Plague Inc. maker Ndemic Creations says the game has been removed from sale on the iOS App Store in China because the relevant authorities say it “includes content that is illegal in China as determined by the Cyberspace Administration of China.”

The popular game—which asks players to shepherd a virus' deadly spread around the world—has been available on the Chinese App Store for years without issue. Ndemic says it's "not clear to us if this removal is linked to the ongoing coronavirus outbreak that China is facing," but it certainly seems like the most likely proximate cause.

"This situation is completely out of our control," Ndemic writes. "We are working very hard to try and find a way to get the game back in the hands of Chinese players—we dont want to give up on you—however, as a tiny independent games studio in the UK, the odds are stacked against us. Our immediate priority is to try and make contact with the Cyberspace Administration of China to understand their concerns and work with them to find a resolution."

Plague Inc. saw a spike in popularity in China and other countries following initial reports of the coronavirus outbreak. In the wake of that surge, Ndemic issued a statement last month urging players not to treat the game as a "scientific model" for the spread of any disease. Reports of new coronavirus cases are now larger outside of China than within the country, where the outbreak has been in decline since February 2.

World events aside, Plague Inc. also received an early December "Fake News" update that added "a radically different scenario which lets you create your very own Fake News story and deceive the world with it," according to the game's public patch notes. Industry analyst Daniel Ahmad notes on Twitter that China has in the past restricted games that "harm the public ethics, disrupt social order, or undermine social stability," including titles that contain "false information."

China has a long history of placing restrictions on mobile apps sold in the country, pulling everything from communication and Read More – Source

arstechnica

If you're feeling extremely cynical about social media's preparedness for the rest of the madcap 2020 election season, you're in good company: A whopping three-quarters of Americans don't expect Facebook, Twitter, or other large platforms to handle this year any better than they handled 2016.

That finding comes from the Pew Research Center, which polled Americans about their confidence in tech platforms to prevent "misuse" in the current election cycle. A large majority of respondents think platforms should prevent misuse that could influence the election, but very few think they actually will.

Overall, only 25 percent of respondents said they were very or somewhat confident in tech platforms' ability to prevent that kind of misuse, Pew found. Meanwhile, 74 percent reported being not too confident or not at all confident that services would be able to do so. The responses were extremely similar across both Republican-leaning and Democratic-leaning respondents.

A similar number, 78 percent, said technology companies have a responsibility to prevent their platforms from being misused. Here, Pew did find fairly significant differences in response—not by political affiliation or belief, but instead by age. While less than three-quarters of respondents under age 50 felt the platforms needed to step up responsibility, a striking 88 percent of seniors over age 65 replied that social media services have a duty to prevent abuse.

Younger respondents were also the most likely to think that platforms could or would do something about it: 31 percent of those ages 18-29 said they were confident in tech firms to prevent election-influencing misuse. That number dropped to 26 percent among those ages 30-49, 24 percent among those ages 50-64, and only 20 percent among respondents over 65.

The 2020 trenches

We are, at long last, actually shambling through the primary election season, with Super Tuesday landing in less than a week. The trouble with 2020, though, has been known since the curtain closed on the troubled 2016 election cycle. And the challenges are both foreign and domestic.

Russia's use of social media to influence the outcome of the 2016 election is by now extremely well-documented and well-known. A report (PDF) from the Senate Intelligence Committee rounded up and outlined the methods that Russia's Internet Research Agency (IRA) used to launch "an information warfare campaign designed to spread disinformation and societal division in the United States," including planted fake news, carefully targeted ads, bot armies, and other tactics. The IRA used, and uses, several different platforms, including Twitter, YouTube, and Reddit, but its primary vehicles for outreach are Facebook and Instagram.

In an attempt to mitigate the harm social media can do during election season, Twitter updated its election integrity policy in April and moved to ban all political advertising from candidates starting last November. Google a short time later tightened its rules on false claims and microtargeting in political advertising.

Facebook, however, is taking a different approach. The globe-spanning social network has repeatedly said its standards do not apply to politicians, and political ads can be full of lies without falling afoul of Facebook's rules. There are nominally some limits—attempting to suppress voter turnout or census participation, for example, will get your ad kicked off the service. But attempts to consistently enforce that twisting and dotted line are not going well. In lieu of prohibiting deliberately misleading content, Facebook has said the onus is on users to simply try to see less of it.

Facebook does work regularly to remove what it terms "coordinated Read More – Source

arstechnica

When you hear the name Crash Bandicoot, you probably think of it as Sony's platformy, mascoty answer to Mario and Sonic. Before getting the full Sony marketing treatment, though, the game was developer Naughty Dog's first attempt at programming a 3D platform game for Sony's brand-new PlayStation. And developing the game in 1994 and 1995—well before the release of Super Mario 64—involved some real technical and game design challenges.

