friends" leaving its platform and a string of disappointing cancellations, including "Glow," Netflix has set itself up for a disaster when it comes to its reputation as a TV-watcher's must-have service. In 2020 alone, Netflix has canceled 18 original series. Of those, 14 had only one season. [...] TV lovers in these fandoms can only be burned so many times before they stop investing. Why should a Netflix subscriber spend 10 hours watching a new show if there's a decent chance they'll never see it end?

At the end of September, Amazon debuted two especially futuristic products within five days of each other: a small autonomous surveillance drone, called Ring Always Home Cam, and a palm recognition scanner, called Amazon One. "Both products aim to make security and authentication more convenient -- but for privacy-conscious consumers, they also raise red flags," reports Wired. From the report: Amazon's latest data-hungry innovations are not launching in a vacuum. The company also owns Ring, whose smart doorbells have had myriad security issues and have been widely criticized for bringing unprecedented surveillance to traditionally semi-private spaces. Meanwhile, the biometric data that Amazon Go will collect is particularly sensitive, because unlike a password you can't simply change it if a hacker steals it or it gets unintentionally exposed. Amazon has a strong record for maintaining the security of its massive cloud infrastructure, but there have been lapses across the sprawling business. The stakes are already phenomenally high; the more data the company holds the more risk it takes on. "Amazon has a major genomics cloud platform, so maybe they hold your DNA and now they're going to have your palm as well? Plus all of these devices inside your house. And your purchase history on Prime. That's a lot of information. That's a lot of personal information," says Nina Alli, executive director of Defcon's Biohacking Village and a health care security researcher. "When you give away this data you're giving a company the ability to access and manage you, not the other way around."
[...]
Additionally, while companies like Apple and Samsung have brought biometric fingerprint and face scanners to the masses by making sure the data never leaves the device, Amazon One takes the opposite approach. Kumar writes that "palm images are never stored" on Amazon One itself. Instead they are encrypted and sent to a special high security area of Amazon's cloud to be converted into "palm signatures" based on the unique and distinctive features of a user's hand. Then the service compares that signature to the one on file in each user's account and returns a match or no match answer back down to the device. It makes sense that Amazon doesn't want to store databases of people's palm data locally on publicly accessible machines that could be manipulated. But the system could perhaps have been set up to generate a palm signature locally, delete the image of a person's hand, and send only the encrypted signature on for analysis. The fact that all of those palm images will be going for cloud processing creates a single point of failure. "I'm worried that people could read your palm vein pattern in other ways and construct an analog. It's only a matter of time," says Joseph Lorenzo Hall, a longtime security and privacy researcher and a senior vice president at the nonprofit Internet Society. "Both the home drone and the palm payment are going to rely heavily on the cloud and on the security provided by that cloud storage. That's worrying because it means all the risks -- rogue employees, government data requests, data breach, secondary uses -- associated with data collection on the server-side could be possible. I'm much more comfortable having a biometric template stored locally rather than on a server where it might be exfiltrated."

An Amazon spokesperson told WIRED, "We are confident that the cloud is highly secure. In addition, Amazon One palm data is stored separately from other personal identifiers, and is uniquely encrypted with its own keys in a secure zone in the cloud."

CNN looks at a unique new digital bank named Greenwood — and its implications for the future of banking: Greenwood was created by Bounce TV founder Ryan Glover and his close friend, rapper-activist Michael "Killer Mike" Render. The leadership team at Greenwood, which includes former Atlanta Mayor Andrew Young, unveiled their new platform on Thursday after raising more than $3 million in seed funding in June... While the bank doesn't open until January, the company launched its website on Thursday and there is already a waiting list for those who want to open a Greenwood account. "I will say we're in the tens of thousands," Glover told CNN Business on Friday. "That number is increasing by the day."

Like its competitors Chime, Aspiration, Money Lion and Vero, Greenwood is a digital bank whose financial services — including checking and savings accounts, mobile deposits and peer-to-peer transfers — are fulfilled almost entirely online. The bank offers a global ATM network, Apple and Android Pay services, and two-day advances on paychecks for customers who sign up for direct deposit. Unlike its peers, however, Greenwood's target audiences are Black and Latinx communities and anyone else who wants to support Black-owned businesses. Glover says the bank will specialize in financing Black and Latinx entrepreneurs who typically have a harder time securing loans from mainstream commercial banks. "In order to build wealth, you need bank capital," Glover said. "We will identify qualified entrepreneurs, business owners and creatives to equip them with the capital needed to make their dreams a reality..."

