Have the creators of this project considered the privacy implications of capturing, recording, or analyzing audio from the rainforest? What happens if people are walking near a microphone and a conversation is picked up by the microphones?
I realize that the audio is probably analyzed for the sound of chainsaws, and then thrown away, but there's still the potential that such a system could be misused. So just wondering what people think about the ethical issues related to this technology.
Not really answering your question, but in the interest of protecting a critical ecosystem I think some theoretical privacy loss is an acceptable trade off. Privacy is not the be-all-end-all.
I think you've a bit over-analysing it. I doubt the conversations are even audible at the places where these phones are attached. Then there also is the fact that no one will probably even get close to these for most of the time.
While reflecting on this--and ethical issues aside--it did occur to me that there's probably a lot more data you could collect from the audio gathered in the rainforest, i.e. what animals are active in what areas of the rainforest and what times, weather data such as intensity of rain or wind, volume of animal activity in a particular area of the rainforest, etc.
> There are many fraudulent USB sticks in circulation that report to have a high capacity (ex: 8GB) but are really only capable of storing a much smaller amount (ex: 1GB)... Internet searches such as "fake capacity usb" will turn up lots of disturbing information about this problem.
This caught my attention. Never heard of this problem before, but doesn't at all surprise me.
Stop blaming my feelings on other people. Always take ownership of how you feel; I'm responsible for my feelings.
For example, if I feel lonely because my friends didn't invite me to the party, don't blame them. Loneliness is my feeling, so I should do something about it. i.e. Go out and do something that I like, invite some other friends over, whatever... If I don't take any action, blaming other people for my feelings won't change how I feel.
Amen to that. I still have that reflex of "blaming" others (thinking something happens because THEY believe something instead of what I am doing) and I really have to step back from the situation and think about it. Absolutely hate it when my brain does this
This sounds very similar to the ideas in stoicism. Your feelings are your own creation and subsequently completely within your control. If you are feeling bad about something, it's not because of that something, but because you are -choosing- to feel bad.
Bilingualism in Canada is very common among French-English languages, and depending on what part of the country you live in, your exposure to both languages can be fairly even.
My favourite bilingual situations is seeing a child "complain/whine" to their grandparent in English while the grandparent tries to soothe the child in French. Both understanding each other perfectly.
Something that blew me away once was this one kid at church who spoke with a British accent--I believe he lived in Whales before moving to Canada. A week later I heard this same child speak with a perfect Québécois accent. I later found out his mom was from Montreal.
Probably from Wales, although depending on where in the principality he lived, the accent may be quite interesting, and while British, certainly not most people's stereotypical idea of a British accent.
If he lived in Whales, then (if Octonauts is to be believed) the accent could be Texan (Bowhead Whales), English RP (Orca Whales or Sperm Whales), stereotypical Slavic accented English (Narwhals)
To me, obtaining bitcoin (or whatever crypto-currency) has been one of the most challenging aspects of using the currency. It's too hard to obtain. Mining these days isn't that feasible, but even if I could mine bitcoin, I probably wouldn't be able to do it at a rate to fund whatever venture I wanted to pursue. The only alternative is to purchase a crypto-currency with another real world currency, which to me seems to defeat the purpose of not having to depend on central banks or real world currency.
If there was a way for crypto-currencies to handle credit, I think that would greatly increase it's likelihood of replacing real world currencies and central banks--going mainstream. The money we use nowadays is transferable credit and central banks can produce enough to meet the demands of the economy. Crypto-currencies on the other hand are more like gold: there's a limited supply that doesn't meet the needs or demands of the economy.
We have a discussion area and a leaderboard, plus you can build a simple index fund portfolio and track it inside the app. I hope this helps explain, thanks!
You have identified a well known area of interest... but you are not solving a problem. If a problem can't be solved with conversation with a trusted friend or relative then it's a slim chance an app and leaderboard are the right answer.
I was enrolled in the French Immersion program. At my school, we had both English and French programs. One of my memories of being in French Immersion, which is likely of relevance to this article, is that I remember in the 7th and 8th grade one of my teachers (who was also the vice-principal) was concerned about the segregation between the students in the French program and the students in the English program. i.e. During recess the students French program wouldn't play with the students in the English program, vice versa. We may have had a name for students in the English program--but I can't remember it now.
The segregation in the older years wasn't as strong as younger years, but it still existed.
