Google

ios-18-brings-rcs-to-major-carrier-iphones,-but-prepaid-plans-are-still-waiting

iOS 18 brings RCS to major carrier iPhones, but prepaid plans are still waiting

Not exactly flipping the switch —

A future iOS update may be needed to unlock better Apple-to-Android messages.

Thumb hovering over the Messages app on an iPhone

Enlarge / Illustration of a person who refuses to check their iPhone’s messages until RCS is enabled on their MVNO carrier, out of respect for their Android-toting friends and family.

Getty Images

The future of inter-OS mobile messaging is here, it’s just unevenly distributed.

With iOS 18, Apple has made it possible for non-Apple phones to message with iPhones through Rich Communication Services (RCS). This grants upgrades from standard SMS text messages, like read receipts, easier and higher-quality media sending, typing indicators, and emoji/response compatibility. More than that, it allows for messaging while on Wi-Fi without cellular services and makes group messages far less painful to navigate and leave. Notably, RCS messages between iPhones and non-iPhones will not be encrypted, like Apple’s private iMessage service available exclusively between Apple devices.

iOS 18 makes these RCS upgrades possible, but certainly not guaranteed, at least as of today. Lots of people have already been enjoying cross-platform RCS messaging when texting with iOS 18 beta users. And iPhones on the big carriers’ plans can now trade RCS with Android users. But some iPhone users, particularly on mobile virtual network operators (MVNOs)—typically pre-paid services that do not own network hardware but resell major carrier access—do not have an RCS option available to them yet.

Google, a major proponent of Apple adopting RCS, confirmed to Ars that Google Fi, its own MVNO cellular service, does not, as of this writing, offer RCS chat for iPhone users on Fi messaging with Android users. Android users on Google Fi can use RCS with iPhones on other carriers, so long as that iPhone has “RCS interoperability enabled.”

Reading between the lines, you might conclude that Google is waiting on Apple to enable RCS on a network-by-network basis, both for Fi and for Android users at large. And a Google spokesperson would suggest that is correct.

“We have been working for a long time to accelerate the adoption of RCS, and are excited that Apple is taking steps to adopt RCS with the launch of iOS 18,” a Google spokesperson said in a statement. “Only Apple has the ability to enable RCS interoperability for iPhone users on Fi, and our hope is that they will do so in the near future.”

Ars has contacted Apple, along with carriers Mint Mobile and Boost Mobile, for comment on RCS availability across carriers and will update this post with new information. Some customers of MVNOs offered by the major carriers themselves, like those on Visible from Verizon, have reported having RCS access with iOS 18 installed.

Apple got the message, kept it green

Users of other MVNOs have asked on Reddit why their upgrade from basic SMS to RCS did not occur during the iOS 18 betas. A co-founder and current CFO of Mint Mobile said on September 9 that it would “be a few months, unfortunately,” as the “backend transition is taking some time… Believe me, we want this out as soon as we can,” wrote Rizwan Kassim.

A moderator for the Mint Mobile subreddit suggested that the backend transition involves carriers setting up a relay API for messages, adding that to the “carrier bundle” they deliver to customers and then providing Apple with information it can add to a future iOS update.

If you have an iPhone that isn’t on one of the major carriers’ primary plans (AT&T, T-Mobile, or Verizon) and want to check if RCS should be available, you can do that in Settings. Head to General, choose About, and scroll down to the Carrier line under your active SIM or eSIM. Tap the “Carrier” line until you see “IMS Status.” If it reads “Voice & SMS,” you don’t have RCS yet, but if you see “Voice, SMS & RCS,” you do.

The version of RCS that iPhone and Android users might use now, or soon, is the “RCS Universal Profile,” which does not include the encryption that Google’s own messaging apps provide over RCS. Google’s “Get the Message” campaign tried to shame Apple into adopting RCS. The related site notes that “Apple is starting to #GetTheMessage” with RCS adoption but that iPhone users will have to “check with your carrier” to turn on the feature.

Apple announced RCS support in November 2023. The company’s choice of a particularly strong green color to denote messages that are not going over its own iMessage servers—but culturally associated with Android—have inspired both a notable Drake track, a wild month of efforts by messaging startup Beeper to work around its Apple-only nature, and a portion of the Department of Justice’s antitrust lawsuit against Apple. RCS support, whenever it arrives for whatever carrier, will not change the color of cross-platform messages.

iOS 18 brings RCS to major carrier iPhones, but prepaid plans are still waiting Read More »

1.3-million-android-based-tv-boxes-backdoored;-researchers-still-don’t-know-how

1.3 million Android-based TV boxes backdoored; researchers still don’t know how

CAUSE UNKNOWN —

Infection corrals devices running AOSP-based firmware into a botnet.

1.3 million Android-based TV boxes backdoored; researchers still don’t know how

Getty Images

Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries.

Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they can be updated with additional malware at any time by command-and-control servers. Google representatives said the infected devices are running operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version restricted to licensed device makers.

Dozens of variants

Although Doctor Web has a thorough understanding of Vo1d and the exceptional reach it has achieved, company researchers say they have yet to determine the attack vector that has led to the infections.

