New documents from a class action against Meta "reveal some of the specific ways it tackled rivals in recent years," reports the Observer.

"One of them was using software made by a mobile data analytics company called Onavo in 2016 to access user activities on Snapchat, and eventually Amazon and YouTube, too." Facebook acquired Onavo in 2013 and shut it down in 2019 after a TechCrunch report revealed that the company was paying teenagers to use the software to collect user data.

In 2020, two Facebook users filed a class action lawsuit in the U.S. District Court for the Northern District of California against Meta, then called Facebook, alleging the company engaged in anticompetitive practices and exploited user data. In 2023, the plaintiffs' attorney Brian J. Dunne submitted documents listing how Facebook used Onavo's software to spy on competitors, including Snapchat. According to the documents, made public this week, the Onavo team pitched and launched a project codenamed "Ghostbusters" — in reference to the Snapchat logo — where they developed "kits that can be installed on iOS or Android that intercept traffic for specific sub-domains," allowing them "to read what would otherwise be encrypted traffic so we can measure in-app usage."

The documents also included a presentation from the Onavo team to Mark Zuckerberg showing that they had the ability to track "detailed in-app activity" by "parsing Snapchat analytics collected from incentivized participants in Onavo's program...." The technology was used to do the same to YouTube from 2017 to 2018 and Amazon in 2018, according to the documents. "The intended and actual result of this program was to harm competition, including Facebook's then-nascent Social Advertising competitor Snapchat," the document alleged.

"Google is testing the ability to automatically archive and delete inactive tabs in Chrome on Android," writes Windows Report: The experimental feature, called Tab Declutter, aims to simplify tab management by automating the process... After a set period of inactivity, Chrome will automatically archive inactive tabs. You will no longer see the archived tabs but you will be able to retrieve them if needed.

As for deleting the tabs, you can set Chrome to remove them after a longer period of inactivity. This feature will free up memory and improve the browser's performance. Obviously, you will have control over the archival threshold and the period of time after which the browser takes action... obviously, you will have control over the archival threshold and the period of time after which the browser takes action

A Linux Foundation subsidiary has developed a free and open-source 3D game engine distributed under the Apache license. And last week the Open 3D Foundation announced "a big step forward, showcasing the power of open-source technologies in giving gamers around the globe unforgettable gaming experiences."

"We are proud to unveil MadWorld as the first mobile title powered by O3DE," said Joe Bryant, Executive Director of the Open 3D Foundation, "demonstrating the large potential of open-source technologies in game development."

And then this week Los Angeles Business Journal reported that El Segundo-based gaming studio Carbonated Inc. "has raised $11 million of series A funding to finance the development and release of its debut game title... Prior to its most recent round, Carbonated closed an $8.5 million seed funding round in 2020, which also included participation from Andreessen and Bitkraft." Since its founding [in 2015], the company has been focusing on research and development for its upcoming first title, called "MadWorld." The third-person, multiplayer shooter game is set in a post-apocalyptic world and features both player-versus-player and player-versus-environment features. Players of the game will battle for land control in a dystopian setting. Using a combination of open-source mapping tools and Carbonated's proprietary custom operations technology, called Carbyne, the game's world is designed around real-life cities and locations. Players are initially dropped into the game's version of their own real-time location.

The game allows players to optionally engage using blockchain technology with a digital asset-ownership layer powered by a blockchain network called XPLA.
Earlier this month Madworld "opened up for Early Access registration," reports the egamers web site, arguing that the game "is set to redefine the gaming landscape and will make its public debut later this year." After a catastrophic event named "The Collapse," MadWorld takes place in a desolate Earth where players engage in a battle for survival, highlighting the game's unique setting and immersive experience. The game's world is intricately designed with 250,000 land plots mapped out on a hexagonal grid, each presenting unique resources and strategic benefits. This innovative approach to game design enhances the gameplay experience and introduces a new layer of strategy and competition.