I find this story pretty fascinating. First, it's interesting how a broad attack, such as putting malware into software used by a large number of people, suddenly becomes a targeted attack: the attackers grab SSH keys and start cloning git repositories. I'm assuming that there was a significant number of victims in this attack. Were they targeting developers? Or did they just happen to comb through all this data and find what looked to be source code / git repositories.
The other thing I find interesting is this comment:
> We’re working on the assumption that there’s no point in paying — the attacker has no reason to keep their end of the bargain.
If you really want to be successful in exploiting people through cyber attacks, I guess you will need some kind of system to provide guaranteed contracts, i.e. proof that if a victim pays the ransom, then the other end of the bargain will be held.
It might seem that there's some incentive for ransom holders to hold up their end of the bargain for the majority of cases if they want their attacks to be profitable.
> If you really want to be successful in exploiting people through cyber attacks, I guess you will need some kind of system to provide guaranteed contracts, i.e. proof that if a victim pays the ransom, then the other end of the bargain will be held.
You're describing a legal system and the rule of law. I'm not sure there's way to guarantee anything like you describe when there is some illegality in the nature of the process.
Trade only works when you can trust either the parties involved or the system as a whole to uphold their promises (for the system, that's that involved parties that don't uphold their ends will be punished).
> You're describing a legal system and the rule of law. I'm not sure there's way to guarantee anything like you describe when there is some illegality in the nature of the process.
Legal systems aren't the only way to give confidence that both ends of a bargain will be held. As one example, some darknet markets have escrow systems for this purpose. It's not too hard to imagine a way to do this with ransomed code. Reputation-based systems also provide incentives for sellers to deliver on their promises.
> As one example, some darknet markets have escrow systems for this purpose.
Those only function because the darknet functions as the system, and the punishment for not following through is that the party loses access to or prestige in that market. What entity exists that is trusted and has leverage with both the people that are ransoming (criminals) and average citizens (ostensibly law abiding)? Should I trust a darknet broker to not screw me? No. They have no incentive not to, as long as their actual client, the ransomer, doesn't care. For the same reason, the ransomer should not trust any legal entity, because they can not deliver the money and give it back to the victim (since they are the client).
There may exist a way for this to work, but I certainly can't think of one, and what you described doesn't work either. Trust is the integral factor as I see it, and while you can have trust within a criminal community, and within a law-abiding community, I'm not sure how you get that trust to cross that boundary.
And how do you ensure you are dealing with the same person from one transaction to the next? Any authority that can confirm an anonymous criminal is who they say they are needs to be illegal to keep law enforcement from finding out the identities, and if not they are still participating in a crime.
Again, how do you trust a criminal person or organization? By their nature, they don't follow the same rules.
You don’t need an authority vouching for you to become a ‘trusted’ criminal. You just need proof of identity, and a reputation established over time. Drug dealers do this all the time, even though they’re criminals. Hell, it’s even how legitimate businesses work - the FBI isn’t going to shut down Bic for selling shoddy pens, so they build a reputation on “we’re Bic and we did right by you last time”.
An example: a malware group sends every target an RSA-signed demand (with public key disclosed on Pastebin or something). The few people who pay up find that they follow through, so they grow a reputation as sincere. They could even kick things off with a round of freebies - “Here’s your data, here’s our sig, we deleted/unlocked/whatever it for free this time to prove ourselves.” I suppose they’d have to publish demands and outcomes since most targets won’t disclose on their own.
There’s likely a flaw in my specifics (probably around disclosing attacks and proving followthrough), but I only put five minutes into it. As long as you can prove identity, you ought to be able to build ‘trust’.
> Drug dealers do this all the time, even though they’re criminals.
Drug dealers and those buying from them are both committing illegal acts. That changes the dynamic. Neither party can rely on the legal system to enforce misconduct. That allows an entirely criminal system to work. For example, if you don't pay the drug dealer, they'll just hurt you. If the drug dealer doesn't give you the drugs, or gives you crappy/cut drugs, you just won't use them next time. It's important to note that this transactional relationship does not begin with one party accosting the other, as in the ransomware case.
The ransomware scenario is the equivalent of being mugged in an alleyway, but only of your smartphone, and the mugger offering to give your phone back if you go to an ATM and come back with $100. The whole interaction began with an crime perpetrated by one party on the other.
> As long as you can prove identity, you ought to be able to build ‘trust’.