“At the moment, the source of the TV boxes’ backdoor infection remains unknown,” Thursday’s post stated. “One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges. Another possible vector could be the use of unofficial firmware versions with built-in root access.”

The following device models infected by Vo1d are:

TV box model Declared firmware version
R4 Android 7.1.2; R4 Build/NHG47K
TV BOX Android 12.1; TV BOX Build/NHG47K
KJ-SMART4KVIP Android 10.1; KJ-SMART4KVIP Build/NHG47K

One possible cause of the infections is that the devices are running outdated versions that are vulnerable to exploits that remotely execute malicious code on them. Versions 7.1, 10.1, and 12.1, for example, were released in 2016, 2019, and 2022, respectively. What’s more, Doctor Web said it’s not unusual for budget device manufacturers to install older OS versions in streaming boxes and make them appear more attractive by passing them off as more up-to-date models.

Further, while only licensed device makers are permitted to modify Google’s AndroidTV, any device maker is free to make changes to open source versions. That leaves open the possibility that the devices were infected in the supply chain and were already compromised by the time they were purchased by the end user.

“These off-brand devices discovered to be infected were not Play Protect certified Android devices,” Google said in a statement. “If a device isn’t Play Protect certified, Google doesn’t have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety.”

The statement said people can confirm a device runs Android TV OS by checking this link and following the steps listed here.

Doctor Web said that there are dozens of Vo1d variants that use different code and plant malware in slightly different storage areas, but that all achieve the same end result of connecting to an attacker-controlled server and installing a final component that can install additional malware when instructed. VirusTotal shows that most of the Vo1d variants were first uploaded to the malware identification site several months ago.

Researchers wrote:

All these cases involved similar signs of infection, so we will describe them using one of the first requests we received as an example. The following objects were changed on the affected TV box:

  • install-recovery.sh
  • daemonsu

In addition, 4 new files emerged in its file system:

  • /system/xbin/vo1d
  • /system/xbin/wd
  • /system/bin/debuggerd
  • /system/bin/debuggerd_real

The vo1d and wd files are the components of the Android.Vo1d trojan that we discovered.

The trojan’s authors probably tried to disguise one if its components as the system program /system/bin/vold, having called it by the similar-looking name “vo1d” (substituting the lowercase letter “l” with the number “1”). The malicious program’s name comes from the name of this file. Moreover, this spelling is consonant with the English word “void”.

The install-recovery.sh file is a script that is present on most Android devices. It runs when the operating system is launched and contains data for autorunning the elements specified in it. If any malware has root access and the ability to write to the /system system directory, it can anchor itself in the infected device by adding itself to this script (or by creating it from scratch if it is not present in the system). Android.Vo1d has registered the autostart for the wd component in this file.

The modified install-recovery.sh file

The modified install-recovery.sh file

Doctor Web

The daemonsu file is present on many Android devices with root access. It is launched by the operating system when it starts and is responsible for providing root privileges to the user. Android.Vo1d registered itself in this file, too, having also set up autostart for the wd module.

The debuggerd file is a daemon that is typically used to create reports on occurred errors. But when the TV box was infected, this file was replaced by the script that launches the wd component.

The debuggerd_real file in the case we are reviewing is a copy of the script that was used to substitute the real debuggerd file. Doctor Web experts believe that the trojan’s authors intended the original debuggerd to be moved into debuggerd_real to maintain its functionality. However, because the infection probably occurred twice, the trojan moved the already substituted file (i.e., the script). As a result, the device had two scripts from the trojan and not a single real debuggerd program file.

At the same time, other users who contacted us had a slightly different list of files on their infected devices:

  • daemonsu (the vo1d file analogue — Android.Vo1d.1);
  • wd (Android.Vo1d.3);
  • debuggerd (the same script as described above);
  • debuggerd_real (the original file of the debuggerd tool);
  • install-recovery.sh (a script that loads objects specified in it).

An analysis of all the aforementioned files showed that in order to anchor Android.Vo1d in the system, its authors used at least three different methods: modification of the install-recovery.sh and daemonsu files and substitution of the debuggerd program. They probably expected that at least one of the target files would be present in the infected system, since manipulating even one of them would ensure the trojan’s successful auto launch during subsequent device reboots.

Android.Vo1d’s main functionality is concealed in its vo1d (Android.Vo1d.1) and wd (Android.Vo1d.3) components, which operate in tandem. The Android.Vo1d.1 module is responsible for Android.Vo1d.3’s launch and controls its activity, restarting its process if necessary. In addition, it can download and run executables when commanded to do so by the C&C server. In turn, the Android.Vo1d.3 module installs and launches the Android.Vo1d.5 daemon that is encrypted and stored in its body. This module can also download and run executables. Moreover, it monitors specified directories and installs the APK files that it finds in them.

The geographic distribution of the infections is wide, with the biggest number detected in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria, and Indonesia.

A world map listing the number of infections found in various countries.

Enlarge / A world map listing the number of infections found in various countries.

Doctor Web

It’s not especially easy for less experienced people to check if a device is infected short of installing malware scanners. Doctor Web said its antivirus software for Android will detect all Vo1d variants and disinfect devices that provide root access. More experienced users can check indicators of compromise here.

