Vu sur le web > Android : près de 20.000 apps vous espionnent à votre insu !

http://bit.ly/2N8yrTr

Des éditeurs, dont certains parmi les plus populaires, font fi des règles de bonne conduite de Google, et enregistrent et conservent des données confidentielles des utilisateurs.

Des chercheurs de l’International Computer Science Institute en Californie ont fait une découverte troublante. Selon un article publié ce 14 février, seulement un tiers des applications qui collectent des données personnelles respectent la politique de Google. Les autres associent des informations à l’identifiant de publicité pour créer un historique permanent de toutes les activités de l’utilisateur.

En 2013, Apple et Google ont ainsi ajouté un identifiant publicitaire à leurs systèmes d’exploitation mobiles, et le principe est simple. Les applications peuvent utiliser cet identifiant pour suivre les utilisateurs, afin de leur offrir des publicités ciblées. Cet identifiant peut être réinitialisé, un peu comme effacer l’historique de navigation. Les utilisateurs peuvent également désactiver cet identifiant pour ne pas être suivis.

Une politique de bonne conduite ignorée

En théorie, cela fonctionne plutôt bien. Les deux géants ont mis en place une politique qui interdit les applications d’associer l’identifiant de publicité à d’autres informations sans le consentement de l’utilisateur, et que toute association d’informations est interdite en ce qui concerne la publicité. C’est ici que se situe le problème. Sur Android, les éditeurs d’applications ne suivent pas ces indications et n’hésitent pas à collecter des informations comme l’adresse MAC, l’identifiant Android (qui ne peut être changé qu’en réinitialisant l’appareil) ou l’IMEI, cet identifiant unique à l’appareil impossible à modifier.

Parmi les coupables se trouvent des applications installées plus d’un milliard de fois, comme Subway Surfers et l’antivirus Clean Master. On y retrouve également des jeux populaires comme Angry Birds Classic ou Temple Run 2. En tout, ce serait environ 17.000 applications qui violent la vie privée des utilisateurs. L’auteur de la publication, Serge Egelman, indique avoir envoyé ces informations à Google voici déjà cinq mois, sans avoir eu de retour…

Intéressé par ce que vous venez de lire ?

Abonnez-vous à la lettre d’information La quotidienne : nos dernières actualités du jour.

Cela vous intéressera aussi

Vous avez aimé cet article ? N’hésitez pas à le partager avec vos ami(e)s et aidez-nous à faire connaître Futura 🙂 ! La Rédaction vous remercie.

via Les dernières actualités de Futura-Sciences http://bit.ly/2BwMwEI

February 15, 2019 at 05:38PM

Vu sur le web > ThisPersonDoesNotExist.com uses AI to generate endless fake faces

http://bit.ly/2N6ljhu

A few sample faces — all completely fake — created by ThisPersonDoesNotExist.com

The ability of AI to generate fake visuals is not yet mainstream knowledge, but a new website — ThisPersonDoesNotExist.com — offers a quick and persuasive education.

The site is the creation of Philip Wang, a software engineer at Uber, and uses research released last year by chip designer Nvidia to create an endless stream of fake portraits. The algorithm behind it is trained on a huge dataset of real images, then uses a type of neural network known as a generative adversarial network (or GAN) to fabricate new examples.

“Each time you refresh the site, the network will generate a new facial image from scratch,” wrote Wang in a Facebook post. He added in a statement to Motherboard: “Most people do not understand how good AIs will be at synthesizing images in the future.”

The underlying AI framework powering the site was originally invented by a researcher named Ian Goodfellow. Nvidia’s take on the algorithm, named StyleGAN, was made open source recently and has proven to be incredibly flexible. Although this version of the model is trained to generate human faces, it can, in theory, mimic any source. Researchers are already experimenting with other targets. including anime characters, fonts, and graffiti.

