Security, Spoken

As Liverpool soccer player Roberto Firmino clutched out the only goal of the club's December 21 FIFA Club World Cup match before a live audience of over 45,000, at least twice as many fans were tuned in somewhere better suited to FIFA 20, the video game: the streaming platform Twitch. While the game roiled on, three of the top 10 livestreams listed in Twitch’s directory were simulcasts of the FIFA Club World Cup match—with 14,000, 33,000, and 53,000 viewers respectively. Learn about your ad choices: dovetail.prx.org/ad-choices

In March of last year, Mark Zuckerberg made a dramatic pledge: Facebook would apply end-to-end encryption to user communications across all of its platforms by default. The move would grant strong new protections to well over a billion users. It's also not happening any time soon. Learn about your ad choices: dovetail.prx.org/ad-choices

Facebook Pages give public figures, businesses, and other entities a presence on Facebook that isn't tied to an individual profile. The accounts behind those pages are anonymous unless a Page owner opts to make the admins public. You can't see, for example, the names of the people who post to Facebook on WIRED's behalf. But a bug that was live from Thursday evening until Friday morning allowed anyone to easily reveal the accounts running a Page, essentially doxxing anyone who posted to one. Learn about your ad choices: dovetail.prx.org/ad-choices

After nine Star Wars movies, two Star Wars stories, and countless TV show episodes, The Mandalorian has finally given us something utterly priceless. No, not Baby Yoda—although, yes, I would die for that damn thing. I refer to the Mandalorian himself: a protagonist who finally understands military tactics. He’s an expert at cover and concealment. He actually aims his shots. In the Mandalorian, the Star Wars universe for the first time has a character who engages in believable combat. Learn about your ad choices: dovetail.prx.org/ad-choices

After anxious days awaiting Iran's response to the US assassination of Qasem Soleimani, the country sent missiles flying at two Iraqi military that housed US troops—who knew about it well in advance, thanks to an early warning system that dates back to the Cold War. In a rare reversal from the norm, Donald Trump followed up by using Twitter to defuse tensions rather than escalate them further. Iran's still on a path to developing nuclear capabilities, but they won't get there any time soon. Learn about your ad choices: dovetail.prx.org/ad-choices

It won't come as much of a surprise that Facebook tracks you on its platform—that's why it can resurface your birthday photos from five years ago—but you might not yet realize the scope and the depth of its tracking all across the internet. Learn about your ad choices: dovetail.prx.org/ad-choices

Days before Christmas, at the height of the last-minute holiday shopping rush, an ominous message appeared on Amazon.com. It warned shoppers who used a popular browser extension called Honey that the service, which promises to track prices and discount codes, was “a security risk.” “Honey tracks your private shopping behavior, collects data like your order history and items saved, and can read or change any of your data on any website you visit,” the message read. Learn about your ad choices: dovetail.prx.org/ad-choices

Last month, both Google and Apple removed a popular social messaging app called ToTok from their official app stores. The decisions came after United States intelligence officials told The New York Times that the United Arab Emirates likely uses the app for state surveillance. The report and subsequent research also asserted ties between ToTok developer Breej Holding Ltd. and the Emirati government. But by Saturday, Google had quietly reinstated ToTok in its Play Store for Android. Learn about your ad choices: dovetail.prx.org/ad-choices

Over the holidays, the Russian government said it had completed a multi-day test of a national, internal internet known as RuNet, a bid to show that the country's online infrastructure could survive even if disconnected from the rest of the world. Learn about your ad choices: dovetail.prx.org/ad-choices

For years, US tensions with Iran have held to a kind brinksmanship. But the drone assassination of Iranian general Qasem Soleimani, widely understood to be the second most powerful figure in Iran, has dangerously escalated tensions. The world now awaits Iran's response, which seems likely to make new use of a tool that the country has already been deploying for years: its brigades of military hackers. Learn about your ad choices: dovetail.prx.org/ad-choices

Tuesday’s attack by Iran-backed Shiite militia supporters on the US Embassy in Baghdad, followed by Friday’s US killing of top Iranian commander Qasem Soleimani, sparked fears of an intense escalation of hostilities in the region. Analysts say US embassies and consulates are prime targets in the wake of these events, and personnel could be in jeopardy. “Iran isn’t going to let this go unanswered,” notes security analyst Brett Bruen, a former US diplomat. Learn about your ad choices: dovetail.prx.org/ad-choices

Facing growing scrutiny over censorship and security concerns, TikTok is borrowing a few pages from a playbook now standard at many American tech giants, in an effort to earn the trust of US users and lawmakers. The Chinese-owned video app said in October it would invite outside experts to review some of its content moderation policies, just as Facebook and YouTube have in the past. Learn about your ad choices: dovetail.prx.org/ad-choices