1.3 million Android-based TV boxes backdoored; researchers still don’t know how Read More »

google-rolls-out-voice-powered-ai-chat-to-the-android-masses

Google rolls out voice-powered AI chat to the Android masses

Chitchat Wars —

Gemini Live allows back-and-forth conversation, now free to all Android users.

The Google Gemini logo.

Enlarge / The Google Gemini logo.

Google

On Thursday, Google made Gemini Live, its voice-based AI chatbot feature, available for free to all Android users. The feature allows users to interact with Gemini through voice commands on their Android devices. That’s notable because competitor OpenAI’s Advanced Voice Mode feature of ChatGPT, which is similar to Gemini Live, has not yet fully shipped.

Google unveiled Gemini Live during its Pixel 9 launch event last month. Initially, the feature was exclusive to Gemini Advanced subscribers, but now it’s accessible to anyone using the Gemini app or its overlay on Android.

Gemini Live enables users to ask questions aloud and even interrupt the AI’s responses mid-sentence. Users can choose from several voice options for Gemini’s responses, adding a level of customization to the interaction.

Gemini suggests the following uses of the voice mode in its official help documents:

Talk back and forth: Talk to Gemini without typing, and Gemini will respond back verbally.

Brainstorm ideas out loud: Ask for a gift idea, to plan an event, or to make a business plan.

Explore: Uncover more details about topics that interest you.

Practice aloud: Rehearse for important moments in a more natural and conversational way.

Interestingly, while OpenAI originally demoed its Advanced Voice Mode in May with the launch of GPT-4o, it has only shipped the feature to a limited number of users starting in late July. Some AI experts speculate that a wider rollout has been hampered by a lack of available computer power since the voice feature is presumably very compute-intensive.

To access Gemini Live, users can reportedly tap a new waveform icon in the bottom-right corner of the app or overlay. This action activates the microphone, allowing users to pose questions verbally. The interface includes options to “hold” Gemini’s answer or “end” the conversation, giving users control over the flow of the interaction.

Currently, Gemini Live supports only English, but Google has announced plans to expand language support in the future. The company also intends to bring the feature to iOS devices, though no specific timeline has been provided for this expansion.

Google rolls out voice-powered AI chat to the Android masses Read More »

unicode-16.0-release-with-new-emoji-brings-character-count-to-154,998

Unicode 16.0 release with new emoji brings character count to 154,998

right there with you, bags-under-eyes emoji —

New designs will roll out to phones, tablets, and PCs over the next few months.

Emojipedia sample images of the new Unicode 16.0 emoji.

Enlarge / Emojipedia sample images of the new Unicode 16.0 emoji.

The Unicode Consortium has finalized and released version 16.0 of the Unicode standard, the elaborate character set that ensures that our phones, tablets, PCs, and other devices can all communicate and interoperate with each other. The update adds 5,185 new characters to the standard, bringing the total up to a whopping 154,998.

Of those 5,185 characters, the ones that will get the most attention are the eight new emoji characters, including a shovel, a fingerprint, a leafless tree, a radish (formally classified as “root vegetable”), a harp, a purple splat that evokes the ’90s Nickelodeon logo, and a flag for the island of Sark. The standout, of course, is “face with bags under eyes,” whose long-suffering thousand-yard stare perfectly encapsulates the era it has been born into. Per usual, Emojipedia has sample images that give you some idea of what these will look like when they’re implemented by various operating systems, apps, and services.

Unicode 16.0 also adds support for seven new modern and historical scripts: the West African Garay alphabet; the Gurung Khema, Kirat Rai, Ol Onal, and Sunuwar scripts from Northeast India and Nepal; and historical Todhri and Tulu-Tigalari scripts from Albania and Southwest India, respectively.

We last got new emoji in 2023’s Unicode 15.1 update, though all of these designs were technically modifications of existing emoji rather than new characters—many emoji, most notably for skin and hair color variants, use a base emoji plus a modifier emoji, combined together with a “zero-width joiner” (ZWJ) character that makes them display as one character instead. The lime emoji in Unicode 15.1 was actually a lemon emoji combined with the color green; the phoenix was a regular bird joined to the fire emoji. This was likely because 15.1 was only intended as a minor update to 2022’s Unicode 15.0 standard.

Most of the Unicode 16.0 emoji, by contrast, are their own unique characters. The one exception is the Sark flag emoji; flag sequences are created by placing two “regional indicator letters” directly next to each other and don’t require a ZWJ character between them.

Incorporation into the Unicode standard is only the first step that new emoji and other characters take on their journey from someone’s mind to your phone or computer; software makers like Apple, Google, Microsoft, Samsung, and others need to design iterations that fit with their existing spin on the emoji characters, they need to release software updates that use the new characters, and people need to download and install them.