One problem is that the identity, because it is anonymous, it worth fundamentally less for this purpose than any real identity. The ransomer could decide law enforcement is getting too close, and stop responding to all payments, or abandon the system and someone else could take it over. For any identity used just for this scam, the loss of reputation is irrelevant, and if they are using the same identity for multiple scams they are inviting more law enforcement response. There are no future consequences of mention to screwing people over, since the identity can be changed at any time.
The only thing that really protects you in any of these situations are the incentives of the criminals, but those incentives, be they economic or liberty based, are subject to very different constraints than a legally operating entity. The bottom line is that the person or people involved has started the whole relationship by showing they are willing to screw you over. Establishing trust is not impossible (some people will trust), but it's very hard to do, a large percentage of will never actually trust you, and they likely shouldn't, because you don't have the same incentives or punishments they do.
> Any authority that can confirm an anonymous criminal is who they say they are needs to be illegal to keep law enforcement from finding out the identities, and if not they are still participating in a crime.
It's not a requirement that the authority be legal. Note that a person's name isn't required to establish authority, pseudonymous reputation provides assurance as well. Darknet markets have reputation systems, and have already figured this out.
> And how do you ensure you are dealing with the same person from one transaction to the next?
The same way we do it with pseudonymous systems now: by having an authoritative identity somewhere that can verify their actions. @shittywatercolour could make a new account on HN, do an AMA, and post on his Twitter that he's doing an AMA with <name> for proof. Banksy can claim work by posting it on his website. In the same way, a reputable seller on any marketplace (such as a darknet marketplace) could do the same thing.
> Darknet markets have reputation systems, and have already figured this out.
But again, why should I trust a darknet? What makes a group of criminals trustworthy when a single one isn't?
You haven't really addressed the fundamental problem of trust, just kicked it down the road to a new point. Any legitimate entity seeing usage in an effort to authenticate a criminal will likely be seeing subpoenas for access information. If they are resistant to those subpoenas, then they are helping the criminals, and are acting illegally. Both states have severe negatives for one of the parties.
Only a small fraction of trust among non-criminals is backed by force of law. The rest is backed by past record. If you don't have one, you put up collateral, get someone else to stake you (e.g. loan co-signers), or start small until people get to know you.
The only real question here is how you verify who you're dealing with. That's doable, and once it's done everything else is a pretty established process.
It's not just about how reliable they are, it's about what incentives they have to follow through, and what recourse you have when the do not. Entities acting illegally have very different incentives than legal ones, and your recourse if they do not follow through is very limited, especially if you are acting legally.
> Only a small fraction of trust among non-criminals is backed by force of law. The rest is backed by past record.
Past record accounts for some of it, that ability to exact your own punishments accounts for some of it. Any drug dealer that screws over a client needs to account for that person taking the matter into their own hands.
> The only real question here is how you verify who you're dealing with.
That's not the only question. I believe I've outlines many more in my other responses in these threads (one of which was to you).
Yelp is a very interesting example. It's hard to make the analogy work because there's an asymmetry to the transaction between restaurant owners and restaurant customers (you don't have to be a customer to leave a review).
Even so, Yelp is renowned for extorting restaurant owners for money (whether or not illegal, and officially extortion)[1]. That's in a market where all participants are supposedly acting legally. Why am I to believe that illegal, anonymous entities won't be willing to burn their reputation (which may only exist for this scam) when they decide to stop?
Escrow works well with physical goods. How do you return source code that can be copied endlessly. How many copies do you return? How do you prove that one of them is the "original" copy?
Returning digital goods (or more general "knowledge") works either based on trust or through enforcement. The latter is the rule of law.
> Escrow works well with physical goods. How do you return source code that can be copied endlessly. How many copies do you return? How do you prove that one of them is the "original" copy?
Just brainstorming, but:
1. Trusted third party creates a service that (a) provides a one-time-use encryption key (b) provides an endpoint to upload an encrypted blob of information along with an email (or a passcode) and a date after which the decrypted content will be made available to that email (or via that passcode), (c) provides a UI that allows a user to pay $x (redeemable via email/passcode) to wipe the encrypted content from their server, if paid before the ransom date.
2. Malware author compromises system, encrypts content using (a), uploads encrypted content with their email/passcode to (b), sends user a link to (c).
