Tag Archives: Internet & Networking Technology

Lawsuit alleges StubHub deceives customers into paying extra for tickets

Posted on by

The Washington DC Superior Court has filed a lawsuit against ticket-seller StubHub that accuses the company of hiding all kinds of fees from consumers until the very last moment. The suit calls out the “deceptive practice of charging hidden junk fees” and refers to it as a “classic bait-and-switch scheme.”

Anyone who has purchased a ticket via StubHub, or many of its rivals, are probably intimately familiar with the sticker shock that arrives at check out. The added fees can boost the total cost of a ticket by up to 40 percent, the lawsuit alleges. Attorney General Brian L. Schwalb says this is due to “a series of deceptive, manipulative, and unfair practices.”

These practices include the aforementioned bait-and-switch. The company allegedly advertises “deceptively low” ticket prices, adding extra charges after the consumer has clicked on multiple pages. Throughout this whole process, StubHub displays a countdown timer, urging users to act swiftly and, thereby, accept those added fees without really thinking about it. Schwalb calls this a “dark pattern” that creates a “false sense of urgency.” This is otherwise known as drip pricing.

The fees themselves are also said to be attributed to vague and cryptic policies, like “fulfillment and service.” These policies lack adequate explanation and the associated fees vary wildly, according to the suit. The lawsuit points out that StubHub doesn’t disclose how these fees are calculated or what they’re even for.

The complaint goes on to allege that StubHub has sold 4.9 million tickets and accrued over $118 million in hidden fees just in Washington DC by relying on the above methods. This lawsuit doesn’t crunch the numbers for other cities, like New York City, Los Angeles and Chicago, though I have a hunch that those residents also attend ticketed events in large numbers.

“We are disappointed that the DC Attorney General is targeting StubHub when our user experience is consistent with the law, our competitors’ practices, and the broader e-commerce sector,” John Lawrence, StubHub’s deputy general counsel, wrote in a statement to The Verge.

To the point of being “consistent with the law,” Schwalb claims that StubHub has violated the District of Columbia’s Consumer Protection Procedures Act (CPPA). The aforementioned drip pricing strategy isn’t allowed, as the law requires merchants to provide factual information regarding consumer goods sold in the city. The AG has asked the court to financially penalize StubHub and for an injunction to stop the allegedly deceptive practices.

“Hidden fees in the ticketing industry have truly gotten out of control. The price that is advertised is the price that we should pay—full stop,” wrote National Consumers League CEO Sally Greenberg in a press release that accompanied the lawsuit.

This is just the latest attempt to dissuade ticket sellers from using junk fees to line their coffers. The federal government, under President Biden, has been trying to tamp down these practices since 2022, when Ticketmaster caused a straight-up fiasco by promising more Taylor Swift tickets than were actually available and adding plenty of junk fees. In 2023, the FTC proposed a rule to ban junk fees. There will be a decision issued on this by the end of the year.

The House also passed a bill back in May to force ticket sellers to display the actual prices at the start of the purchasing process and not at the very end. Finally, the DOJ took legal action against Ticketmaster’s parent company Live Nation earlier this year, accusing it of monopolistic practices that result in high ticket prices.

This article originally appeared on Engadget at https://www.engadget.com/lawsuit-alleges-stubhub-deceives-customers-into-paying-extra-for-tickets-162722604.html?src=rss

Some Microsoft services, including Office, are suffering from an outage

Posted on by

If you're having a little trouble with Microsoft Office or Teams today, you're not alone. The company has reported some Azure-related issues that are preventing some users from accessing certain services. The problems started at around 8AM on Tuesday.

Microsoft reported on a status page that "a subset of customers may experience issues connecting to Microsoft services globally." The company deployed several engineering teams to try and resolve the problem as swiftly as possible. "We've identified multiple workstreams and are working to mitigate impacted workstreams by performing failover operations," it said in a statement. "More details will be provided as they become available."

For what it's worth, there was a significant spike in outage reports made to Down Detector on Tuesday morning for both Microsoft and Microsoft 365. Here's hoping the issue is resolved soon so you can rejoin Teams calls you never wanted to be on in the first place. 