Glover points out that Americans have been banking online almost exclusively at higher rates in recent years. It's a trend major commercial banks have been slow to embrace and a sector Glover says hasn't done much to reach out to minorities. "There were no digital banking solutions that cater to the African-American or Latinx communities until Greenwood," Glover said...

"I believe digital banking is the wave of the future, not just something that's popular now," he said.

An anonymous reader quotes a report from The New York Times: On Wednesday, Facebook said it would take more preventive measures to keep political candidates from using it to manipulate the election's outcome and its aftermath. The company now plans to prohibit all political and issue-based advertising after the polls close on Nov. 3 for an undetermined length of time. And it said it would place notifications at the top of the News Feed notifying people that no winner had been decided until a victor was declared by news outlets. "This is shaping up to be a very unique election," Guy Rosen, vice president for integrity at Facebook, said in a call with reporters on Wednesday.

Facebook is doing more to safeguard its platform after introducing measures to reduce election misinformation and interference on its site just last month. At the time, Facebook said it planned to ban new political ads for a contained period -- the week before Election Day -- and would act swiftly against posts that tried to dissuade people from voting. Mr. Zuckerberg also said Facebook would not make any other changes until there was an official election result. But the additional moves underscore the sense of emergency about the election, as the level of contentiousness has risen between Mr. Trump and his opponent, Joseph R. Biden Jr. On Tuesday, to help blunt further political turmoil, Facebook also said it would remove any group, page or Instagram account that openly identified with QAnon, the pro-Trump conspiracy movement. "We believe that we have done more than any other company over the past four years to help secure the integrity of elections," Mr. Rosen said.

"There's a relatively new, rapidly growing player in the online advertising world," warns Medium's new consumer technology site Debugger — taking a close look at the "Sponsored Products" listed first in the results of Amazon searches.

"Given its unique business model, its history of swallowing whole industries, and its sheer size, Amazon has the potential to massively disrupt the online ad world — and forever change tech." The success of online ads depends on how close a user is to buying something... Few companies, though, are more intimately connected to peoples' buying behaviors than Amazon. As of mid-2020, Amazon controlled nearly 40% of American e-commerce, and data from 2018 suggests that it may control as much as 94% in certain categories, like cosmetics and batteries. Overall, the company is forecast to control almost 5.5% of all retail in America in 2020 — especially as Covid-19 has forced consumers to do more of their shopping online...

And the ads are cheap. For one campaign, I paid just $249 to show my ad to 1,049,000 people. Ads are cheap because Amazon has a vested interest in driving more sales. The company collects a commission of between 6% and 20% on every item sold through the site. For every product I sold through a Sponsored Products campaign, Amazon was effectively getting paid twice — once for running the ad, and again for managing the sale of my product. This likely allows them to keep ad rates lower than those charged by their competitors. Ad prices may also be low because Amazon's ad program has relatively little overhead. To understand what you mean by the query "Lunch," Google has to run a massive, worldwide data-gathering program that peers into every aspect of your online and offline life, from the websites you visit to the humidity level in your home. That's expensive. In contrast, when you type something into an e-commerce platform like Amazon, you're telling the company exactly what you want to buy — no world-spanning surveillance program needed. Amazon has recently expanded its advertising program to Twitch (which Amazon owns), giving marketers the option to target the platform's younger audience...

In building AWS, Amazon also essentially ate Microsoft's lunch, stealing an industry it was expected to dominate right out from under it. By moving into the advertising world, Amazon could well do the same thing for ad-funded giants like Google, Twitter, and Facebook. Advertising is largely a zero-sum game — the ad dollars currently flowing to Google and Facebook come largely at the expense of newspaper, magazine, and television ads. If the dollars start flowing to Amazon instead, the other tech giants could see a massive drop in their bottom lines.