As we’ve discussed before at The Verge, the power of algorithms like StyleGAN raise a lot of questions. On the one hand there are obvious creative applications for this technology. Programs like this could create endless virtual worlds, as well as help designers and illustrators. They’re already leading to new types of artwork.

Then there are the downsides. As we’ve seen in discussions about deepfakes (which use GANs to paste people’s faces onto target videos, often in order to create non-consensual pornography), the ability to manipulate and generate realistic imagery at scale is going to have a huge effect on how modern societies think about evidence and trust. Such software could also be extremely useful for creating political propaganda and influence campaigns.

In other words, ThisPersonDoesNotExist.com is just the polite introduction to this new technology. The rude awakening comes later.

via The Verge – All Posts http://bit.ly/1jLudMg

February 15, 2019 at 01:45PM

Vu sur le web > Connaissez-vous, Mycroft assistant vocal Open-source ?

http://bit.ly/2V09zQe

Les assistants vocaux couramment connus tels que Siri, Alexa, Google et Cortana utilisent la technologie de traitement du langage naturel pour interpréter la parole et répondre dans un langage courant. Apple, Amazon et Google sont à l’origine de cette innovation, mais ont malheureusement un écosystème de développeurs fermé.

Chez Mycroft, le premier assistant vocal en IA à source ouverte au monde. Mycroft est gratuit à télécharger et à utiliser, et les développeurs sont invités à modifier son code pour en développer et en améliorer les fonctionnalités. Plus de 700 développeurs indépendants apportent déjà une contribution au logiciel Mycroft. La campagne Kickstarter de Mycroft AI en 2015 a financé son produit initial, le “Mark One”, un haut-parleur intelligent fonctionnant de manière similaire à Amazon Echo et Google Home. Mais le Mark One n’est que le point de départ de Mycroft, qui fonctionne également sur le bureau et peut être intégré à n’importe quel appareil. Depuis ils ont sorti le Mark II en décembre qui aura bientôt un lancement officiel. Créer un AV demande beaucoup de temps, actuellement, ils ont 5 équipes sur le sujet : l’équipe Aaware est le point central de tout le matériel, et l’équipe KDE aide à faire ressortir le côté graphique. Mycroft Design travaille aux niveaux mécanique et UX, et les développeurs Mycroft travaillent à rassembler toutes les nouvelles pièces pour que le Mark II fonctionne réellement.

L’idée de la plateforme est de pouvoir activer la voix de n’importe quel appareil et de le transformer en assistant personnel intelligent, capable d’exécuter diverses tâches en utilisant les compétences. Il permet à l’utilisateur de d’avoir son propre assistant vocal privé qui ne se connecte pas à un serveur pour collecter des données, promet de ne jamais collecter ni stocker vos données, même de manière anonyme. Il comporte un ensemble de 8 microphones, un son de haute qualité et un écran de visualisation.

Vie privée

En décembre un utilisateur d’Alexa a été autorisé par erreur à accéder aux archives d’enregistrements d’ un tiers, ce qu’Amazon a qualifié d’erreur humaine. C’est possible mais bien que ce ne soit pas une excuse, car l’erreur humaine sera toujours un facteur de risque chaque fois qu’une entreprise collecte des données sensibles non cryptées. l’Intercept a rapporté que les caméras de sécurité Ring compatibles Amazon étaient un moyen pour les employés de Ring et d’autres personnes extérieures à l’entreprise d’ accéder en direct aux flux des caméras de certains clients, y compris à l’intérieur de leur domicile ! Ces bogues indiquent que les appareils à commande vocale ne sont pas parfaitement sûrs et que même les sociétés de technologie les plus réputées sont sujettes à des erreurs susceptibles de compromettre occasionnellement les informations collectées par leurs assistants personnels.