In our latest War Stories video, coder Andy Gavin walks us through a number of the tricks he used to overcome some of those challenges. Those include an advanced virtual memory swapping technique that divided massive (for the time) levels into 64KB chunks. Those chunks could be loaded independently from the slow (but high-capacity) CD drive into the scant 2MB of fast system RAM only when they were needed for Crash's immediate, on-screen environment.

The result allowed for "20 to 30 times" the level of detail of a contemporary game like Tomb Raider, which really shows when you look at the game's environments. Similar dynamic memory management techniques are now pretty standard in open-world video games, and they all owe a debt of gratitude to Gavin's work on Crash Bandicoot as a proof of concept.

Squeezing memory for stretchy animation

Getting expressive, stretchy Warner Bros.-style animation was also a priority for Gavin and partner Jason Rubin—so much so that Crash himself used up 600 Read More – Source

arstechnica

Chinese company Huawei announced Thursday it will build a factory in France to produce its equipment, it said in a statement, marking a first for the telecom giant in Europe.

The site would employ 500 people and bring an investment of about €200 million “in the first phase.”

The company said it picked France because of its “excellence in terms of quality production,” is located “in the heart of Europe” and has a “mature industry.” It said the products produced on site would mainly serve the European market.

The factory will have a shoRead More – Source

politico

The battle over vaccinations ramped up in Connecticut this week as state lawmakers narrowly advanced a bill—with last-minute amendments—aimed at banning religious vaccine exemptions for children.

If passed, the measure will no longer allow parents to cite their religious beliefs as a valid reason not to provide their children with life-saving immunizations, which are otherwise required for entry into public and private schools and daycares.

The legislatures public health committee passed the bill Monday in a 14-11 vote bu t not before making a last-minute amendment that would grandfather in children who already have such an exemption. As passed, the amended legislation would only apply to children newly enrolling.

The bill was spurred by reports from state health officials of a 25 percent spike in religious exemptions from last year, lowering overall vaccination rates in state schools. According to the Connecticut health department, 2.5 percent of kindergartners have religious exemptions. The department estimated that about 7,800 children were granted a religious exemption in the 2018-2019 school year.

As such, the statewide rate of measles, mumps, rubella (MMR) vaccination among kindergartners dropped 0.4 percentage points in the past year, bringing the current rate to 95.9 percent. While health officials consider 95 percent the threshold for effective herd immunity, vaccination rates are not consistent across schools. That is, some schools have clusters of unvaccinated children, increasing their risk of outbreaks. According to state data, 134 schools have MMR rates below 95 percent, and 41 schools have MMR rates below 90 percent.

“Witches brew”

“The risk of unvaccinated children is going to increase” if lawmakers do nothing, Democratic state Sen. Saud Anwar, a physician from South Windsor, told the Hartford Courant. “Its happening in other parts of the world.”

But, as in other states, anti-vaccine advocates were swift to protest the proposed law. Last week, a public hearing on the bill reportedly drew thousands of people, and hundreds of anti-vaccine advocates signed up to testify. The hearing stretched on for an exhausting 21 hours. Anti-vaccine advocates returned to the capitol Monday to protest the bill.

The protests clearly influenced lawmakers decisions, with some suggesting that the anti-vaccine protests should spur a slower review of the bill.

“The Democrat leadership of the Public Health Committee ignored over 20 hours of public testimony and the voices of over 5,000 citizens to rush a bill without giving the advocates the courtesy of reviewing last-second changes," Senate Republican leaRead More – Source

arstechnica

YouTube is a private forum and therefore not subject to free-speech requirements under the First Amendment, a US appeals court ruled today. "Despite YouTube's ubiquity and its role as a public-facing platform, it remains a private forum, not a public forum subject to judicial scrutiny under the First Amendment," the court said.

PragerU, a conservative media company, sued YouTube in October 2017, claiming the Google-owned video site "unlawfully censor[ed] its educational videos and discriminat[ed] against its right to freedom of speech."

PragerU said YouTube reduced its viewership and revenue with "arbitrary and capricious use of 'restricted mode' and 'demonetization' viewer restriction filters." PragerU claimed it was targeted by YouTube because of its "political identity and viewpoint as a non-profit that espouses conservative views on current and historical events."

But a US District Court judge dismissed PragerU's lawsuit against Google and YouTube, and a three-judge panel at the US Court of Appeals for the 9th Circuit upheld that dismissal in a unanimous ruling today.