MadWorld's gameplay is centered around integrating Web3 technologies, which allows for the ownership, enhancement, and trading of tokenized representations of real-world locations. This feature encourages players to create clans and work together or compete for essential resources that are spread across the vast game world. Clans can acquire these resources by paying tributes to NFT landowners using "Rounds," the in-game currency. This mechanism not only fosters a sense of community and teamwork but also creates unique economic opportunities within the game by blending traditional gaming elements with the emerging field of digital assets.
"With its use of O3DE, Carbonated can enhance the game's visual fidelity, performance, and scalability," according to the Linux Foundation's announcement, "in order to deliver a fast-paced adventure on mobile platforms." O3DE is an open-source game engine developed by a collaborative community of industry experts. It includes state-of-the-art rendering capabilities, dynamic lighting, and realistic physics simulation. These features have enabled Carbonated to build realistic dystopian environments and create action-packed gameplay in MadWorld.
According to its official site, MadWorld "is set to be released to the public sometime in 2024 and is currently being tested on iOS and Android operating systems."

Carbonated's CEO Travis Boatman made this prediction to the site Decrypt. "We think mobile is where the breakout will happen for Web3."

The Record reports: Ross Anderson, a professor of security engineering at the University of Cambridge who is widely recognized for his contributions to computing, passed away at home on Thursday according to friends and colleagues who have been in touch with his family and the University.

Anderson, who also taught at Edinburgh University, was one of the most respected academic engineers and computer scientists of his generation. His research included machine learning, cryptographic protocols, hardware reverse engineering and breaking ciphers, among other topics. His public achievements include, but are by no means limited to, being awarded the British Computer Society's Lovelace Medal in 2015, and publishing several editions of the Security Engineering textbook.
Anderson's security research made headlines throughout his career, with his name appearing in over a dozen Slashdot stories...

• 2023: Researchers Warn of 'Model Collapse' As AI Trains On AI-Generated Content

• 2021: 'Trojan Source' Bug Threatens the Security of All Code

• 2015: Factory Reset On Millions of Android Devices Doesn't Wipe Storage

• 2012: UK Web Snooping Plan Invades Privacy, Despite Claims To the Contrary

• 2010: Why "Verified By Visa" System Is Insecure

• 2008: Researchers Expose New Credit Card Fraud Risk

• 2006: "Security Engineering" Is Now Online. [The link from that 2006 post still works. Slashdot called Anderson's book "arguably the best information security book ever written" in one of two reviews, published in 2002 and 2010.]

• 2002:Security of Open vs. Closed Source Software.

• 2002: Analyzing Palladium

My favorite story? UK Banks Attempt To Censor Academic Publication.

"Cambridge University has resisted the demands and has sent a response to the bankers explaining why they will keep the page online..."

Court filings unsealed last week allege Meta created an internal effort to spy on Snapchat in a secret initiative called "Project Ghostbusters." Gizmodo: Meta did so through Onavo, a Virtual Private Network (VPN) service the company offered between 2016 and 2019 that, ultimately, wasn't private at all. "Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them," said Mark Zuckerberg in an email to three Facebook executives in 2016, unsealed in Meta's antitrust case on Saturday. "It seems important to figure out a new way to get reliable analytics about them... You should figure out how to do this."

Thus, Project Ghostbusters was born. It's Meta's in-house wiretapping tool to spy on data analytics from Snapchat starting in 2016, later used on YouTube and Amazon. This involved creating "kits" that can be installed on iOS and Android devices, to intercept traffic for certain apps, according to the filings. This was described as a "man-in-the-middle" approach to get data on Facebook's rivals, but users of Onavo were the "men in the middle."