That would have big ramifications for the advertising industry. But it would have an even bigger impact on tech. More than 70% of Google's revenue comes from ads. For Facebook, that number is 98.5%... [I]f Amazon decides to take on Google and Facebook directly, it could result in a fight that saps the strength of both tech giants, and ultimately kills off the emerging companies that rely on them for funding and talent. The impact on the tech industry could be massive, world-changing — and permanent.

Google has announced that Flutter, its open source UI development kit for building cross-platform software from the same codebase, is finally available for Windows apps in alpha. From a report:For the world's leading desktop operating system with some 1 billion installations of Windows 10 alone, this has been a long time coming. Flutter's alpha incarnation was initially launched at Google's I/O developer conference back in 2017, before arriving in beta less than a year later. In its original guise, Flutter was designed for Android and iOS app development, but it has since expanded to cover the web, MacOS, and Linux, which are currently available in various alpha or beta iterations. Developers have had to consider unique platform-specific factors when designing for the desktop or mobile phones, such as different screen sizes and how people interact with their devices. On smartphones, people typically use touch and swipe-based gestures, while keyboards and mice are commonly used on PCs and laptops. This means Flutter has had to expand its support to cover the additional inputs.

Daimler, which has worked on hydrogen technology for decades, is developing a fuel-cell semi with range of up to 600 miles per fueling and next-generation battery trucks amid intensifying competition to curb diesel and carbon exhaust from heavy-duty vehicles. Forbes reports: The German auto giant's truck unit showed off the Mercedes-Benz GenH2, a concept truck designed for long haul runs that will be tested by customers in 2023, at an event in Berlin Tuesday outlining steps it's taking to meet the goals of the Paris Climate Agreement. Volume production of GenH2s starts in the second half of the 2020s. The company also debuted its Mercedes-Benz eActros LongHaul, a battery-powered truck for short- and medium-range routes goes about 300 miles (500 kilometers) between charges. eActros production starts in 2024.

Both trucks share Daimler's new ePowetrain modular platform to help hold costs down. They'll be available initially in Europe, though versions for North America and Japan will arrive around the same time, the company said. [...] A unique twist with Daimler's GenH2 truck is that the system relies on liquid hydrogen, rather than highly compressed hydrogen gas, the current standard. The benefit is that liquid hydrogen is more energy dense and uses tanks that are much lighter than those required for gaseous fuel, Daimler said. "This gives the trucks a larger cargo space and higher payload weight," while also improving range, it said. The combination of hydrogen and battery vehicles "enables us to offer our customers the best vehicle options, depending on the application," Daimler Chairman Martin Daum said at the event. "Battery power will be rather used for lower cargo weights and for shorter distances. Fuel-cell power will tend to be the preferred option for heavier loads and longer distances."

Every year or so, Crunchbase News likes to take a look at what's hot in startup naming. The process involves reading names of over 1,000 recently founded and funded startups in English-speaking countries, looking for trends. It then get a naming expert's take on the situation. From the report: Probably the standout trend for the past year is the feel-good word. This could be a noun, adjective, adverb, or verb. The qualification is that it evokes something positive, commonly an admirable trait or desirable state of being. Examples include Mighty (workflow for remote teams), Cured (health care software), and Elate (operations platform). Part of the reason simple, positive words are cropping up more is that startups are less concerned about getting a dot-com domain with their exact brand name, said Athol Foden, president of Brighter Naming, a naming consultancy. They'll take an alternative suffix (Cured is Cured.health, for example) or add a word to the domain name (Elate, for instance, is goelate.com).

[...] Another popular branding approach is the straightforward description. Companies are picking names that describe exactly what they do. Some examples are: Grow Credit, a service for building credit histories, New Age Meats, a startup cultivating meat from animal cells, and The Browser Company. In Foden's view, there's something to be said for these simpler, clearer names. They tend to be easier to remember than a made-up brand name, and everyone knows how to spell them. [...] One of the most enduring startup naming strategies is the creative misspelling. By dropping vowels, adding consonants, or taking other steps, companies can get a name that's both familiar-sounding and unique. Over the past year, we've seen plenty of companies with misspelled word names raise seed funding. The lineup includes Cann, a maker of cannabis-infused tonics, Puzzl, a payroll provider for hourly workers, and Shef, an income-earning platform for local cooks.

iPhone users will have to opt-in to tracking starting with iOS 14. Advertisers are "crying foul," reports the Washington Post: [W]ith Apple under the antitrust spotlight, its privacy move has also been called a power move by an advertising industry that is scrambling to adjust to the changes, expected to be included in iOS 14, the company's latest mobile operating system expected to go live next month... "This is not a change we want to make, but unfortunately Apple's updates to iOS14 have forced this decision," Facebook said in a blog post.