We’ve seen a few people share on social media that the Unicode 16.0 release includes a “greenwashing” emoji designed by Shepard Fairey, an artist best known for the 2008 Barack Obama “Hope” poster. This emoji, and an attempt to gin up controversy around it, is all an elaborate hoax: there’s a fake Unicode website announcing it, a fake lawsuit threat that purports to be from a real natural gas industry group, and a fake Cory Doctorow article about the entire “controversy” published in a fake version of Wired. These were all published to websites with convincing-looking but fake domains, all registered within a couple of weeks of each other in August 2024. The face-with-bags-under-eyes emoji feels like an appropriate response.

Unicode 16.0 release with new emoji brings character count to 154,998 Read More »

android-apps-are-blocking-sideloading-and-forcing-google-play-versions-instead

Android apps are blocking sideloading and forcing Google Play versions instead

Only way in now is through the roof —

“Select Play Partners” can block unofficial installation of their apps.

Image from an Android phone, suggesting user

Enlarge / It’s never explained what this collection of app icons quite represents. A disorganized app you tossed together by sideloading? A face that’s frowning because it’s rolling down a bar held up by app icons? It’s weird, but not quite evocative.

You might sideload an Android app, or manually install its APK package, if you’re using a custom version of Android that doesn’t include Google’s Play Store. Alternately, the app might be experimental, under development, or perhaps no longer maintained and offered by its developer. Until now, the existence of sideload-ready APKs on the web was something that seemed to be tolerated, if warned against, by Google.

This quiet standstill is being shaken up by a new feature in Google’s Play Integrity API. As reported by Android Authority, developer tools to push “remediation” dialogs during sideloading debuted at Google’s I/O conference in May, have begun showing up on users’ phones. Sideloaders of apps from the British shop Tesco, fandom app BeyBlade X, and ChatGPT have reported “Get this app from Play” prompts, which cannot be worked around. An Android gaming handheld user encountered a similarly worded prompt from Diablo Immortal on their device three months ago.

Google’s Play Integrity API is how apps have previously blocked access when loaded onto phones that are in some way modified from a stock OS with all Google Play integrations intact. Recently, a popular two-factor authentication app blocked access on rooted phones, including the security-minded GrapheneOS. Apps can call the Play Integrity API and get back an “integrity verdict,” relaying if the phone has a “trustworthy” software environment, has Google Play Protect enabled, and passes other software checks.

Graphene has questioned the veracity of Google’s Integrity API and SafetyNet Attestation systems, recommending instead standard Android hardware attestation. Rahman notes that apps do not have to take an all-or-nothing approach to integrity checking. Rather than block installation entirely, apps could call on the API only during sensitive actions, issuing a warning there. But not having a Play Store connection can also deprive developers of metrics, allow for installation on incompatible devices (and resulting bad reviews), and, of course, open the door to paid app piracy.

Google

“Unknown distribution channels” blocked

Google’s developer video about “Automatic integrity protection” (at the 12-minute, 24-second mark on YouTube) notes that “select” apps have access to automatic protection. This adds an automatic checking tool to your app and the “strongest version of Google Play’s anti-tamper protection.” “If users get your protected app from an unknown distribution channel,” a slide in the presentation reads, “they’ll be prompted to get it from Google Play,” available to “select Play Partners.”

Last year, Google introduced malware scanning of sideloaded apps at install time. Google and Apple have come out against legislation that would broaden sideloading rights for smartphone owners, citing security and reliability concerns. European regulators forced Apple earlier this year to allow for sideloading apps and app stores, though with fees and geographical restrictions in place.

Android apps are blocking sideloading and forcing Google Play versions instead Read More »

google’s-ad-tech-empire-may-be-$95b-and-“too-big”-to-sell,-analysts-warn-doj

Google’s ad tech empire may be $95B and “too big” to sell, analysts warn DOJ

“Impossible to negotiate” —

Google Ad Manager is key to ad tech monopoly, DOJ aims to prove.

A staffer with the Paul, Weiss legal firm wheels boxes of legal documents into the Albert V. Bryan US Courthouse at the start of a Department of Justice antitrust trial against Google over its advertiing business in Alexandria, Virginia, on September 9, 2024. Google faces its second major antitrust trial in less than a year, with the US government accusing the tech giant of dominating online advertising and stifling competition.

Enlarge / A staffer with the Paul, Weiss legal firm wheels boxes of legal documents into the Albert V. Bryan US Courthouse at the start of a Department of Justice antitrust trial against Google over its advertiing business in Alexandria, Virginia, on September 9, 2024. Google faces its second major antitrust trial in less than a year, with the US government accusing the tech giant of dominating online advertising and stifling competition.

Just a couple of days into the Google ad tech antitrust trial, it seems clear that the heart of the US Department of Justice’s case is proving that Google Ad Manager is the key to the tech giant’s alleged monopoly.

Google Ad Manager is the buy-and-sell side ad tech platform launched following Google’s acquisition of DoubleClick and AdX in 2008 for $3 billion. It is currently used to connect Google’s publisher ad servers with its ad exchanges, tying the two together in a way that allegedly locks the majority of publishers into paying higher fees on the publisher side because they can’t afford to drop Google’s ad exchange.

The DOJ has argued that Google Ad Manager “serves 90 percent of publishers that use the ad tech tools to sell their online ad inventory,” AdAge reported, and through it, Google clearly wields monopoly powers.