Meta's Onavo unit has a history of using invasive techniques to collect data on Facebook's users. Meta acquired Onavo from an Israeli firm over 10 years ago, promising users private networking, as most VPNs do. However, the service was reportedly used to spy on rival social media apps through tens of millions of people who downloaded Onavo. It gave Facebook valuable intel about competitors, and this week's court filings seem to confirm that. A team of senior executives and roughly 41 lawyers worked on Project Ghostbusters, according to court filings. The group was heavily concerned with whether to continue the program in the face of press scrutiny. Facebook ultimately shut down Onavo in 2019 after Apple booted the VPN from its app store.

Telegram is offering a new way to earn a premium subscription free of charge: all you have to do is volunteer your phone number to relay one-time passwords (OTP) to other users. This, in fact, sounds like an awful idea -- particularly for a messaging service based around privacy. From a report: X user @AssembleDebug spotted details about the new program on the English-language version of a popular Russian-language Telegram information channel. Sure enough, there's a section in Telegram's terms of service outlining the new "Peer-to-Peer Login" or P2PL program, which is currently only offered on Android and in certain (unspecified) locations. By opting in to the program, you agree to let Telegram use your phone number to send up to 150 texts with OTPs to other users logging in to their accounts. Every month your number is used to send a minimum number of OTPs, you'll get a gift code for a one-month premium subscription. Boy does this sound like a bad idea, starting with the main issue: your phone number is seen by the recipient every time it's used to send an OTP.

FrankOVD shares a report: Here's a paragraph from the DOJ's antitrust lawsuit against Apple in full: "In addition to degrading the quality of third-party messaging apps, Apple affirmatively undermines the quality of rival smartphones. For example, if an iPhone user messages a non-iPhone user in Apple Messages -- the default messaging app on an iPhone -- then the text appears to the iPhone user as a green bubble and incorporates limited functionality: the conversation is not encrypted, videos are pixelated and grainy, and users cannot edit messages or see typing indicators.

"This signals to users that rival smartphones are lower quality because the experience of messaging friends and family who do not own iPhones is worse -- even though Apple, not the rival smartphone, is the cause of that degraded user experience. Many non-iPhone users also experience social stigma, exclusion, and blame for 'breaking' chats where other participants own iPhones. This effect is particularly powerful for certain demographics, like teenagers -- where the iPhone's share is 85 percent, according to one survey. This social pressure reinforces switching costs and drives users to continue buying iPhones -- solidifying Apple's smartphone dominance not because Apple has made its smartphone better, but because it has made communicating with other smartphones worse."

DOJ, in the court filing (PDF): Many prominent, well-financed companies have tried and failed to successfully enter the relevant markets because of these entry barriers. Past failures include Amazon (which released its Fire mobile phone in 2014 but could not profitably sustain its business and exited the following year); Microsoft (which discontinued its mobile business in 2017); HTC (which exited the market by selling its smartphone business to Google in September 2017); and LG (which exited the smartphone market in 2021). Today, only Samsung and Google remain as meaningful competitors in the U.S. performance smartphone market. Barriers are so high that Google is a distant third to Apple and Samsung despite the fact that Google controls development of the Android operating system.

Google's second developer preview for Android 15 has arrived, bringing long-awaited support for satellite connectivity alongside several improvements to contactless payments, multi-language recognition, volume consistency, and interaction with PDFs via apps. From a report: These developer-focused betas are a proving ground for features that will likely make it into the final public release scheduled for later this year. According to Google, public beta releases should be available to test between April and July. The latest developer preview addresses some nuisances and security concerns experienced by Android users, such as making apps more aware of why some services might be unavailable when devices are using a satellite connection. This is also the first official confirmation that Android 15 will come with satellite messaging, with Google's press release saying that the new preview includes support for "preloaded RCS applications to use satellite connectivity for sending and receiving messages."