Some in the advertising industry see the moves as part privacy, part self-interest on the part of Apple. Apple also offers advertising, and by limiting the amount of data outside marketers collect, Apple's access to the data becomes more valuable. "I think there's probably 30 percent truth in that they're doing it for privacy reasons and it's 70 percent that they're doing it because it's what's good for Apple," said Nick Jordan, founder of Narrative I/O, which helps companies gather data for advertising. "It's a question for regulators and courts whether they should be able to wield the power they do over this ecosystem," he said. "They created it, but can they rule it with an iron fist...?"

Apple says that when customers open apps, they'll be asked whether they'd like to give that specific app permission to track them with something called an "ID for Advertisers," or IDFA. Apple created the IDFA in 2012 to help app developers earn money on iOS. The unique number, assigned to iPhone customers, allows advertisers to track their movements around websites and apps by following that unique identifier... With the new pop-up messages, customers will be forced to make a choice. It is likely that most consumers will opt out of being tracked. Facebook said in a blog post that it would render its off-platform ad network so ineffective that it may not make sense to offer it to developers at all. Facebook said that in testing it had seen a more than 50% drop in revenue as a result of the loss of data from Apple...

"There's been no discussion, no commercial transaction. They're saying this is what we decided is right in the name of privacy and this is what we're going to do," said Stuart Ingis, a partner at the law firm Venable who represents the Partnership for Responsible Addressable Media, an association of advertisers.
"Personally, I don't see the problem here," argues Slashdot reader JustAnotherOldGuy.

The Post notes that Apple runs its own advertising business based on data gathered from its users — but Apple's director of privacy engineering "doesn't consider this data gathering 'tracking'...because Apple collects the data from its own users on its own apps and other services. Facebook and other advertisers, Apple says, gather data on users even when they're not using Facebook."

India has released the source code of its contact-tracing app, Aarogya Setu, to the relief of privacy and security experts who have been advocating for this ever since the app launched in early April. From a report: Ministry of Electronics and Information Technology Secretary Ajay Prakash Sawhney made the announcement on Tuesday, dubbing the move "opening the heart" of the Aarogya Setu app to allow engineers to inspect and tinker with the code. The app has amassed over 114 million users in less than two months -- an unprecedented scale globally. The source code of Aarogya Setu's Android app is live on GitHub with code of iOS and KaiOS apps slated to release in a "few weeks." Nearly 98% of the app's users are on the Android platform. Sawhney said the government will also offer cash prizes of up to $1,325 to security experts for identifying and reporting bugs and vulnerabilities. "Open-sourcing Aarogya Setu is a unique feat for India. No other government product anywhere in the world has been open-sourced at this scale," said Amitabh Kant, chief executive of government-run think-tank NITI Aayog, in a press conference today.

The State of Software Security (SOSS): Open Source Edition "analyzed the component open source libraries across the Veracode platform database of 85,000 applications which includes 351,000 unique external libraries," reports TechRepublic. "Chris Eng, chief research officer at Veracode, said open source software has a surprising variety of flaws." "An application's attack surface is not limited to its own code and the code of explicitly included libraries, because those libraries have their own dependencies," he said. The study found that 70% of applications have a security flaw in an open source library on an initial scan.
Other findings from the report:

• The most commonly included libraries are present in over 75% of applications for each language.

• 47% of those flawed libraries in applications are transitive.

• More than 61% of flawed libraries in JavaScript contain vulnerabilities without corresponding common vulnerabilities and exposures (CVEs).

• Fixing most library-introduced flaws can be done with a minor version upgrade.

• Using any given PHP library has a greater than 50% chance of bringing a security flaw along with it.