"PragerU's claim that YouTube censored PragerU's speech faces a formidable threshold hurdle: YouTube is a private entity. The Free Speech Clause of the First Amendment prohibits the government—not a private party—from abridging speech," judges wrote.

PragerU claimed that Google's "regulation and filtering of video content on YouTube is 'State action' subject to scrutiny under the First Amendment." While Google is obviously not a government agency, PragerU pointed to a previous appeals-court ruling to support its claim that "[t]he regulation of speech by a private party in a designated public forum is 'quintessentially an exclusive and traditional public function' sufficient to establish that a private party is a 'State actor' under the First Amendment." PragerU claims YouTube is a "public forum" because YouTube invites the public to use the site to engage in freedom of expression and because YouTube representatives called the site a "public forum" for free speech in testimony before Congress.

Hosting speech doesnt make YouTube a state actor

Appeals court judges were not convinced. They pointed to a Supreme Court case from last year in which plaintiffs unsuccessfully "tested a theory that resembled PragerU's approach, claiming that a private entity becomes a state actor through its 'operation' of the private property as 'a public forum for speech.'" The case involved public access channels on a cable TV system.

The Supreme Court in that case found that "merely hosting speech by others is not a traditional, exclusive public function and does not alone transform private entities into state actors subject to First Amendment constraints."

"If the rule were otherwise, all private property owners and private lessees who open their property for speech would be subject to First Amendment constraints and would lose the ability to exercise what they deem to be appropriate editorial discretion within that open forum," the Supreme Court decision last year continued.

Ruling against PragerU's First Amendment claim was ultimately a "straRead More – Source

arstechnica

Mobile World Congress had to stay home sick this year with the coronavirus, but that's not stopping the mobile industry from making a bunch of announcements this week. LG has announced its obligatory Snapdragon 865 smartphone: the "LG V60 ThinQ."

The phone has Qualcomm's latest SoC, the Snapdragon 865, along with the X55 5G modem. LG's spec sheet does not say what kind of 5G (really, LG?) but Android Police reports that there is "mmWave exclusive to Verizon, and sub-6 for everyone, including AT&T." The phone has a 6.8-inch 2460×1080 OLED display, 8GB of RAM, 128GB or 256GB of storage, a microSD slot, and a 5Read More – Source

arstechnica

For years now, downloadable PC gaming retailer GOG has offered a "money-back guarantee" only if a game you bought "doesn't work" on your hardware. Today, the company has removed that requirement, offering an expansive new refund policy for up to 30 days after purchase, "even if you downloaded, launched, and played [the game]."

While users won't have to provide a reason for their refund request when contacting customer support, GOG says in an FAQ that it reserves the right to "refuse refunds in… individual cases." More broadly, that means the company will be "monitoring the effects of the current update to make sure no one is using this policy to hurt the developers that put their time and heart into making great games."

That monitoring could end up being important, because all of GOG's games are offered without any DRM protection. That would seemingly make it trivial for a customer to purchase and download a game, create a fully functional backup, and then ask for a refund while keeping an essentially free copy.

Even failing that, for many games a 30-day window provides enough time for an average player to play the game to completion before asking for a refund. Steam's current refund policy limits players to 14 days and two hours of total playtime for this very reason.

How generous is too generous?

While GOG isn't declaring any pre-set limits on how many refunds can be requested for a single account, the company asks that users "don't take advantage of our trust by asking for an unreasonable amount of games to be refunded. Don't be that person. No one likes that person."

"We trust that you're making informed purchasing decisions and will use this updated voluntary Refund Policy only if something doesn't work as you expected," the FAQ continues. "Please respect all the time and hard work put into making the games you play and remember that refunds are not reviews. If you finished the game and didn't like it, please consider sharing your opinion instead."

GOG echoed that sentiment in a tweet accompanying the announcement, saying that "this update was possible thanks to our community's respect for all the time and hard work put into creating the games you buy on GOG.com and playing by the rules. We can only hope and encourage users to continue to do so."

GOG's new policy offers much more generous terms than competing online gaming platforms. Most competing services only offer a 14-day window after purchase for requesting a refund. That might be guided by Europe's recently enacted digital refund regulations, which require retailers to offer EU citizens refunds for any reason within that time period.

OutsidRead More – Source

arstechnica

Clearview, a secretive facial-recognition startup that claims to scrape the Internet for images to use, has itself now had data unexpectedly scraped, in a manner of speaking. Someone apparently popped into the company's system and stole its entire client list, which Clearview to date has refused to share.