This article originally appeared on Engadget at https://www.engadget.com/some-microsoft-services-including-office-are-suffering-from-an-outage-142757596.html?src=rss

DOJ says TikTok collected users’ views on issues like abortion, gun control and religion

Posted on by

The Department of Justice on Friday night asked a federal court to reject TikTok’s bid to have the law that could ban it overturned, citing national security concerns that include its alleged use of internal search tools to collect information on users’ views around sensitive topics. It comes in response to a petition filed in May by TikTok in an attempt to challenge the law that now requires its China-based parent company, ByteDance, to sell the app or it will be banned in the US. President Biden signed the bill into law in April.

In one of the documents filed with the US Court of Appeals for the DC Circuit, the DOJ says a search tool within Lark, the web-suite system the company’s employees use to communicate, “allowed ByteDance and TikTok employees in the United States and China to collect bulk user information based on the user’s content or expressions, including views on gun control, abortion, and religion.” The DOJ also argues in the filings that TikTok could be used to subject US users to content manipulation, and that their sensitive information could end up stored on servers in China.

TikTok has repeatedly denied the accusations about it being a threat to national security and has called the efforts to ban it “unconstitutional.” In its latest statement responding to the DOJ filing, posted on X, TikTok said, “Nothing in this brief changes the fact that the Constitution is on our side.”

This article originally appeared on Engadget at https://www.engadget.com/doj-says-tiktok-collected-users-views-on-issues-like-abortion-gun-control-and-religion-201617503.html?src=rss

DOJ says TikTok collected users’ views on issues like abortion, gun control and religion

Posted on by

The Department of Justice on Friday night asked a federal court to reject TikTok’s bid to have the law that could ban it overturned, citing national security concerns that include its alleged use of internal search tools to collect information on users’ views around sensitive topics. It comes in response to a petition filed in May by TikTok in an attempt to challenge the law that now requires its China-based parent company, ByteDance, to sell the app or it will be banned in the US. President Biden signed the bill into law in April.

In one of the documents filed with the US Court of Appeals for the DC Circuit, the DOJ says a search tool within Lark, the web-suite system the company’s employees use to communicate, “allowed ByteDance and TikTok employees in the United States and China to collect bulk user information based on the user’s content or expressions, including views on gun control, abortion, and religion.” The DOJ also argues in the filings that TikTok could be used to subject US users to content manipulation, and that their sensitive information could end up stored on servers in China.

TikTok has repeatedly denied the accusations about it being a threat to national security and has called the efforts to ban it “unconstitutional.” In its latest statement responding to the DOJ filing, posted on X, TikTok said, “Nothing in this brief changes the fact that the Constitution is on our side.”

This article originally appeared on Engadget at https://www.engadget.com/doj-says-tiktok-collected-users-views-on-issues-like-abortion-gun-control-and-religion-201617503.html?src=rss

ISPs are fighting to raise the price of low-income broadband

Posted on by

A new government program is trying to encourage Internet service providers (ISPs) to offer lower rates for lower income customers by distributing federal funds through states. The only problem is the ISPs don’t want to offer the proposed rates.

Ars Technica obtained a letter sent to US Commerce Secretary Gina Raimondo signed by more than 30 broadband industry trade groups like ACA Connects and the Fiber Broadband Association as well as several state based organizations. The letter raises “both a sense of alarm and urgency” about their ability to participate in the Broadband Equity, Access and Deployment (BEAD) program. The newly formed BEAD program provides over $42 billion in federal funds to “expand high-speed internet access by funding planning, infrastructure, deployment and adoption programs” in states across the country, according to the National Telecommunications and Information Administration (NTIA).

The money first goes to the NTIA and then it’s distributed to states after they obtain approval from the NTIA by presenting a low-cost broadband Internet option. The ISP industries’ letter claims a fixed rate of $30 per month for high speed Internet access is “completely unmoored from the economic realities of deploying and operating networks in the highest-cost, hardest-to-reach areas.”

The letter urges the NTIA to revise the low-cost service option rate proposed or approved so far. Twenty-six states have completed all of the BEAD program’s phases.

Americans pay an average of $89 a month for Internet access. New Jersey has the highest average bill at $126 per month, according to a survey conducted by U.S. News and World Report. A 2021 study from the Pew Research Center found that 57 percent of households with an annual salary of $30,000 or less have a broadband connection.