Mycroft ne sera probablement jamais aussi complet que Alexa ou Google Assistant, mais l’approche open-source et l’accent mis sur la confidentialité des utilisateurs pourraient suffire à convaincre certaines personnes d’accepter les limitations. À ce stade il couvriraient environ 97% des besoins des assistant intelligent !!

via servicesmobiles.fr http://bit.ly/2HQxFvt

February 15, 2019 at 10:34AM

Vu sur le web > Use an 8-char Windows NTLM password? Don’t. Every single one can be cracked in under 2.5hrs

http://bit.ly/2SMXIb7

HashCat, an open source password recovery tool, can now crack an eight-character Windows NTLM password hash in less time than it will take to watch Avengers: Endgame.

In 2011 security researcher Steven Myer demonstrated that an eight-character (53-bit) password could be brute forced in 44 days, or in 14 seconds if you use a GPU and rainbow tables – pre-computed tables for reversing hash functions.

When developer Jeff Atwood said as much in 2015, the average password length was about about eight characters and there’s no indication things have changed much. With some 620 million stolen web credentials coming up for sale this week on a dark web market, now’s as good a time as any for a password review.

In a Twitter post on Wednesday, those behind the software project said a hand-tuned build of the version 6.0.0 HashCat beta, utilizing eight Nvidia GTX 2080Ti GPUs in an offline attack, exceeded the NTLM cracking speed benchmark of 100GH/s (gigahashes per second).

« Current password cracking benchmarks show that the minimum eight character password, no matter how complex, can be cracked in less than 2.5 hours » using that hardware rig, explained a hacker who goes by the pseudonym Tinker on Twitter in a DM conversation with The Register. « The eight character password is dead. »

It’s dead at least in the context of hacking attacks on organizations that rely on Windows and Active Directory. NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos. According to Tinker, it’s still used for storing Windows passwords locally or in the NTDS.dit file in Active Directory Domain Controllers.

More robust hashing algorithms take longer to crack, sometimes orders of magnitude longer. As a point of comparison, when IBM was getting hash cracking rates of 334 GH/s with NTLM and Hashcat in 2017, it could only manage 118.6 kH/s with bcrypt and Hashcat. But, given a suitably short password, those attempting to crack hashed passwords can break out their wallets and pay cloud services for the necessary compute arsenal.

Tinker estimates that buying the GPU power described would require about $10,000; others have claimed the necessary computer power to crack an eight-character NTLM password hash can be rented in Amazon’s cloud for just $25.

NIST’s latest guidelines say passwords should be at least eight characters long. Some online service providers don’t even demand that much.

When security researcher Troy Hunt examined the minimum password lengths at various websites last year, he found that while Google, Microsoft and Yahoo set the bar at eight, Facebook, LinkedIn and Twitter only required six.

Tinker said the eight character password was used as a benchmark because it’s what many organizations recommend as the minimum password length and many corporate IT policies reflect that guidance.

password

Either my name, my password or my soul is invalid – but which?

READ MORE

« Because we’ve pushed the idea of using complexity (upper case letters, lower case, numbers, and symbols), it’s hard for users to remember individual passwords, » Tinker said. « This does, among other things, cause users to pick the minimum length allowed, so that they can remember their complex password. As such, a large percentage of users choose the minimum requirements of eight characters. »

So how long is long enough to sleep soundly until the next technical advance changes everything? Tinker recommends a random five-word passphrase, something along the lines of the four-word example popularized by online comic XKCD, « correcthorsebatterystaple. »

That or whatever maximum length random password via a password management app, with two-factor authentication enabled in either case.

Via Twitter DM, HaveIBeenPwned admin Troy Hunt told The Register that while web apps are increasingly using better hashing algorithms than NTLM, like bcrypt, « I always make my passwords dozens of random characters generated by 1Password. » ®

via The Register http://bit.ly/2ji8wsU

February 15, 2019 at 12:03AM

Vu sur le web > Everything we know about the upcoming ‘HoloLens 2’

http://bit.ly/2GqEmmc

It’s been four years since Microsoft first introduced HoloLens to the world, so it shouldn’t be surprising to hear that the company is hard at work on its next-generation headset and has been for some time. Codenamed « Sydney, » here’s everything we know about the unannounced Microsoft « HoloLens 2. »

Alex Kipman, Technical Fellow, AI Perception and Mixed Reality at Microsoft recently tweeted a teaser video for its upcoming HoloLens 2 announcement, seemingly showcasing an undisclosed processor, along with other fabrics and materials that reminded us of the original Surface RT unveiling video.

