This is the computer you’ll wear on your face in 10 years

Snap’s new Spectacles 3 don’t look that different from their predecessors . They consist of a metal designer frame with a couple of HD cameras. In exchange for the embarrassment of wearing them, the Spectacles 3 offer the chance to shoot 3D video hands-free and then upload it to the Snapchat app, where it can be further affected. And that’s pretty much it. You can’t view the video, or anything else, in the lenses. There are no embedded displays. Still, the new Spectacles foreshadow a device that many of us may wear as our primary personal computing device in about 10 years. Based on what I’ve learned by talking AR with technologists in companies big and small, here is what such a device might look like and do.   Unlike Snap’s new goggles, future glasses will overlay digital content over the real-world imagery we see through the lenses. We might even wear mixed reality (MR) glasses that can realistically intersperse digital content within the layers of the real world in front of us. The addition of the second camera on the front of the new Spectacles is important because in order to locate digital imagery within reality, you need a 3D view of the world, a depth map. The Spectacles derive depth by combining the input of the two HD cameras on the front, similar to the way the human eye does it. The Spectacles use that depth mapping to shoot 3D video to be watched later, but that second camera is also a step toward supporting mixed reality experiences in real time. Future AR/MR glasses will look a little less conspicuous than the Spectacles. They’ll be lightweight and comfortable; the companies that make them will want users to wear them all day. They may look like regular plastic frames. Since they are a fashion accessory, they’ll come in many styles and color combinations. The glasses will have at least two cameras on the front—perhaps not quite so obvious as the ones on the Spectacles. They may also have an additional, dedicated depth camera, something like the TrueDepth camera on newer iPhones. Read More …

We keep falling for phishing emails, and Google just revealed why

You should feel cranky about all the phishing emails you get. Because getting your brain in a grumpy gear will elevate the odds of your not getting fooled by the next phony invitation to log into your account. At a briefing Wednesday evening at the Black Hat security conference in Las Vegas, Google security researcher  Elie Bursztein and University of Florida security professor Daniela Oliveira shared that and other insights about the business of coaxing people into giving up their usernames and passwords. The first thing to know about phishing: It’s not as random and sloppy as it might seem. Said Bursztein: “Phishers have constantly refined.” The roughly 100 million phishing emails Google blocks every day fall into three main categories: highly targeted but low-volume spear phishing aimed at distinct individuals, “boutique phishing” that targets only a few dozen people, and automated bulk phishing directed at thousands or hundreds of thousands of people. Those categories differ in duration. Google typically sees boutique campaigns wrap up in seven minutes, while bulk phishing operations average 13 hours. Google also sees most phishing campaigns target its commercial mail service . Bursztein said Google-hosted corporate email accounts were 4.8 times more likely to receive phishing emails than plain old Gmail accounts. Email services were the most commonly impersonated login page in those attempts, at 42%, followed by cloud services (25%), financial institutions (13%), online retail (5%), and delivery services (4%). Bursztein noted that Google still can’t definitely identify many phishing emails—as improbable as that might seem, considering all the data it collects. That explains why Gmail shows an orange box above messages that look somewhat suspicious but aren’t necessarily attacks. This is your brain on phishing attacks The presentation also covered the human factors that make phishing easier. As Oliveira explained, “When we are in a good mood, our deception-detection accuracy tends to decline.” She cited research showing that increased levels of such feeling-good hormones as testosterone and estrogen, oxytocin, serotonin, and dopamine increase people’s risk-taking appetite. But a jump in cortisol levels associated with stress makes us warier. Presumably, the soundtrack for your mail screening should not be Marvin Gaye’s “Let’s Get It On” but the J. Read More …

Seven very simple steps to design more ethical AI

No matter how powerful, all technology is neutral. Electricity can be designed to kill (the electric chair) or save lives (a home on the grid in an inhospitable climate). The same is true for artificial intelligence (AI), which is an enabling layer of technology much like electricity. AI systems have already been designed to help or hurt humans. A group at UCSF recently built an algorithm to save lives through improved suicide prevention , while China has deployed facial recognition AI systems to subjugate ethnic minorities and political dissenters. Therefore, it’s impossible to assign valence to AI broadly. It depends entirely on how it’s designed. To date, that’s been careless. AI blossomed with companies like Google and Facebook, which, in order to give away free stuff, had to find other ways for their AI to make money. They did this by selling ads. Advertising has long been in the business of manipulating human emotions. Big data and AI merely allowed this to be done much more effectively and insidiously than before. AI disasters, such as Facebook’s algorithms being co-opted by foreign political actors to influence elections, could and should have been predicted from this careless use of AI. They have highlighted the need for more careful design, including by AI pioneers like Stuart Russell (often called the father of AI), who now advocates that “standard model AI” should be replaced with beneficial AI . Organizations ranging from the World Economic Forum to Stanford to the New York Times are convening groups of experts to develop design principles for beneficial AI. As a contributor to these initiatives, I believe the following principles are key. Make it easy for users to understand data collection The user must know data is being collected and what it will be used for. Technologists must ensure informed consent on data Read More …