The Justice Department sued Apple on Thursday, alleging the tech giant blocked software developers and mobile gaming companies from offering better options on the iPhone, resulting in higher prices for consumers. WSJ: The government's antitrust complaint, filed in a New Jersey federal court, alleges Apple used its control of the iPhone to prevent competitors from offering innovative services such as digital wallets and limited the functionality of hardware products that compete with Apple's own devices. The suit also claims that Apple makes it difficult for users to switch to devices that don't use Apple's operating system, such as Android smartphones.

"Consumers should not have to pay higher prices because companies violate the antitrust laws," Attorney General Merrick Garland said in a statement. Apple said it plans to vigorously defend against the lawsuit. "This lawsuit threatens who we are and the principles that set Apple products apart in fiercely competitive markets," an Apple spokesman said in a statement. "If successful, it would hinder our ability to create the kind of technology people expect from Apple -- where hardware, software, and services intersect." The case against Apple is the last shoe to drop on the big four tech giants by U.S. antitrust officials.

During its State of Unreal presentation at GDC 2024 today, Epic Games confirmed its plans to bring the Epic Games Store to iOS and Android before the end of the year. The company also shared more details about its app marketplace for iOS in the European Union. As reported by 9to5Mac, Epic Games said it will take a 12% commission from sales. From the report: Epic says the terms for developers will be the same via the Epic Games Store on mobile as they are on the Epic Games Store on PC. As such, the company will take a 12% commission on all sales through the Epic Games Store. The revenue share is 100% for the developer during the first six months on the Epic Games Store. The Epic Games Store will feature Epic's own content, including Fortnite, alongside a selection of third-party partners. The company says it will share additional details in the lead-up to the launch later this year.

An anonymous reader quotes a report from Ars Technica: Google closed its Fitbit acquisition in 2021. Since then, the tech behemoth has pushed numerous changes to the wearable brand, including upcoming updates announced this week. While Google reshapes its fitness tracker business, though, some long-time users are regretting their Fitbit purchases and questioning if Google's practices will force them to purchase their next fitness tracker elsewhere.

As is becoming common practice with consumer tech announcements of late, Google's latest announcements about Fitbit seemed to be trying to convince users of the wonders of generative AI and how that will change their gadgets for the better. In a blog post yesterday, Dr. Karen DeSalvo, Google's chief health officer, announced that Fitbit Premium subscribers would be able to test experimental AI features later this year (Google hasn't specified when). "You will be able to ask questions in a natural way and create charts just for you to help you understand your own data better. For example, you could dig deeper into how many active zone minutes... you get and the correlation with how restorative your sleep is," she wrote. DeSalvo's post included an example of a user asking a chatbot if there was a connection between their sleep and activity and said that the experimental AI features will only be available to "a limited number of Android users who are enrolled in the Fitbit Labs program in the Fitbit mobile app."

Fitbit is also working with the Google Research team and "health and wellness experts, doctors, and certified coaches" to develop a large language model (LLM) for upcoming Fitbit mobile app features that pull data from Fitbit and Pixel devices, DeSalvo said. In a blog post yesterday, Yossi Matias, VP of engineering and research at Google, said Google wants to use the LLM to add personalized coaching features, such as the ability to look for sleep irregularities and suggest actions "on how you might change the intensity of your workout." Google's Fitbit is building the LLM on Gemini models that are tweaked on de-identified data from unspecified "research case studies," Matias said, adding: "For example, we're testing performance using sleep medicine certification exam-like practice tests." Other recent changes to Fitbit include a name tweak from Fitbit by Google, to Google Fitbit, as spotted by 9to5Google this week. Charge 5 users are especially concerned after users noticed their devices suddenly stopped holding a charge after a December firmware update was pushed. The problem has persisted with Google offering no solution other than offer discounts or, if the device was within its warranty period, a replacement.

"This is called planned obsolescence. I'll be upgrading to a watch style tracker from a different company. I wish Fitbit hadn't sold out to Google," a forum user going by Sean77024 wrote on Fitbit's support forum yesterday. "Others, like 2MeFamilyFlyer, have also accused Fitbit of planning Charge 5 obsolescence," notes Ars. "2MeFamilyFlyer said they're seeking a Fitbit alternative."