HoloLens 2 hardware

Microsoft has already confirmed that the next HoloLens will have a new, custom Holographic Processing Unit (HPU) that will feature an AI coprocessor to natively and flexibly implement Deep Neural Networks. That means HoloLens 2 will be able to analyze visual data locally, without needing to send any data to the cloud. This should make HoloLens faster at recognizing objects and environments.

In addition to the new HPU, we hear that the next HoloLens will be powered by an ARM processor, likely the Snapdragon 850, and include LTE support for true-mobile holographic computing. Our sources suggest that the next HoloLens will be more mobile than ever, with longer battery life and an always-connected state. It is also likely that HoloLens 2 will include a wider field of view, something the original HoloLens was criticized for.

HoloLens 2 software

HoloLens 2 will run a version of Windows 10 built on Windows Core OS. This version of Windows 10 is codenamed Oasis, and is a Mixed Reality-specific experience that runs on HoloLens 2 and likely other Mixed Reality devices in the future. HoloLens 2 will also feature CShell, Microsoft’s new adaptable UI that works across all device types. They’re both complicated topics that I’ve previously delved deep into.

Microsoft has already introduced a number of user experience improvements to the Windows Mixed Reality experience on PC, including the ability to run Win32 programs directly within the Windows Mixed Reality environment, and updating the UI with more 3D elements and Fluent Design. We wouldn’t be surprised to see some of those improvements make their way to HoloLens 2 either.

HoloLens 2 release date

Microsoft is planning to announce HoloLens 2 in just a few short weeks, at an event at Mobile World Congress being held on February 24. Microsoft was originally going to announce HoloLens 2 a lot earlier, but it decided to wait because there is no immediate competition in the market, and it wanted HoloLens 2 to make a huge splash with new features, experiences, and capabilities.

Regarding a release date, there’s no official word on when we can expect HoloLens 2 to be made available. Once HoloLens 2 is announced at the end of February, it could be anywhere from a few weeks, to a few months, or even longer, before HoloLens 2 is available to buy. This all depends on whether or not Windows Core OS for HoloLens 2 is ready. There’s also no word on pricing, although we’d like to think it’ll start at lower than $3000 this time.

More to come

We’ll continue to update this page with new information as it appears. In the meantime, what are you hoping HoloLens 2 includes? Let us know in the comments!

Updated February 13, 2019: We’ve updated this article with the latest information available from our sources and online.

via Windows Central http://bit.ly/1U7P7Lk

February 14, 2019 at 06:02PM

Vu sur le web > Do You Miss Touch ID? I Certainly Don’t

http://bit.ly/2E8RB8B

With the launch of the iPhone XS and XR last year, Apple has gone all-in on Face ID. And while there may be some users who miss the fingerprint sensor, I’m not one of them.

The latest batch of new iPhones that came out in September 2018 was the first not to include Touch ID at all. After owning my first Touch ID-less iPhone for several months now, I can’t say that I’m upset by this move from Apple.

Face ID Is So Much More Convenient

Face ID animation

Touch ID is already pretty convenient—way more convenient than typing in a passcode every time—but Face ID takes it to a whole new level. It’s like Touch ID, but you don’t even have to scan your fingerprint.

Both techniques still require a bit of action on your part to unlock the phone and get to the home screen, but with Face ID it’s just a swipe up from the bottom. Whereas with Touch ID, you have to make sure to place your finger in a specific location on the phone and then wait for it to unlock.

In other words, you don’t even really have to think about unlocking your phone with Face ID. Instead, it just happens, and that’s the kind of convenience I’m after.