This article originally appeared on Engadget at https://www.engadget.com/isps-are-fighting-to-raise-the-price-of-low-income-broadband-220620369.html?src=rss

OpenAI unveils SearchGPT, an AI-powered search engine

Posted on by

OpenAI on Thursday announced a new AI-powered search engine prototype called SearchGPT. The move marks the company’s entry into a competitive search engine market dominated by Google for decades. On its website, OpenAI described SearchGPT as “a temporary prototype of new AI search features that give you fast and timely answers with clear and relevant sources.” The company plans to test out the product with 10,000 initial users and then roll it into ChatGPT after gathering feedback.

The launch of SearchGPT comes amid growing competition in AI-powered search. Google, the world’s dominant search engine, recently began integrating AI capabilities into its platform. Other startups like the Jeff Bezos-backed Perplexity have also aimed to take on Google and have marketed themselves as “answer engines” that use AI to summarize the internet. 

The rise of AI-powered search engines has been controversial. Last month, Perplexity faced criticism for summarizing stories from Forbes and Wired without adequate attribution or backlinks to the publications as well as ignoring robots.txt, a way for websites to tell crawlers that scrape data to back off. Earlier this week, Wired publisher Condé Nast reportedly sent a cease and desist letter to Perplexity and accused it of plagiarism. 

Perhaps because of these tensions, OpenAI appears to be taking a more collaborative approach with SearchGPT. The company's blog post emphasizes that the prototype was developed in partnership with various news organizations and includes quotes from the CEOs of The Atlantic and News Corp, two of many publishers that OpenAI has struck licensing deals with.

“SearchGPT is designed to help users connect with publishers by prominently citing and linking to them in searches,” the company’s blog post says. “Responses have clear, in-line, named attribution and links so users know where information is coming from and can quickly engage with even more results in a sidebar with source links.” OpenAI also noted that publishers will have control over how their content is presented in SearchGPT and can opt out of having their content used for training OpenAI's models while still appearing in search results.

SearchGPT's interface features a prominent textbox asking users, "What are you searching for?" Unlike traditional search engines like Google that provide a list of links, SearchGPT categorizes the results with short descriptions and visuals.

SearchGPT
OpenAI

For example, when searching for information about music festivals, the engine provides brief descriptions of events along with links for more details. Some users have pointed out, however, that the search engine is already presenting inaccurate information in its results.

We reiterate: Please don't get your news from AI chatbots.

This article originally appeared on Engadget at https://www.engadget.com/openai-unveils-searchgpt-an-ai-powered-search-engine-195235766.html?src=rss

Meta takes down 63,000 Instagram accounts linked to extortion scams

Posted on by

Meta has taken down tens of thousands of Instagram accounts from Nigeria as part of a massive crackdown on sextortion scams. The accounts primarily targeted adult men in the United States, but some also targeted minors, Meta said in an update.

The takedowns are part of a larger effort by Meta to combat sextortion scams on its platform in recent months. Earlier this year, the company added a safety feature in Instagram messages to automatically detect nudity and warn users about potential blackmail scams. The company also provides in-app resources and safety tips about such scams.

According to Meta, the recent takedowns included 2,500 accounts that were linked to a group of about 20 people who worked together to carry out sextortion scams. The company also took down thousands of accounts and groups on Facebook that provided tips and other advice, including scripts and fake images, for would-be sextortionists. Those accounts were linked to the Yahoo Boys, a group of “loosely organized cybercriminals operating largely out of Nigeria that specialize in different types of scams,” Meta said.

Meta has come under particular scrutiny for not doing enough to protect teens from sextortion on its apps. During a Senate hearing earlier this year, Senator Lindsey Graham pressed Mark Zuckerberg on whether the parents of a child who died by suicide after falling victim to such a scam should be able to sue the company.

Though the company said that the “majority” of the scammers it uncovered in its latest takedowns targeted adults, it confirmed that some of the accounts had targeted minors as well and that those accounts had also been reported to the National Center for Missing and Exploited Children (NCMEC).