When this decade began, the ideal of the internet as a freewheeling intellectual playground remained largely intact: A medium that, after years of bubbly anticipation, had finally reached the mainstream and fulfilled its hype, bringing with it online marketplaces with infinite selection, viral videos, long-lost friends on Facebook, and even the hopes for new forms of protest and dissent against authoritarian regimes. Learn about your ad choices: dovetail.prx.org/ad-choices

Learn about your ad choices: dovetail.prx.org/ad-choices

For generations, millions of Star Wars fans have thought they were watching a good ol’ fashioned space opera. In fact, they’ve received a decades-long primer in geopolitics, warfare, and the tenets of leadership. This is on display again in the latest and final movie of the nine-film franchise, The Rise of Skywalker. Learn about your ad choices: dovetail.prx.org/ad-choices

Internet-connected gadgets like lightbulbs and fitness trackers are notorious for poor security. That's partly because they’re often made cheaply and with haste, which leads to careless mistakes and outsourcing of problematic parts. But it’s also partly due to the lack of computing power in the first place; it's not so easy to encrypt all that data with limited resources. Or at least that’s how the conventional wisdom goes. Learn about your ad choices: dovetail.prx.org/ad-choices

In 1986, Cliff Stoll’s boss at Lawrence Berkeley National Labs tasked him with getting to the bottom of a 75-cent accounting discrepancy in the lab’s computer network, which was rented out to remote users by the minute. Stoll, 36, investigated the source of that minuscule anomaly, pulling on it like a loose thread until it led to a shocking culprit: a hacker in the system. Learn about your ad choices: dovetail.prx.org/ad-choices

One of the most popular features of Facebook-owned WhatsApp is group messaging, which turns the app's end-to-end encrypted chats into social groups that can include up to 256 participants. But recent stumbles in group chat security—including a bug that could have let a hacker crash the app entirely—have shown that WhatsApp may need to keep a closer eye on these communal hubs. Learn about your ad choices: dovetail.prx.org/ad-choices

Google's password checking feature has slowly been spreading across the Google ecosystem this past year. It started as the "Password Checkup" extension for desktop versions of Chrome, which would audit individual passwords when you entered them, and several months later it was integrated into every Google account as an on-demand audit you can run on all your saved passwords. Now, instead of a Chrome extension, Password Checkup is being integrated into the desktop and mobile versions of Chrome 79. Learn about your ad choices: dovetail.prx.org/ad-choices

There's been a lot of creepy and concerning news about how Amazon's Ring smart doorbells are bringing surveillance to suburbia and sparking data-sharing relationships between Amazon and law enforcement. News reports this week are raising a different issue: hackers are breaking into users' Ring accounts, which can also be connected to indoor Ring cameras, to take over the devices and get up to all sorts of invasive shenanigans. Learn about your ad choices: dovetail.prx.org/ad-choices

Maybe, just maybe, there’s no Deep State plot to get Donald Trump after all. For more than a year, Trump’s backers have held out hope that a long-running investigation by the Justice Department’s inspector general would blow the lid off of a government-wide conspiracy. Learn about your ad choices: dovetail.prx.org/ad-choices

After filing for bankruptcy and closing more than 800 stores last year, Toys "R" Us is back. The iconic retailer has opened two new mall outposts, one in Texas and another in New Jersey, in time for the holidays. The stores are packed with some of the most kid-coveted products of the year, but have been garnering attention for another reason: the surveillance technology they’re using. Learn about your ad choices: dovetail.prx.org/ad-choices

The trade war between China and the US has centered largely on escalating tariffs. But in many rural communities, the focus has shifted to the security of networks for which Chinese giants Huawei and ZTE have long provided equipment. As the 5G future approaches, the US is pushing small carriers to rip out and replace whatever parts of their infrastructure come from China, no matter the cost. Learn about your ad choices: dovetail.prx.org/ad-choices

Email has long been a major weak link for security; the Democratic National Committee and Hillary Clinton's campaign were infamously both compromised by Russian hackers through email-related phishing attacks ahead of the 2016 US elections. And with the 2020 campaign in full swing, a patched flaw in Microsoft Outlook is still giving attackers an opening. Learn about your ad choices: dovetail.prx.org/ad-choices

If you call your hacking conglomerate Evil Corp and steal tens of millions of dollars from banks and individuals over the course of a decade, you can probably expect an indictment at some point. For alleged Evil Corp leader Maksim Yakubets, it came this week, as US and UK authorities charged him and an associate with hacking thefts that totaled over $100 million. A separate criminal complaint also ties Yakubets to the infamous Zeus trojan. Learn about your ad choices: dovetail.prx.org/ad-choices