Customers trying to avoid online delivery platforms like Grubhub by calling restaurants directly might be dialing phone numbers generated and advertised by those very platforms -- for which restaurants are charged fees that can sometimes exceed the income the order generates. BuzzFeed News reports: Here's how phone fees work: Grubhub (which also owns Seamless, MenuPages, Tapingo, and LevelUp) generates a unique phone number for each restaurant on its platform; it appears on the restaurant's Grubhub or Seamless page and redirects to the restaurant's own phone line (a restaurant cannot list its own phone number on its Grubhub or Seamless page). The redirect number can also appear higher in Google search results (including the Google panel for that business) than the restaurant's own line. This leads some customers to call it even if they don't intend to use Grubhub. Some restaurant owners have also raised this concern about Yelp, which lists Grubhub numbers, according to Vice.

This is a long-standing practice for Grubhub, which was founded in 2004 and charged a commission for phone orders before online ordering took off. When a Grubhub number is dialed, the caller hears an automated message that says "Press 1 to place an order. Press 2 for all other information." It does not mention Grubhub. After the caller is connected, the platform can charge the restaurant a fee. Each restaurant's phone order fee is a flat dollar amount based on a percentage of its average sale. Grubhub charges that fee using an algorithm (which factors in a number of things, including the length of the call) -- even, in some cases, when it did not result in an order. A restaurant owner can challenge a phone charge within a certain period of time, but the onus is on them to see which charges are erroneous. The practice is now coming under fire as it further squeezes businesses already stretched thin by the coronavirus pandemic and the lockdowns.

"On Wednesday, the New York City Council passed a bill prohibiting platforms from charging for telephone calls in which a transaction did not take place during the state of emergency," the report says. "It also capped fees that platforms may charge restaurants for orders and deliveries during an emergency."

Michael Lynch, blogger and former software engineer at Microsoft and Google, discovered that the payment processing platform Stripe and its official JavaScript library records all browsing activity on its customers' websites and reports it back to the company. Lynch says this data includes the following:

1. Every URL the user visits on my site, including pages that never display Stripe payment forms
2. Telemetry about how the user moves their mouse cursor while browsing my site
3. Unique identifiers that allow Stripe to correlate visitors to my site against other sites that accept payment via Stripe

In his blog post, Lynch shares what he found, who else it affects, and how you can limit Stripe's data collection in your web applications. Here's how he says he made the discovery: I discovered this by accident while adding paid plans to my portfolio rebalancer. As part of development, I was using an HTTP proxy that allows me to inspect HTTP traffic from my browser. After successfully implementing my app's payment flow with Stripe, I noticed that every page navigation generated a new HTTP POST request to a Stripe URL. This was strange because none of the pages I visited contained any calls to Stripe's library. In fact, my app doesn't collect payment information from users until they create an account, but Stripe was making HTTP requests when I landed on my app's homepage as a brand new user with no cookies or stored credentials. "I looked around for an official disclosure from Stripe about this behavior, but I couldn't find anything," adds Lynch. "The closest I found is this vague paragraph on their npm package description, which the Stripe support rep quoted to me: 'To best leverage Stripe's advanced fraud functionality, ensure that Stripe.js is loaded on every page, not just your checkout page. This allows Stripe to detect anomalous behavior that may be indicative of fraud as customers browse your website.'"

"The privacy policy is a bit more specific about the data they collect, but it implies that they're collecting this data on stripe.com rather than on customer sites," writes Lynch. "Worryingly, the privacy policy also includes loose wording that allows Stripe to sell this data to advertisers: 'When you visit our Sites or online services, both we and certain third parties collect information about your online activities over time and across different sites to provide you with advertising about products and services tailored to your individual interests.'"

The Washington Post describes it as "the next internet." Wikipedia defines it as "a collective virtual shared space...including the sum of all virtual worlds, augmented reality, and the Internet." But it was Neal Stephenson who named it "the metaverse" in his 1992 science fiction novel Snow Crash.