In her opening statement, DOJ attorney Julia Tarver Wood argued that acquisitions helped Google manipulate the rules of ad auctions to maximize profits while making it harder for rivals to enter and compete in the markets Google allegedly monopolized. The DOJ has argued those alleged monopolies are in markets “for publisher ad servers, advertiser ad networks, and the ad exchanges that connect the two,” Reuters reported.

Google has denied this characterization of its ad tech dominance, calling the DOJ’s market definitions too narrow. The tech company also pointed out that the Federal Trade Commission (FTC) investigated and unconditionally approved the DoubleClick merger in 2007, amidst what the FTC described as urgent “high profile public discussions of the competitive merits of the transaction, in which numerous (sometimes conflicting) theories of competitive harm were proposed.” At that time, the FTC concluded that the acquisition “was unlikely to reduce competition in any relevant antitrust market.”

But in its complaint, the DOJ argued that the DoubleClick “acquisition vaulted Google into a commanding position over the tools publishers use to sell advertising opportunities, complementing Google’s existing tool for advertisers, Google Ads, and set the stage for Google’s later exclusionary conduct across the ad tech industry.”

To set things right, at the very least, the DOJ has asked the court to order Google to spin off Google Ad Manager, which may or may not include valuable products like Google’s Display and Video 360 (DV360) platform. There is also the possibility that the US district judge, Leonie Brinkema, could order Google to sell off its ad tech business entirely.

One problem with those proposed remedies, analysts told AdAge, is that no one knows how big Google’s ad tech business really is or the actual value of Google Ad Manager.

Google Ad Manager could be worth less if Google’s DV360 platform isn’t included in the sale or if selling either the publisher or advertiser side cuts out data allowing Google to set the prices that it wants. The CEO of an ad platform called Permutive, Joe Root, told AdAge that “it is hard to say how much of the value of Google’s ads business is because it has this advertiser product and DV360, versus how much of its value comes from Google Ad Manager alone.”

Root doubts that Google Ad Manager is “on its own that valuable.” However, based on “newly released documents for the trial,” some analysts predict that “any new entity spun out of Google” would be “almost too big for any buyer,” AdAge reported.

One estimate from an ad tech consultant who helms a strategic advisory firm called Luma Partners, Terence Kawaja, suggested that Google’s ad tech business as a standalone company “could be worth up to $95 billion” today, AdAge reported.

“You can’t divest $100 billion,” Kawaja said. “There is no buyer for it. [Google] would have to spin it off to shareholders, that’s how any forced remedy would manifest.”

Google’s ad tech empire may be $95B and “too big” to sell, analysts warn DOJ Read More »

ai-ruling-on-jobless-claims-could-make-mistakes-courts-can’t-undo,-experts-warn

AI ruling on jobless claims could make mistakes courts can’t undo, experts warn

AI ruling on jobless claims could make mistakes courts can’t undo, experts warn

Nevada will soon become the first state to use AI to help speed up the decision-making process when ruling on appeals that impact people’s unemployment benefits.

The state’s Department of Employment, Training, and Rehabilitation (DETR) agreed to pay Google $1,383,838 for the AI technology, a 2024 budget document shows, and it will be launched within the “next several months,” Nevada officials told Gizmodo.

Nevada’s first-of-its-kind AI will rely on a Google cloud service called Vertex AI Studio. Connecting to Google’s servers, the state will fine-tune the AI system to only reference information from DETR’s database, which officials think will ensure its decisions are “more tailored” and the system provides “more accurate results,” Gizmodo reported.

Under the contract, DETR will essentially transfer data from transcripts of unemployment appeals hearings and rulings, after which Google’s AI system will process that data, upload it to the cloud, and then compare the information to previous cases.

In as little as five minutes, the AI will issue a ruling that would’ve taken a state employee about three hours to reach without using AI, DETR’s information technology administrator, Carl Stanfield, told The Nevada Independent. That’s highly valuable to Nevada, which has a backlog of more than 40,000 appeals stemming from a pandemic-related spike in unemployment claims while dealing with “unforeseen staffing shortages” that DETR reported in July.

“The time saving is pretty phenomenal,” Stanfield said.

As a safeguard, the AI’s determination is then reviewed by a state employee to hopefully catch any mistakes, biases, or perhaps worse, hallucinations where the AI could possibly make up facts that could impact the outcome of their case.

Google’s spokesperson Ashley Simms told Gizmodo that the tech giant will work with the state to “identify and address any potential bias” and to “help them comply with federal and state requirements.” According to the state’s AI guidelines, the agency must prioritize ethical use of the AI system, “avoiding biases and ensuring fairness and transparency in decision-making processes.”

If the reviewer accepts the AI ruling, they’ll sign off on it and issue the decision. Otherwise, the reviewer will edit the decision and submit feedback so that DETR can investigate what went wrong.

Gizmodo noted that this novel use of AI “represents a significant experiment by state officials and Google in allowing generative AI to influence a high-stakes government decision—one that could put thousands of dollars in unemployed Nevadans’ pockets or take it away.”

Google declined to comment on whether more states are considering using AI to weigh jobless claims.