The prominent hacker and Ethereum developer Virgil Griffith was arrested by the US government Friday after he spoke at an April conference on blockchain technologies in North Korea. The US government considers his presentation to be a transfer of technology—and therefore a violation of US sanctions. But Griffith's defenders, including Ethereum founder Vitalik Buterin, describe the arrest as a massive overreaction. Griffith worked for the Ethereum Foundation, and Buterin called him a friend. Learn about your ad choices: dovetail.prx.org/ad-choices

Ewoks. Just saying the name evokes myriad emotions in Star Wars fans. For some, the bear-like creatures that first appeared in 1983’s Star Wars: Return of the Jedi are part of the franchise’s rich tapestry. Others consider the Ewoks a blight and would prefer they not exist at all. (Some fan edits of Return of the Jedi excise the Ewoks entirely, for crying out loud.) They’re the most controversial inhabitants of the Star Wars universe this side of Jar Jar Binks. Learn about your ad choices: dovetail.prx.org/ad-choices

What was the last thing you searched for online? For me, it was "$120 in pounds." Before that, I wanted to know the capital of Albania (Tirana), the Twitter handle of Liberal Democrat deputy leader Ed Davey (he’s @EdwardJDavey), and dates of bank holidays in the UK for 2019 (it’s a late Easter next year, folks). Thrilling, I’m sure you’ll agree. But something makes these searches, in internet terms, a bit unusual. Shock, horror, I didn’t use Google. I used DuckDuckGo. Learn about your ad choices: dovetail.prx.org/ad-choices

As we draw ever-closer to Black Friday, Cyber Monday, and all the shopping days in between, you'll have no shortage of cheap, flashy, internet-connected gadgets to choose from for holiday gifts. But in the frenzy, don't forget that the widgets you buy will live at recipients' houses—or on their wrists—for months or years to come. With that in mind, it's worth considering security and privacy risks involved, so you know what you're getting people into before they unwrap the box. Learn about your ad choices: dovetail.prx.org/ad-choices

For almost three years starting in the fall of 2015, a 56-year-old Chinese-American tour guide named Xueha "Edward" Peng would periodically carry out a strange errand: Every few months, he'd book a room at a certain designated hotel—first in California and later in Georgia—and leave $10,000 or $20,000 in cash in the room, inside a dresser drawer or taped to the bottom of a desk or TV stand. Learn about your ad choices: dovetail.prx.org/ad-choices

Devin Nunes, the top Republican on the House Intelligence Committee, said Thursday that the impeachment inquiry had “poisoned the minds of fanatics,” and he was absolutely right—but not quite in the way that he meant. His comments, aimed at Democrats, instead came across in the hearing as projection, a sad summation of the intellectual rot that has spread through his own party during the Trump age. Learn about your ad choices: dovetail.prx.org/ad-choices

In the Harry Potter universe, there’s a handy spell for when you need to stop someone from spilling your secret plans or shit-talking during a duel. It’s called Mimblewimble, otherwise known as the tongue-tying curse. It’s also the name of a privacy technology designed for cryptocurrencies—because, well, somebody’s gotta keep crypto weird. The first coins to use Mimblewimble—distinct efforts called Grin and Beam—both launched in January. Learn about your ad choices: dovetail.prx.org/ad-choices

Black Friday attracts crowds, and crowds attract scammers, and that means you need to take extra care when shopping online over the Black Friday and Cyber Monday weekend. There'll be people out there keen to relieve you of more money than you'll save on a TV set or a gaming console. The following precautions apply whatever the time of year, but it's worth reminding yourself of them every time a serious holiday season comes around. Learn about your ad choices: dovetail.prx.org/ad-choices

Learn about your ad choices: dovetail.prx.org/ad-choices

Users increasingly encounter moments when a website asks for permission to gather some personal data or access to their device hardware: "Can we access your GPS position? Your microphone or camera? Your Bluetooth? Can we send you push notifications about breaking news or premium chocolate subscription offers?" Permissions, as these asks are known, give the web exciting powers. Learn about your ad choices: dovetail.prx.org/ad-choices

Iranian hackers have carried out some of the most disruptive acts of digital sabotage of the last decade, wiping entire computer networks in waves of cyberattacks across the Middle East and occasionally even the US. But now one of Iran's most active hacker groups appears to have shifted focus. Rather than just standard IT networks, they're targeting the physical control systems used in electric utilities, manufacturing, and oil refineries. Learn about your ad choices: dovetail.prx.org/ad-choices

The reports came just a few days after Disney+ launched: Thousands of the streaming service accounts were already up for sale on various hacking forums, at bargain basement prices. As of Wednesday, new victims were still taking to Twitter and other venues to express their frustration that their accounts had been taken over. What’s happening almost certainly isn’t a hack in the way you’d normally think of it. Learn about your ad choices: dovetail.prx.org/ad-choices