Clearview notified its customers about the leak today, according to The Daily Beast, which obtained a copy of the notification. The memo says an intruder accessed the list of customers, as well as the number of user accounts those customers set up and the number of searches those accounts have conducted.

"Unfortunately, data breaches are part of life in the 21st century," Tor Ekeland, an attorney for Clearview, told The Daily Beast. "Our servers were never accessed. We patched the flaw and continue to work to strengthen our security."

Clearview vaulted from obscurity to the front page following a report by The New York Times in January. The paper described Clearview as a "groundbreaking" service that could completely erode privacy in any meaningful way.

The company at the time claimed to have in place 600 agreements with law enforcement agencies to use its software, which allegedly aggregated more than 3 billion facial images from other apps, platforms, and services. Those other platforms and their parent companies—including Twitter, Google (YouTube), Facebook (and Instagram), Microsoft (LinkedIn), and Venmo—all sent Clearview cease and desist letters, claiming its aggregation of images from their services violates their policies.

Clearview, which stresses its service is "available only to law enforcement agencies and select security professionals," refused repeatedly to share client lists with reporters from several outlets. Reporters from The New York Times and BuzzFeed both dove into several of the company's marketing claims and found some strong exaggerations. Clearview boasts that its technology helped lead to the arrest of a would-be terrorist in New York City, for example, but the NYPD told BuzzFeed Clearview had nothing to do with the case.

In the face of public criticism, the company made exactly two blog posts, each precisely two paragraphs long. The first, under the subject line "Clearview is not a consumer application," insists, "Clearview is NOT available to the public," emphasis theirs. It adds, "While many people have advised us that a public version would be more profitable, we have rejected the idea."

Four days later, the company added another post, stressing that its code of conduct "mandates that investigators use our technology in a safe anRead More – Source

arstechnica

SAN FRANCISCO — Billions of devices—many of them already patched—are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air, researchers said on Wednesday at the RSA security conference.

The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter whose Wi-Fi business was acquired by Cypress in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, Raspberry Pi 3s, and Wi-Fi routers from Asus and Huawei. Eset, the security company that discovered the vulnerability, said the flaw primarily affects Cyperess and Broadcoms FullMAC WLAN chips, which are used in billions of devices. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126.

Manufacturers have made patches available for most or all of the affected devices, but its not clear how many devices have installed the patches. Of greatest concern are vulnerable wireless routers, which often go unpatched indefinitely.

“This results in scenarios where client devices that are unaffected (either patched or using different Wi-Fi chips not vulnerable to Kr00k) can be connected to an access point (often times beyond an individuals control) that is vulnerable,” Eset researchers wrote in a research paper published on Wednesday. “The attack surface is greatly increased, since an adversary can decrypt data that was transmitted by a vulnerable access point to a specific client (which may or may not be vulnerable itself).”

A key consisting of all zeros

Kr00k exploits a weakness that occurs when wireless devices disassociate from a wireless access point. If either the end-user device or the access point is vulnerable, it will put any unsent data frames into a transmit buffer and then send them over the air. Rather than encrypt this data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros, a move that makes decryption trivial.

Disassociation typically happens when a client device roams from one Wi-Fi access point to another, encounters signal interference, or has its Wi-Fi turned off. Hackers within range of a vulnerable client device or access point can easily trigger disassociations by sending whats known as management frames, which arent encrypted and require no authentication. This lack of security allows an attacker to forge management frames that manually trigger a disassociation.

With the forced disassociation, vulnerable devices will typically transmit several kilobytes of data thats encrypted with the all-zero session key. The hacker can then capture and decrypt the data. Eset researcher Robert Lipovsky told me hackers can trigger multiple disassociations to further the chances of obtaining useful data.

The following two diagrams help illustrate how the attack works.

Eset researchers determined that a variety of devices are vulnerable, including:

• Amazon Echo 2nd gen
• Amazon Kindle 8th gen
• Apple iPad mini 2
• Apple iPhone 6, 6S, 8, XR
• Apple MacBook Air Retina 13-inch 2018
• Google Nexus 5
• Google Nexus 6
• Google Nexus 6S
• Raspberry Pi 3
• Samsung Galaxy S4 GT-I9505
• Samsung Galaxy S8
• Xiaomi Redmi 3S

The researchers also found that the following wireless routers are vulnerable:

• Asus RT-N12
• Huawei B612S-25d
• Huawei EchoLife HG8245H
• Huawei E5577Cs-321

An Apple spokesman said the vulnerabilities were patched last October with details for macOS here and for iOS and iPadOS here.

Manufacturers of other vulnerable devices that still receive patch support couldn't immediately be reached for comment.

The researchers tesRead More – Source

arstechnica