AI ruling on jobless claims could make mistakes courts can’t undo, experts warn Read More »

doj-claims-google-has-“trifecta-of-monopolies”-on-day-1-of-ad-tech-trial

DOJ claims Google has “trifecta of monopolies” on Day 1 of ad tech trial

Karen Dunn, one of the lawyers representing Google, outside of the Albert V. Bryan US Courthouse at the start of a Department of Justice antitrust trial against Google over its advertiing business in Alexandria, Virginia, on September 9, 2024.

Enlarge / Karen Dunn, one of the lawyers representing Google, outside of the Albert V. Bryan US Courthouse at the start of a Department of Justice antitrust trial against Google over its advertiing business in Alexandria, Virginia, on September 9, 2024.

On Monday, the US Department of Justice’s next monopoly trial against Google started in Virginia—this time challenging the tech giant’s ad tech dominance.

The trial comes after Google lost two major cases that proved Google had a monopoly in both general search and the Android app store. During her opening statement, DOJ lawyer Julia Tarver Wood told US District Judge Leonie Brinkema—who will be ruling on the case after Google cut a check to avoid a jury trial—that “it’s worth saying the quiet part out loud,” AP News reported.

“One monopoly is bad enough,” Wood said. “But a trifecta of monopolies is what we have here.”

In its complaint, the DOJ argued that Google broke competition in the ad tech space “by engaging in a systematic campaign to seize control of the wide swath of high-tech tools used by publishers, advertisers, and brokers, to facilitate digital advertising.”

The result of such “insidious” allegedly anti-competitive behavior is that today Google pockets at least 30 cents “of each advertising dollar flowing from advertisers to website publishers through Google’s ad tech tools … and sometimes far more,” the DOJ alleged.

Meanwhile, as Google profits off both advertisers and publishers, “website creators earn less, and advertisers pay more” than “they would in a market where unfettered competitive pressure could discipline prices and lead to more innovative ad tech tools,” the DOJ alleged.

On Monday, Wood told Brinkema that Google intentionally put itself in this position to “manipulate the rules of ad auctions to its own benefit,” The Washington Post reported.

“Publishers were understandably furious,” Wood said. “The evidence will show that they could do nothing.”

Wood confirmed that the DOJ planned to call several publishers as witnesses in the coming weeks to explain the harms caused. Expected to take the stand will be “executives from companies including USA Today, [Wall Street] Journal parent company News Corp., and the Daily Mail,” the Post reported.

The ad tech trial, which is expected to last four to six weeks, may be the most consequential of the monopoly trials Google has recently faced, experts have said.

That’s because during the DOJ’s trial proving Google’s monopoly in search, it remained unclear what remedies the DOJ sought. Some ways to destroy Google’s search monopoly could be “unlikely to create meaningful competition” or hurt Google’s bottom line, experts told Ars, but a more drastic order to spin out its Chrome browser or Android operating system could really impact Google’s revenue. It won’t be until December that the DOJ will even provide a rough outline of proposed remedies in that case, Reuters reported, with the judge not expected to rule until next August.

But the DOJ has been very clear about the remedies needed in the ad tech case, “asking Brinkema to order a divestment of Google’s Ad Manager suite of services, which is responsible for many of the rectangular ads that populate the tops and sides of webpages across the Internet,” the Post reported.

Because the most “obvious” remedy would be to require Google to sell off parts of its ad business, experts told AP News that the ad tech trial “could potentially be more harmful to Google” than the search trial. Perhaps at the furthest extreme, antitrust expert Shubha Ghosh told Ars that “if this case goes against Google as the last one did, it could set the stage for splitting it into separate search and advertising companies.”

In the DOJ’s complaint, prosecutors argued that it “is critical to restore competition in these markets by enjoining Google’s anticompetitive practices, unwinding Google’s anticompetitive acquisitions, and imposing a remedy sufficient both to deny Google the fruits of its illegal conduct and to prevent further harm to competition in the future.”

Ghosh said that undoing Google’s acquisitions could lead to Google no longer representing both advertisers’ and sellers’ interests in each ad auction—instead requiring Google to either pick a side or perhaps involve a broker.

Although the Post reported that Google has argued that “customers prefer the convenience of a one-stop shop,” the DOJ hopes to prove that Google’s alleged monopoly has shuttered newspapers across the US and threatens to do more harm if left unchecked.

DOJ claims Google has “trifecta of monopolies” on Day 1 of ad tech trial Read More »

harmful-“nudify”-websites-used-google,-apple,-and-discord-sign-on-systems

Harmful “nudify” websites used Google, Apple, and Discord sign-on systems

Harmful “nudify” websites used Google, Apple, and Discord sign-on systems

Major technology companies, including Google, Apple, and Discord, have been enabling people to quickly sign up to harmful “undress” websites, which use AI to remove clothes from real photos to make victims appear to be “nude” without their consent. More than a dozen of these deepfake websites have been using login buttons from the tech companies for months.

A WIRED analysis found 16 of the biggest so-called undress and “nudify” websites using the sign-in infrastructure from Google, Apple, Discord, Twitter, Patreon, and Line. This approach allows people to easily create accounts on the deepfake websites—offering them a veneer of credibility—before they pay for credits and generate images.