An anonymous reader writes: Mozilla Firefox 124 looks like a small update that only updates the Caret Browsing mode to also work in the PDF viewer and adds support for the Screen Wake Lock API to prevent devices from dimming or locking the screen when an application needs to keep running. The Firefox View feature has been updated as well in this release to allow users to sort open tabs by either recent activity (default setting) or tab order. Also, Firefox 124 expands Qwant's availability to all languages in the France region along with Belgium, Italy, Netherlands, Spain, and Switzerland.

This release also adds support for using HTTP(S) and relative URLs when creating WebSockets, as well as support for the AbortSignal: any() static method, which takes an iterable of abort signals and returns an AbortSignal (more details are available here). For Android users, Firefox 124 enables the Pull to Refresh feature, which is now more robust than ever, by default and adds support for the HTML drag and drop API when using a mouse, which accepts plain text or HTML text by the drop operation from external apps.

For macOS users, this release uses the fullscreen API for all types of full-screen windows, promising a better match to the expected macOS user experience for full-screen spaces, the Menubar, and the Dock. If you want to disable this feature, you'll need to set the full-screen-api.macos-native-full-screen preference to false in about:config. For Windows users, this release adds the ability to populate the Windows taskbar jump list more efficiently. According to Mozilla, this change should allow for a "smoother overall browsing experience."

An anonymous reader shared this report: After 20 years of development, the open source GnuCOBOL "has reached an industrial maturity and can compete with proprietary offers in all environments," said OCamlPro founder and GnuCOBOL contributor Fabrice Le Fessant, in a FOSDEM talk about the technology. GnuCOBOL turns COBOL source code into executable applications. It is very cross-platform, running Linux, BSD, many proprietary Unixes, macOS, and Windows, even Android. And the latest version, v.32, is being used in many commercial settings...

Sobisch noted that the GnuCOBOL is seeing a lot of commercial deployments, such as for banking back-end apps, many of which are being migrated from Micro Focus, with users reporting performance improvements as a result. The French DGFIP federal agency moved from a GCOS mainframe to GnuCOBOL, with the help of Le Fessant's firm.

Originally called OpenCOBOL, the project was started in 2002 and renamed GnuCOBOL in 2013. In the past three years, it has received attention from 13 contributors with 460 commits. Most Linux package managers have a copy of GnuCOBOL for the program for downloading... It can compile to C code (C89+), making it extremely portable, from mainframes to Raspberry Pi's, Sobisch said...

Also new is SuperBOL, a development studio for GnuCOBOL developed by Le Fessant's OCamlPro. It runs as a VSCode Extension and features a full COBOL processor (written in OCaml).

Google announced a major change to its Safe Browsing feature in Chrome today that will make the service work in real time by checking against a server-side list -- all without sharing your browsing habits with Google. From a report: Previously, Chrome downloaded a list of known sites that harbor malware, unwanted software and phishing scams once or twice per hour. Now, Chrome will move to a system that will send the URLs you are visiting to its servers and check against a rapidly updated list there. The advantage of this is that it doesn't take up to an hour to get an updated list because, as Google notes, the average malicious site doesn't exist for more than 10 minutes.

The company claims that this new server-side system can catch up to 25 percent more phishing attacks than using local lists. These local lists have also grown in size, putting more of a strain on low-end machines and low-bandwidth connections. Google is rolling out this new system to desktop and iOS users now, with Android support coming later this month.

Bill Toulas reports via BleepingComputer: Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid to researchers in 2022, the amount is still significant, showcasing a high level of community participation in Google's security efforts.