How this program turns ordinary teens into tech superheroes

In 2016, Ananya Chadha was just a regular 14-year-old girl struggling to fit in at her high school in Toronto. She often had sci-fi-inspired fantasies about building futuristic technologies like jet-pack shoes, going so far as to look into where she could buy parts. Then one day two brothers, Navid and Nadeem Nathoo, came to her school and described a new type of educational program they started called The Knowledge Society , or TKS. “They talked about essentially creating the next Elon Musk,” recalls Chadha, now 18 years old. “When they talked about taking crazy ideas and unconventional paths and making it real, I was like ‘Wow, I need this.’” It would sound like a rip-off of a classic superhero story if it weren’t completely true: ordinary teenagers being recruited into an elite program designed to give them the power to do extraordinary things, and maybe even save the world. While many programs like Code for America and the Flatiron School focus on teaching entrepreneurship or tech skills to high school students, TKS, which was founded in 2016, is unique for giving students both the hard skills they need to build next-generation solutions to some of the world’s biggest problems as well as the soft skills they need to communicate and create them. Ananya Chadha at TKShowcase [Photo: courtesy of TKS] Soon after enrolling in the program, Chadha was working in a gene-editing lab, where she discovered a problem with the homogeny of samples used in data sets. That inspired her to develop a blockchain-based application that compensates users for uploading anonymous genetic information to help diversify the data pool. After the app, G-gnome, was acquired by a blockchain startup, she switched her focus to computer-human interfaces. In 2018 Chadha secured a sponsorship from Microsoft to build a remote control car that she can control by meditating . Today she interns for IBM. “What I found unique was their ability to connect advances in bleeding-edge technologies to tackle hard problems our society faces on daily basis,” says Piotr Mierzejewski, the director of Db2  deployment for IBM Data and AI. “These young minds don’t seem to be discouraged by how hard and complex problems they are trying to solve are; they simply face the challenge to find solutions.” In recent months Chadha has presented her work at some of the biggest technology conferences in the world, she was named to the 2019 class of Canada’s Developer 30-Under-30 , and she won First Prize in engineering.com’s Impossible Science Challenge. Chadha, however, is just one of almost 400 students who have achieved incredible feats after enrolling in TKS. Building the next Elon Musk After the Nathoos spent three years developing the program in Toronto and Waterloo, TKS is expanding to New York, Boston, Las Vegas, and Ottawa in the fall— enrolling 80 students in each new chapter—and offering a new program in Toronto for students as young as nine. Navid and Nadeem-Natho [Photo: courtesy of TKS] “The whole reason why we’re scaling is because I strongly believe that we are not short on human potential,” says Navid Nathoo. Read More …

These are the sneaky new ways that Android apps are tracking you

You could admire the tenacity if it didn’t come with such trickery: After years of effort by Google to stop Android apps from scanning users’ data without permission, app developers keep trying to find new work-arounds to track people. A talk at PrivacyCon , a one-day conference hosted by the Federal Trade Commission last Thursday, outlined a few ways apps are prying loose network, device, and location identifiers. Officially, apps generally interact with Android through software hooks known as APIs, giving the operating system the ability to manage their access. “While the Android APIs are protected by the permission system, the file system often is not,” said Serge Egelman , research director of the Usable Security and Privacy Group at the University of California at Berkeley’s International Computer Science Institute. “There are apps that can be denied access to the data, but then they find it in various parts of the file system.” In a paper titled ‘ 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System ,’ Egelman and fellow researchers Joel Reardon, Álvaro Feal, Primal Wijesekera, Amit Elazari Bar On, and Narseo Vallina-Rodriguez outlined three categories of exploits discovered through an array of tests. One common target, Egelman explained Thursday, is the hard-coded MAC address of a WiFi network—”a pretty good surrogate for location data.” The researchers ran apps on an instrumented version of Android Marshmallow (and, later, on Android Pie). Deep-packet inspection of network traffic found that apps built on such third-party libraries as the OpenX software development kit had been reading MAC addresses from a system cache directory. Other apps exploited system calls or network-discovery protocols to get these addresses more directly. Egelman added that the workings of these apps often made the deception obvious to researchers: “There are many apps that we observed which try to access the data the right way through the Android API, and then, failing that, try and pull it off the file system.” Obtaining a phone’s IMEI (International Mobile Equipment Identity), an identifier unique to each device, can be even more effective for persistent tracking. The researchers discovered that advertising libraries from Salmonads and Baidu would wait for an app containing their code to get permission from the user to read the phone’s IMEI, then copy that identifier to a file on a phone’s SD Card that other apps built on these libraries could read covertly. “This corresponds to about a billion installs of the various apps that are exploiting this technique,” Egelman warned. Finally this team observed the Shutterfly photo-sharing app working around the lack of permission for location data by reading geotags off photos saved on the phone—and then transmitting those coordinates to Shutterfly’s server. Shutterfly communications director Sondra Harding responded in an email on Tuesday, saying the app only reads photos after a user allows access: “There are multiple opportunities in the user experience for granting this permission, including opting in to auto-upload, pulling a local photo into a product creation path, the app settings, etc.” This study and another presented Thursday—’ Panoptispy: Characterizing Audio and Video Exfltration from Android Applications ,’ by Elleen Pan of Northeastern University with Jingjing Ren, Martina Lindorfer, Christo Wilson, and David Choffnes—did not, however, report evidence that Facebook’s apps were exploiting any loopholes to surreptitiously listen to ambient real-world audio. The theory that Facebook or others are doing that keeps coming up despite strenuous, on-the-record denials —and in any case, the current Android Pie release blocks apps from recording audio or video in the background Read More …