While bots and websites that create nonconsensual intimate images of women and girls have existed for years, the number has increased with the introduction of generative AI. This kind of “undress” abuse is alarmingly widespread, with teenage boys allegedly creating images of their classmates. Tech companies have been slow to deal with the scale of the issues, critics say, with the websites appearing highly in search results, paid advertisements promoting them on social media, and apps showing up in app stores.

“This is a continuation of a trend that normalizes sexual violence against women and girls by Big Tech,” says Adam Dodge, a lawyer and founder of EndTAB (Ending Technology-Enabled Abuse). “Sign-in APIs are tools of convenience. We should never be making sexual violence an act of convenience,” he says. “We should be putting up walls around the access to these apps, and instead we’re giving people a drawbridge.”

The sign-in tools analyzed by WIRED, which are deployed through APIs and common authentication methods, allow people to use existing accounts to join the deepfake websites. Google’s login system appeared on 16 websites, Discord’s appeared on 13, and Apple’s on six. X’s button was on three websites, with Patreon and messaging service Line’s both appearing on the same two websites.

WIRED is not naming the websites, since they enable abuse. Several are part of wider networks and owned by the same individuals or companies. The login systems have been used despite the tech companies broadly having rules that state developers cannot use their services in ways that would enable harm, harassment, or invade people’s privacy.

After being contacted by WIRED, spokespeople for Discord and Apple said they have removed the developer accounts connected to their websites. Google said it will take action against developers when it finds its terms have been violated. Patreon said it prohibits accounts that allow explicit imagery to be created, and Line confirmed it is investigating but said it could not comment on specific websites. X did not reply to a request for comment about the way its systems are being used.

In the hours after Jud Hoffman, Discord vice president of trust and safety, told WIRED it had terminated the websites’ access to its APIs for violating its developer policy, one of the undress websites posted in a Telegram channel that authorization via Discord was “temporarily unavailable” and claimed it was trying to restore access. That undress service did not respond to WIRED’s request for comment about its operations.

Harmful “nudify” websites used Google, Apple, and Discord sign-on systems Read More »

google-avoids-“link-tax”-bill-with-deal-to-fund-california-journalism-and-ai

Google avoids “link tax” bill with deal to fund California journalism and AI

Google funding for news orgs —

Critics say Google got off easy as it agrees to pay $55 million into news fund.

A large Google logo in the shape of a multi-colored G is seen outside Google's Mountain View offices.

Getty Images | Josh Edelson

Google has agreed to fund local journalism and an artificial intelligence initiative in California as part of a deal that would reportedly result in lawmakers shelving a proposal to require Google to pay news outlets for distributing their content. But the deal’s state financing requires legislative approval as part of California’s annual budget process and is drawing criticism from some lawmakers and a union for journalists.

Governor Gavin Newsom is on board, saying that the “agreement represents a major breakthrough in ensuring the survival of newsrooms and bolstering local journalism across California—leveraging substantial tech industry resources without imposing new taxes on Californians.” The deal “will provide nearly $250 million in public and private funding over the next five years, with the majority of funding going to newsrooms,” said an announcement by Assemblymember Buffy Wicks, a Democrat.

A “News Transformation Fund” would be created with funding from the state and Google and be administered by the UC Berkeley School of Journalism. The state would contribute $30 million the first year and $10 million in each of the next four years, according to a summary provided to Ars by Wicks’ office.

Google would contribute $55 million to the news fund over five years, consisting of $15 million the first year and $10 million in each of the next four years. The funds would be distributed to news organizations based on how many journalists they employ.

Google also agreed to provide $62.5 million over five years for a “National AI Innovation Accelerator.” Wicks’ office said the accelerator “will be administered in collaboration with a private nonprofit, and will provide organizations across industries and communities—from journalism, to the environment, to racial equity and beyond—with financial resources and other support to experiment with AI to assist them in their work.”

The “nearly $250 million” figure quoted by Wicks’ office includes a commitment from Google to continue funding the company’s existing journalism programs with $10 million annually for five years.

Union calls deal a “shakedown”

The Media Guild of the West union slammed the deal as a “shakedown” in a statement issued yesterday. The agreement is disappointing partly because it came “after two years of advocacy for strong antimonopoly action to start turning around the decline of local newsrooms,” the group said.

“The publishers who claim to represent our industry are celebrating an opaque deal involving taxpayer funds, a vague AI accelerator project that could very well destroy journalism jobs, and minimal financial commitments from Google to return the wealth this monopoly has stolen from our newsrooms,” the union said. “Not a single organization representing journalists and news workers agreed to this undemocratic and secretive deal with one of the businesses destroying our industry.”

Perhaps explaining why journalism and AI funding are part of the same agreement, Wicks’ office said the AI accelerator will “complement the work of the Journalism Fund by creating new tools to help journalists access and analyze public information.”

Google recently testified against pending legislation submitted by Wicks, known as the California Journalism Preservation Act. Google said the bill would “break the foundational principles of the open Internet, forcing platforms to pay publishers for sending valuable free traffic to them, which they choose to receive.” Google has called the bill a “link tax.”