This article originally appeared on Engadget at https://www.engadget.com/meta-takes-down-63000-instagram-accounts-linked-to-extortion-scams-175118067.html?src=rss

AI search engines that don’t pay up can’t index Reddit content

Posted on by

When Reddit said last month that it would block unauthorized data scraping from its site, everyone’s (rightful) first reaction was “AI, AI, AI.” However, now that the change has taken effect, chatbot makers may not be the only ones being locked out. The widely used forum also appears to be blocking major search engines other than Brave and Google, the latter of which reportedly inked a deal earlier this year with Reddit worth $60 million annually. However, a Reddit spokesperson told Engadget that the empty search results are about Google’s rivals not agreeing to the company’s requirements for AI training. It says it’s it’s in discussions with several of them.

404 Media reported on Wednesday (and Engadget confirmed in our queries) that searching for Reddit results from the past week on rival engine Bing (using “site:reddit.com”) returns empty results. The publication reported that DuckDuckGo produced seven links without any descriptions, only providing the note, “We would like to show you a description here but the site won’t allow us.” The engine now appears to have removed even those, as our test only produced an empty page, reading, “no results found.”

When Reddit said last month that it would update its Robots Exclusion Protocol (robots.txt) to block automated data scraping, it’s now apparent that it wasn’t only meant to thwart AI companies like Perplexity and its controversial “answer engine.” Currently, Google appears to be the only search engine allowed to crawl Reddit and produce results from “the front page of the internet.”

A Reddit spokesperson told Engadget on Wednesday it isn’t accurate to say the missing search results are a result of its Google deal. “We block all crawlers that are unwilling to commit to not using crawl data for AI training, which is in line with enforcing our Public Content Policy and updated robots.txt file,” the company said. “Anyone accessing Reddit content must abide by our policies, including those in place to protect redditors. We are selective about who we work with and trust with large-scale access to Reddit content.”

Meanwhile, a source familiar with Reddit’s thinking told Engadget on Wednesday that Bing’s omission is due to Microsoft refusing to agree to Reddit’s terms regarding AI crawling. Instead, the Bing maker allegedly claimed its standard web controls were sufficient. The source claims Microsoft’s stance conflicts with Reddit’s data privacy policy, leading to the impasse and empty search results.

The ubiquitous robots.txt is the web standard that communicates which parts of a site can be crawled. Although many crawlers are known to ignore its instructions, Google’s standard procedure is to respect it. So, on the technical side, the companies in cahoots on the lucrative deal appear to have deployed some manual override.

The saga could be seen as a trickle-down effect of AI chatbots scraping the live web for results. With courts slow to determine how much of the open web is fair use to train chatbots on, companies like Reddit, whose bottom lines now depend on safeguarding their data from those who don’t pay, are building walls at the expense of the open web. (Although, given the integral role Microsoft has played in this AI era, cozying up with OpenAI early on, it seems ironic that Bing finds itself on the losing end of at least one aspect of the fallout.)

Colin Hayhurst, CEO of lesser-known “no-tracking” search engine Mojeek, told 404 Media that Reddit is “killing everything for search but Google.” In addition, the executive said his attempts to contact Reddit were ignored. “It’s never happened to us before,” he said. “Because this happens to us, we get blocked, usually because of ignorance or stupidity or whatever, and when we contact the site you certainly can get that resolved, but we’ve never had no reply from anybody before.”

Reddit has made no secret of its desire to block AI companies from scraping its treasure trove of data in this burgeoning age of AI. Last year, CEO Steve Huffman risked alienating large portions of its user base by blocking third-party API requests, leading to the demise of beloved apps like Christian Selig’s Apollo. Despite widespread protests among moderators and forum-goers, the company only temporarily lost negligible numbers of users.

The gamble appeared to pay off, and Reddit recovered. It went public in March.

Update, July 24, 2024, 5:00 PM ET: This story has been updated to add statements from Reddit and additional context from sources familiar with the company’s thinking.

This article originally appeared on Engadget at https://www.engadget.com/search-engines-that-dont-pay-up-cant-index-reddit-content-172949170.html?src=rss

CrowdStrike offered a $10 Uber Eats card to teammates and partners, but it got flagged for fraud

Posted on by

Last week’s CrowdStrike outage plunged a noticeable portion of the world into a sea of blue death screens. The cybersecurity company tried to apologize with an Uber Eats gift card but its roll out had some troubles as well, according to a report from TechCrunch.