Back in 2012, the US Supreme Court ruled that it's illegal for the police to attach a GPS tracking device to someone's car without a warrant. But what if you find a GPS tracking device on your car? Can you remove it? ARS TECHNICA This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast. Learn about your ad choices: dovetail.prx.org/ad-choices

It's increasingly common for the data that passes between your browser and a website's server to be encrypted with HTTPS, which makes it impossible for outside snoops to read. But you don't get that protection if the URL drops that crucial "S" after HTTP. And while some mechanisms do redirect you to an encrypted version of a site, they often do so only after exposing that initial request. The makers of the privacy-focused search engine DuckDuckGo think there's a better way. Learn about your ad choices: dovetail.prx.org/ad-choices

Android users are groaning and websites are moaning, but first: a cartoon about what to do with a broken laptop. Here's the news you need to know, in two minutes or less. Want to receive this two-minute roundup as an email every weekday? Sign up here! Today’s News 146 new vulnerabilities all come preinstalled on Android phones Security firm Kryptowire discovered 146 vulnerabilities—across 29 Android smartphone makers—that exist before the phones are even taken out of the box. Learn about your ad choices: dovetail.prx.org/ad-choices

When you buy an Android smartphone, it’s rarely pure Android. Manufacturers squeeze in their own apps or give it a fresh coat of interface. Carriers do it too. The resulting stew of preinstalled software and vanilla Android sometimes turns out to be rancid, putting flaws and vulnerabilities on the phone before you even take it out of the box. Learn about your ad choices: dovetail.prx.org/ad-choices

Learn about your ad choices: dovetail.prx.org/ad-choices

In 2016 Brendan Eich, the controversial creator of the JavaScript programming language and cofounder and former CTO of Mozilla, announced the launch of a new browser called Brave. The pitch was simple but ambitious: Brave would block invasive ads and tracking scripts, but it would also show its own, privacy-friendly ads in their place. And it would cut both publishers and users in on the proceeds. Nearly four years later, that vision is finally in place. Learn about your ad choices: dovetail.prx.org/ad-choices

Android has a bit of a malware problem. The open ecosystem's flexibility also makes it relatively easy for tainted apps to circulate on third-party app stores or malicious websites. Worse still, malware-ridden apps sneak into the official Play Store with disappointing frequency. After grappling with the issue for a decade, Google is calling in some reinforcements. Learn about your ad choices: dovetail.prx.org/ad-choices

It's not yet prime time for 5G networks, which still face logistical and technical hurdles, but they're increasingly coming online in major cities worldwide. Which is why it's especially worrying that new 5G vulnerabilities are being discovered almost by the dozen. At the Association for Computing Machinery's Conference on Computer and Communications Security in London today researchers are presenting new findings that the 5G specification still has vulnerabilities. Learn about your ad choices: dovetail.prx.org/ad-choices

In charges released Wednesday, the Justice Department accused two former Twitter employees, Ahmad Abouammo and Ali Alzabarah, of abusing their internal system privileges to spy on target users and pass the information they collected to Saudi Arabia. The criminal complaint also alleges that it was trivial for them to do so—a chilling reminder of how much damage an insider can cause. Learn about your ad choices: dovetail.prx.org/ad-choices

Valentine’s Day is a high-pressure event dreaded by millions—precisely the type of holiday you may not want to relive, unless you sell flowers for a living. But that’s exactly what happened to many people across the United States on Thursday, when they awoke to find that their phones had suddenly sent or received text messages originally intended to be sent around February 14. Learn about your ad choices: dovetail.prx.org/ad-choices

Pour one out for the OG Google Pixel 1. This month's Android security patches are out, and while you'll find bulletins covering the Pixel 2, 3, and 4, the original Google Pixel didn't make the cut. Google is ending support this month. ARS TECHNICA This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast. Learn about your ad choices: dovetail.prx.org/ad-choices

Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning that the computer is running a pirated version of Windows that has been hacked. The message, which appears without any any user interaction upon visiting a site, reads: Please stop and do not close the PC … The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. Learn about your ad choices: dovetail.prx.org/ad-choices

With hackers deploying sophisticated attacks against operating systems, processors, and even firmware, manufacturers have increasingly turned to a tamper-resistant processor—or part of one—often called a "secure enclave" to stymie all sorts of attacks. They place in that immutable chip the "root of trust" on a device, relying on it to run cryptographic checks every time the system starts to make sure nothing has been subtly, maliciously altered. Learn about your ad choices: dovetail.prx.org/ad-choices