Alphabet Chief Legal Officer Kent Walker praised the deal yesterday as “a collaborative framework to accelerate AI innovation and support local and national businesses and non-profit organizations.”

State funding faces opposition in Senate

Democratic State Senator Steve Glazer, who proposed a different bill aiming to fund local journalism, issued a statement criticizing the deal. “Google’s offer is completely inadequate and massively short of matching their settlement agreement in Canada in supporting on-the-ground local news reporting,” he said.

Glazer questioned why only Google was involved in the deal announcement, and not other tech companies. “There is a stark absence in this announcement of any support for journalism from Meta and Amazon,” Glazer said. “These platforms have captured the intimate data from Californians without paying for it. Their use of that data in advertising is the harm to news outlets that this agreement should mitigate.”

Senate President Pro Tempore Mike McGuire “questioned legislative support for the state’s share of the deal,” The New York Times wrote.

“We have concerns that this proposal lacks sufficient funding for newspapers and local media, and doesn’t fully address the inequities facing the industry,” McGuire, a Democrat, was quoted as saying. McGuire said the state Senate is “pursuing a global solution that would hold all of these companies accountable.”

News organizations have reported declines in Google referrals, a trend that may be worsened by how Google’s AI Overview feature displays search results.

Wicks’ announcement of the deal quoted several supporters in the publishing industry. “This is a first step toward what we hope will become a comprehensive program to sustain local news in the long term, and we will push to see it grow in future years,” the California News Publishers Association said.

There was also a supportive quote from OpenAI Chief Strategy Officer Jason Kwon: “A strong press is a key pillar of democracy, and we’re proud to be part of this partnership to utilize AI in support of local journalism across California. This initiative builds on our longstanding work to help newsrooms and journalists around the world leverage AI to improve workflows, better connect users to quality content, and help news organizations shape the future of this emerging technology.”

OpenAI is contributing technology to the agreement, but not any money, the summary from Wicks’ office said.

Google avoids “link tax” bill with deal to fund California journalism and AI Read More »

google-can’t-defend-shady-chrome-data-hoarding-as-“browser-agnostic,”-court-says

Google can’t defend shady Chrome data hoarding as “browser agnostic,” court says

Google can’t defend shady Chrome data hoarding as “browser agnostic,” court says

Chrome users who declined to sync their Google accounts with their browsing data secured a big privacy win this week after previously losing a proposed class action claiming that Google secretly collected personal data without consent from over 100 million Chrome users who opted out of syncing.

On Tuesday, the 9th US Circuit Court of Appeals reversed the prior court’s finding that Google had properly gained consent for the contested data collection.

The appeals court said that the US district court had erred in ruling that Google’s general privacy policies secured consent for the data collection. The district court failed to consider conflicts with Google’s Chrome Privacy Notice (CPN), which said that users’ “choice not to sync Chrome with their Google accounts meant that certain personal information would not be collected and used by Google,” the appeals court ruled.

Rather than analyzing the CPN, it appears that the US district court completely bought into Google’s argument that the CPN didn’t apply because the data collection at issue was “browser agnostic” and occurred whether a user was browsing with Chrome or not. But the appeals court—by a 3–0 vote—did not.

In his opinion, Circuit Judge Milan Smith wrote that the “district court should have reviewed the terms of Google’s various disclosures and decided whether a reasonable user reading them would think that he or she was consenting to the data collection.”

“By focusing on ‘browser agnosticism’ instead of conducting the reasonable person inquiry, the district court failed to apply the correct standard,” Smith wrote. “Viewed in the light most favorable to Plaintiffs, browser agnosticism is irrelevant because nothing in Google’s disclosures is tied to what other browsers do.”

Smith seemed to suggest that the US district court wasted time holding a “7.5-hour evidentiary hearing which included expert testimony about ‘whether the data collection at issue'” was “browser-agnostic.”

“Rather than trying to determine how a reasonable user would understand Google’s various privacy policies,” the district court improperly “made the case turn on a technical distinction unfamiliar to most ‘reasonable'” users, Smith wrote.

Now, the case has been remanded to the district court where Google will face a trial over the alleged failure to get consent for the data collection. If the class action is certified, Google risks owing currently unknown damages to any Chrome users who opted out of syncing between 2016 and 2024.

According to Smith, the key focus of the trial will be weighing the CPN terms and determining “what a ‘reasonable user’ of a service would understand they were consenting to, not what a technical expert would.”

The same privacy policy last year triggered a Google settlement with Chrome users whose data was collected despite using “Incognito” mode.

Matthew Wessler, a lawyer for Chrome users suing, told Ars that “we are pleased with the Ninth Circuit’s decision” and “look forward to taking this case on behalf of Chrome users to trial.”

A Google spokesperson, José Castañeda, told Ars that Google disputes the decision.

“We disagree with this ruling and are confident the facts of the case are on our side,” Castañeda told Ars. “Chrome Sync helps people use Chrome seamlessly across their different devices and has clear privacy controls.”

Google can’t defend shady Chrome data hoarding as “browser agnostic,” court says Read More »