Are we closer to seeing it happen? The Washington Post reports: In the past month, office culture has coalesced around video chat platforms like Zoom, while personal cultural milestones like weddings and graduations are being conducted in Nintendo's Animal Crossing: New Horizons. The Metaverse not only seems realistic — it would probably be pretty useful right about now. The Metaverse reality is still years, possibly decades, away. But Epic Games CEO Tim Sweeney has been publicly pushing for its creation, and he isn't alone in his desire to push for the Metaverse, where the online world echoes and fulfills real-world needs and activities. Constructing the virtual Internet space is Silicon Valley's macro goal, many of whom are obsessed with Neal Stephenson's 1992 book, "Snow Crash," which defined the term.

In recent years, Facebook, Google and Samsung have all made heavy investments in cloud computing and virtual reality companies in anticipation of a Metaverse... But it's Epic Games, with Fortnite, that has the most viable path forward in terms of creating the Metaverse, according to an essay by venture capitalist and former Amazon executive Matthew Ball... [The article also notes other "traits" of the metaverse in Minecraft and Roblox.] The most widely agreed core attributes of a Metaverse include always being live and persistent — with both planned and spontaneous events always occurring — while at the same time providing an experience that spans and operates across platforms and the real world. A Metaverse must also have no real cap on audience, and have its own fully functioning economy... Fortnite hasn't reached Metaverse status yet. But Fortnite as a social network and impossible-to-ignore cultural phenomenon, Ball says, provides Epic Games a key advantage for leading in the Metaverse race. Fortnite draws a massive, willing and excited audience online to engage with chaotically clashing intellectual properties... "This organic evolution can't be overemphasized," Ball writes in his essay. "If you 'declared' your intent to start a Metaverse, these parties would never embrace interoperability or entrust their IP. But Fortnite has become so popular and so unique that most counterparties have no choice but to participate... Fortnite is too valuable a platform...."

The current swarm to an online-only social and capitalist economy has only highlighted the current Internet's failings, and what the Metaverse needs to do, Ball said. Big sites like Facebook, Google and Amazon continue to dominate online activity, as do larger streaming services like YouTube and Netflix. But each location requires its own membership and has separate ecosystems. "Right now, the digital world basically operates as though every restaurant and bar you go to requires a different ID card, has a different currency, requires their own dress codes and has their own units [of service and measurement]," Ball said. "It is clear that this really advantages the biggest services. People are just sticking to the big games, really. However there's a clear argument that reducing network lock-in can really raise all boats here."

Sweeney said as much in his DICE Summit keynote speech February. If the game industry wants to reshape the Internet and move away from Silicon Valley's walled gardens, Sweeney stressed that publishers need to rethink economies in the same way email was standardized... "We need to give up our attempts to each create our own private walled gardens and private monopoly and agree to work together and recognize we're all far better off if we connect our systems and grow our social graphs together.
Neal Stephenson answered questions from Slashdot readers back in 2004.

On Wednesday, Mozilla chair and longtime leader Mitchell Baker was named permanent CEO of the company that makes the Firefox web browser. From a report: Mitchell became interim CEO of Mozilla in December 2019, after former CEO Chris Beard resigned. The company conducted an external candidate search over the last eight months, and concluded the Mitchell is the right leader for Mozilla at this time, according to a company blog post published Wednesday. "Increasingly, numbers of people recognize that the internet needs attention," Baker said in another Mozilla blog post Wednesday. "Mozilla has a special, if not unique role to play here. It's time to tune our existing assets to meet the challenge. It's time to make use of Mozilla's ingenuity and unbelievable technical depth and understanding of the "web" platform to make new products and experiences. It's time to gather with others who want these things and work together to make them real."

Google is now backing a standard proposed by Apple engineers in January to create a default format for one-time passcodes (OTP) sent via SMS to users during the two-factor authentication (2FA) process. From a report: The standard, proposed by Apple engineers working on the Safari WebKit project, has now reached the status of official Web Platform Incubator Community Group (WICG) specification draft. "We've moved 'Origin-bound one-time codes delivered via SMS' to @wicg_, where we're working on a shared spec with our collaborators at Google. Please take a look! Updated explainer, and specification," wrote Apple's Ricky Mondello. The proposal aims to fix some issues with the current state of SMS 2FA/OTP codes, all of which have different formats, unique per the websites sending the codes.