3. Malware author provides some evidence that they haven't also uploaded non-encrypted content elsewhere to give confidence that once the user pays, the content will not exist elsewhere. Some ideas: system/network logs, malware analysis that shows that it only uploads to trusted third-party, providing proof in decompiled source that malware only uploads to trusted third-party, and/or a reputation/review system. Note that this doesn't need to be airtight proof, it just needs to give the victim enough confidence that they think it's worth the risk to hand over some money.
Would this work well, in practice? Who knows. But I think it's a proof-of-concept that shows that there are potentially other ways to escrow ransomed content.
> Malware author provides some evidence that they haven't also uploaded non-encrypted content elsewhere
Any amount of information that could show this would invariably give away the identity of the hacker. Even then, since the information comes from them, it can't be trusted.
> But I think it's a proof-of-concept that shows that there are potentially other ways to escrow ransomed content.
There's a difference between keeping the owner from their own materials and threatening to spread those materials to others. In the first, you at least know whether you get the files back (for the most part, it might be hard to notice small changed/omissions). In the second, not only do you not necessarily know it's been shared, the blackmailer retains the right to spread it in perpetuity (whether it still retains value or not).
Even with physical goods, what type of agent would hold the trust of both the criminal and law-abiding elements of the deal? A criminal agent cannot be trusted by a law abiding party, and a law-abiding agent cannot be trusted by a criminal party (they can just give everything back to the rightful owner).
I think this sort of thing could be done using Etherium. Allowing exchange in a mechanical way with code that the parties can verify on their own.
A programmed agent being quite impartial. Not sure how hard it would be.
Of course, you can never verify that they will not release the code or keep using it maliciously.
I think ethereal just hides the problem slightly. If it's information, as you say there's nothing preventing future use of it. If it's physical, there needs to be some holder of the item, and we're back at how can both sides trust the escrow agent?
How about an ethereum smart contract that gives back your money unless the owner releases the key used to encrypt your files (which may be possible to verify in the contract)
That would possibly work in the case of locked files, but not in the case in the submission, where it was about the public release of files. There's no way to ensure they blackmailer didn't keep a copy, and won't threaten again or release anyway.
Also, I'm not familiar enough with ethereum to know whether there are downsides to using it, such as it leaving a trail until laundered (like bitcoin).
This is historically where the Mafia came from, as a means to keep members of a price fixing cartel mutually honest. The old saying about "no honour amongst thieves" being solved by outsourcing to a body to provide a parallel system of contract enforcement.
Harder to achieve online but not impossible, though plenty of criminals make enough without essentially having to place themselves at risk of physical attack from organised crime.
> If you really want to be successful in exploiting people through cyber attacks, I guess you will need some kind of system to provide guaranteed contracts, i.e. proof that if a victim pays the ransom, then the other end of the bargain will be held.
Could a smart contract system work here ? In this example, the smart contract would assure you the hash of the repo sent to you corresponds to the one you already had locally. You'd add automatic payment when conditions are fullfilled...
The problem is that you have no way of knowing how many copies of the data the hacker has. It's very easy to confirm that the hacker has your data, but confirming the opposite - that the attacker no longer has your data - is pretty much impossible. If there's even a way to do it it would surely involve require the hacker to have encrypted data which can only be decrypted if certain conditions are met. If you're going to go to that length then why not just encrypt it by a conventional means and not risk your data at all?
Unless someone fancies setting up a trusted hacker escrow that acts an intermediary between compromised servers and hackers? That sounds incredibly complicated, highly illegal and unlikely to be trusted by either hacker or hacked though.
Simplest solution: payment put into escrow, ransom is released to the ransom holder after 365 days provided the source code is not leaked, the ransom is released to the victim if the source code is leaked prior. If the ransom holder released the source after the fact it would be a year out of date.
> It might seem that there's some incentive for ransom holders to hold up their end of the bargain for the majority of cases if they want their attacks to be profitable.
There's also the fact that they don't care about who you are or what you do, their only consideration is financial.
Hi, Rooby is a new object oriented language I created recently (written in Go). It looks just like Ruby for now because it's mainly inspired by it. But I want it to be a new language and start developing its own feature when it gets more mature. So I'm looking for developers who also interested in this project, any help or idea will help me a lot.
Crystal actually has quite a few features unique to Crystal too! I'd love to hear the author's ideas of how he wants to improve Ruby, maybe some of those ideas are still applicable to Crystal.
I realize that the audio is probably analyzed for the sound of chainsaws, and then thrown away, but there's still the potential that such a system could be misused. So just wondering what people think about the ethical issues related to this technology.