It’s More Accurate Than Touch ID Ever Was

Touch ID on the iPhone 6

Having used Face ID for a while now, I can say that the number of times it hasn’t recognize my face has been a lot less than the number of times Touch ID hasn’t recognized my fingerprint.

Read the remaining 9 paragraphs

via the How-To Geek http://bit.ly/2f5IBTe

February 14, 2019 at 04:26PM

Vu sur le web > Un retour haptique pour le clavier de Google sur iOS

http://bit.ly/2SOmFCZ

La firme de Mountain View met à jour son application Gboard en version 1.40.0, ajoutant ainsi le retour haptique lors de la frappe. Le logiciel se fait fort de vous faire ressentir une légère vibration (comme sur de nombreux appareils Android) lors de l’activation des touches, et ce gratuitement. Gboard est d’ores et déjà disponible gratuitement sur l’App Store iOS. Il faudra disposer de 100,1 Mo d’espace de stockage libre, et d’un appareil sous iOS 10 minimum. Le retour haptique nécessite un iPhone 7, ou plus récent. [Gboard]

via Mac4Ever.com http://bit.ly/1wMqzWG

February 14, 2019 at 05:30PM

Vu sur le web > Now that Amazon has bought eero, it’s time for Apple to revive the AirPort line

http://bit.ly/2DEhlbz

“After Apple discontinued its AirPort line-up (which was a mistake), one of my favorite replacements was the eero home Wi-Fi system, which is handsome, easy-to-use, and pricey,” Dennis Sellers writes for Apple World Today. “In other words, it’s a product Apple could’ve/should’ve made.”

Sellers writes, “Now that Amazon has scooped up eero, I wish the tech giant would revive the AirPort Express, AirPort Extreme, and AirPort Time Capsule.”

“I know that Apple may be spreading its resources over a lot of product lines,” Sellers writes, “but since the company wants to make connectivity and computing as simple as possible, it seems strange that they don’t want to control such an essential part of the home online experience.”

 
Read more in the full article here.

MacDailyNews Take: As we wrote on Tuesday:

Most people aren’t going to make the extra effort to learn about Wi-Fi hardware, spend extra money and install it. They’re just going to settle for whatever rented device(s) their ISP offers. In fact, as owners of their own Wi-Fi hardware know, the ISP usually doesn’t go out of their way to help with such setups. That’s likely why Apple exited the business. The market is just too small and the cost of educating consumers as to why they might want something better than their ISP’s rented box(es) is too high.

SEE ALSO:
Why didn’t Apple buy eero instead of Amazon? – February 12, 2019
Amazon.com to buy mesh wi-fi system-maker eero for an undisclosed amount – February 11, 2019
Apple exited the home Wi-Fi market at the wrong time – December 31, 2018
Apple removes all AirPort products from online and retail stores – November 17, 2018
How to set up your home network for many Apple TVs, Macs, iPhones, and iPads – June 12, 2018
Apple begins to sell out of AirPort base stations – May 17, 2018
Requiem for the AirPort base station: A testament to everything Apple was and isn’t anymore – April 27, 2018
Apple makes yet another short-sighted decision: Apple has discontinued a product that it should have made a cornerstone of its home automation and entertainment ecosystem – April 27, 2018
Apple’s decision to discontinue AirPort products is the wrong decision at the wrong time – April 27, 2018
Apple pulls plug on AirPort Wi-Fi router business – April 26, 2018
eero’s new mesh WiFi system packs more power in an Apple-esque design – June 29, 2017
AppleInsider reviews eero Wi-Fi: ‘A solid option for Apple’s outgoing AirPort’ – February 27, 2017
With eero, you can kiss slow Wi-Fi goodbye forever – February 10, 2017

via MacDailyNews http://macdailynews.com

February 14, 2019 at 05:33PM

Vu sur le web > Xbox Game Pass increases sales and playtime says Microsoft

http://bit.ly/2E8tPtE

Xbox Game Pass is a subscription service which costs $9.99 per month. Customers gain access to over a hundred games — ranging from smaller experiences to massive blockbusters — for a limited time. Just like Netflix, some titles are permanent additions while others rotate in and out. Since the service launched, many gamers have been asking Microsoft how many subscribers it has. While usually the company doesn’t comment on sales figures, during an interview between Microsoft’s Executive Vice President of Gaming Phil Spencer and LevelUp, the former revealed a general count. There are « millions of subscribers » already.