CrowdStrike apparently tried to send its "teammates and partners" a $10 Uber Eats gift card on Tuesday. The gift card was an attempt to apologize for the global shutdown that locked up computer systems for banks, hospitals, airlines and more and “the additional work that the July 19 incident has caused,” according to TechCrunch’s source who received the message.

When some tried to use the gift card on Uber Eats, they only saw a screen telling them that the offer had been rescinded by the issuing party. CrowdStrike told us that Uber flagged it as a fraud because of high usage rates.

CrowdStrike blamed the global system outage on a bug in an update that contained “problematic data.” The bug forced machines running on Windows into a boot loop that caused mass delays at airports, delayed scheduled surgeries and other operations at hospitals and disruptions at banks and even the London Stock Exchange.

Correction: July 24, 2024, 4:45PM ET: This story originally claimed that Crowdstrike tried to apologize for its recent outage by sending customers an Uber Eats gift card. The company gave us the following statement: "CrowdStrike did not send gift cards to customers or clients. We did send these to our teammates and partners who have been helping customers through this situation. Uber flagged it as fraud because of high usage rates."

This article originally appeared on Engadget at https://www.engadget.com/crowdstrike-offers-a-10-uber-eats-card-to-say-sorry-before-pulling-the-offer-172605510.html?src=rss

Russia-linked hackers cut heat to 600 Ukrainian apartment buildings in the dead of winter, researchers say

Posted on by

Cybersecurity company Dragos has flagged malware that can attack industrial control systems (ICS), tricking them into malicious behavior like turning off the heat and hot water in the middle of winter. TechCrunch reports that’s precisely what the malware, dubbed FrostyGoop, did this January in Lviv, Ukraine, when residents in over 600 apartment buildings lost heat for two days amid freezing temperatures.

Dragos says FrostyGoop is only the ninth known malware designed to target industrial controllers. It’s also the first to specifically set its sights on Modbus, a widely deployed communications protocol invented in 1979. Modbus is frequently used in industrial environments like the one in Ukraine that FrostyGoop attacked in January.

Ukraine’s Cyber Security Situation Center (CSSC), the nation’s government agency tasked with digital safety, shared information about the attack with Dragos after discovering the malware in April of this year, months after the attack. The malicious code, written in Golang (The Go programming language designed by Google), directly interacts with industrial control systems over an open internet port (502).

The attackers likely gained access to Lviv’s industrial network in April 2023. Dragos says they did so by “exploiting an undetermined vulnerability in an externally facing Mikrotik router.” They then installed a remote access tool that voided the need to install the malware locally, which helped it avoid detection.

The attackers downgraded the controller firmware to a version lacking monitoring capabilities, helping to cover their tracks. Instead of trying to take down the systems altogether, the hackers caused the controllers to report inaccurate measurements — resulting in the loss of heat in the middle of a deep freeze.

Dragos has a longstanding policy of neutrality in cyberattacks, preferring to focus on education without assigning blame. However, it noted that the adversaries opened secure connections (using layer two tunneling protocol) to Moscow-based IP addresses.

“I think it’s very much a psychological effort here, facilitated through cyber means when kinetic perhaps here wasn’t the best choice,” Dragos researcher Mark “Magpie” Graham told TechCrunch. Lviv is in the western part of Ukraine, which would be much more difficult for Russia to hit than eastern cities.

Dragos warns that, given how ubiquitous the Modbus protocol is in industrial environments, FrostyGoop could be used to disrupt similar systems worldwide. The security company recommends continuous monitoring, noting that FrostyGoop evaded virus detection, underscoring the need for network monitoring to flag future threats before they strike. Specifically, Dragos advises ICS operators to use the SANS 5 Critical Controls for World-Class OT Cybersecurity, a security framework for operational environments.

This article originally appeared on Engadget at https://www.engadget.com/russia-linked-hackers-cut-heat-to-600-ukrainian-apartment-buildings-in-the-dead-of-winter-researchers-say-171414527.html?src=rss