The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program's launch in 2010 has reached $59 million. For Android, the world's most popular and widely used mobile operating system, the program awarded over $3.4 million. Google also increased the maximum reward amount for critical vulnerabilities concerning Android to $15,000, driving increased community reports. During security conferences like ESCAL8 and hardwea.io, Google awarded $70,000 for 20 critical discoveries in Wear OS and Android Automotive OS and another $116,000 for 50 reports concerning issues in Nest, Fitbit, and Wearables. Google's other big software project, the Chrome browser, was the subject of 359 security bug reports that paid out a total of $2.1 million.

An anonymous reader quotes a report from Android Police: Seven years ago, Google announced that it would phase out all Chrome apps on Windows, Mac, and Linux by 2018 (it would actually take until 2023). In its place would be what the company called Progressive Web Apps (PWAs), web apps that can be installed on a user's desktop that act as if they are practically natural apps and programs. The idea grew quickly, with Chrome users having installed PWAs in record numbers by the beginning of 2022. Soon, every website will be installable on desktops through PWAs.

In Chrome Canary (the daily build version of Google Chrome and typically a couple of versions ahead of the stable build), websites can now be installed on desktops. As part of the latest daily build, Google has added an "Install page as app" option to the "Save and share" submenu on the desktop version (via @Leopeva64 on X). This makes clicking the app -- which is just the website made to look and feel like a native app -- always open in its own window. Sites that already have their own PWAs, like YouTube or Reddit, have been prompting users to install them for a while now and will have their "Install page as app" function actually showing the name of the site. For example, YouTube's entry will show as "Install YouTube." In February, it became possible to enable the flags necessary to make any website into a PWA, but it seems to have just now become fully implemented.

An APK teardown performed by Android Authority has revealed that Reddit is now using a Large Language Model (LLM) to detect harassment on the platform. From the report: Reddit also updated its support page a week ago to mention the use of an AI model as part of its harassment filter. "The filter is powered by a Large Language Model (LLM) that's trained on moderator actions and content removed by Reddit's internal tools and enforcement teams," reads an excerpt from the page. The Register reports: The filter can be enabled in a Reddit community's mod tools, but individual moderators will need to have permissions to change subreddit settings to enable it. The harassment filter can be set to low ("filters the least content but with the most accurate results") and high ("filters the most content but may be less accurate"), and also includes an explicit allow list to force the AI to ignore certain keywords, up to 15 of which can be added. Once enabled, the filter creates a new tag in the moderation queue called "potential harassment," which moderators can review for accuracy. Reddit's help page says the feature is now available on desktop and the official Reddit apps, though it's not clear when the feature was added.

In an updated support page, Apple says it won't let your iPhone update software installed by third-party app stores if you leave the European Union for more than 30 days. The Verge reports: Shortly after the EU's Digital Markets Act (DMA) went into effect on Wednesday, users noticed an Apple support page stating users would "lose access to some features" when leaving the EU "for short-term travel." But now, Apple has made this policy more specific by carving out a 30-day grace period, which could be inconvenient for frequent travelers. This doesn't change your ability to use alternative app marketplaces, however, as Apple says you can still use third-party stores to manage apps you've already installed. Further reading: Apple is Working To Make It Easier To Switch From iPhone To Android Because of the EU

Apple is preparing to allow EU-based iPhone users to uninstall its first-party Safari browser by the end of 2024 and is working on a more "user-friendly" way of transferring data "from an iPhone to a non-Apple phone" by fall 2025. From a report: That's according to a new compliance document published by the company, which outlines all the ways it's complying with the European Union's new Digital Markets Act that comes into force this week.

Other user-facing initiatives detailed in Apple's document include a "browser switching solution" to transfer data between browsers on the same device, which it plans to make available by late 2024 or early 2025. It'll also be possible to change the default navigation app on iOS by March 2025 in the EU. The document doesn't explicitly state whether any of these features will be available globally or whether they'll be exclusive to users in the EU. But many of the company's previously announced plans to comply with the DMA -- including the ability to run browser engines other than WebKit and install third-party app stores -- are only available in the bloc.