However, what does this mean for Microsoft? How does Xbox Game Pass help the company? Luckily, the Head of Planning at Xbox Game Pass Matt Percy provided some answers. Nico Partners’ Daniel Ahmad compiled some information from a report by The Sydney Morning Herald. Microsoft has seen the following growth as a result of Xbox Game Pass.

  • 20 percent increase in playtime.
  • 40 percent increase in number of games played.
  • Whenever new games enter Xbox Game Pass, active players double.
  • 25 percent increase in preorders.
  • 10 percent increase in franchise sales.

These are definitely impressive results, especially the fact that there is a 40 percent increase in the number of games subscribers play. It’s great to see that Xbox Game Pass is doing so well. Hopefully the trend will continue in the future as more high-profile titles join the service.

Do you pay $9.99 a month for Xbox Game Pass? Let us know. What do you want out of the service in the future?

Netflix for games


Play over 100 games for one low price per month

Xbox Game Pass has a lot of important games like Shadow of the Tomb Raider and much more. There is a promotion going on right now which discounts it to just $2.

This post may contain affiliate links. See our disclosure policy for more details.

via Windows Central http://bit.ly/1U7P7Lk

February 14, 2019 at 05:12AM

Vu sur le web > À cette vitesse, Netflix aura plus d’abonnés que Canal+ avant 2021

http://bit.ly/2ByVPEV

Netflix a confirmé au quotidien Le Figaro que la plateforme venait de passer le cap des 5 millions d’abonnés en France, un chiffre impressionnant qui le rapproche peu à peu du concurrent national Canal+.

Netflix se rapproche dangereusement du français Canal+

Si Netflix vient de passer les cinq millions, Canal+ dispose d’environ huit millions d’abonnés en France, mais il atteint ce nombre seulement lorsque l’on prend en compte le fait que certains clients souscrivent une offre en passant par un opérateur de télécoms. Si l’on ne prend pas en compte cet élément, le service français compte un peu plus de 4,7 millions d’abonnés.
En comparaison, Netflix disposait de près de 3,5 millions d’abonnés en France en avril dernier, selon des chiffres que la société n’avait pas confirmés officiellement.
Dans les faits, cela signifie que Netflix est en train de rattraper le numéro un de la télévision payante à grande vitesse. Voilà presque cinq ans que la plateforme américaine a fait son arrivée en France, à raison d’un million d’abonnés par an, cela signifierait qu’elle atteindrait les huit millions de Canal+ en 2021, dans quelques années.

Néanmoins, il ne serait pas étonnant que Netflix passe définitivement devant Canal+ avant cette date-là, principalement parce que ce dernier connaît une perte de vitesse depuis de longs mois maintenant. Cet été, il a été révélé que le service avait perdu de nombreux abonnés sur la dernière année, une perte que le groupe n’avait pourtant pas attribuée à son concurrent américain Netflix.

Reste à savoir si Canal+ trouvera une solution pour éviter que Netflix ne finisse par le dépasser, une situation qui semble pourtant inévitable.
Rappelons que Netflix prépare plusieurs séries françaises dont les sorties sont prévues cette année et les suivantes. Après Marseille et Plan Cœur, c’est Osmosis qui fera son arrivée sur la plateforme dans environ un mois. Pour l’instant, celle-ci a diffusé quelques images sans pour autant partager de bande-annonce.

Source

via Presse-Citron http://bit.ly/2oo2RED

February 13, 2019 at 05:22PM