Biomedical Engineer, Medical Student, Lincoln Democrat
13780 stories

Too Much


Read the whole story
6 hours ago
New York City
13 hours ago
New York, NY
Share this story

New research shows that, post net neutrality, internet providers are slowing down your streaming

1 Share

Have you ever noticed web content performing poorly out of the blue? Video footage becomes blurry. Web pages take longer to load.

If so, your internet service provider might be slowing down your data on purpose. It’s known as “throttling,” and it’s a way for a provider to ease congested network traffic.

But when one type of network traffic—say, video streaming—is throttled more than another, this is called differentiation. And according to Dave Choffnes, assistant professor of computer and information science at Northeastern, differentiation is also “what most people would refer to as a net neutrality violation.”

New net neutrality rules, born in 2015 and struck down two years later, were conceived to protect consumers’ ability to access all online information equally. During this short lifespan, Choffnes and two Northeastern students developed an app that could track violations of net neutrality.

Apple originally blocked the app, now called Wehe, from its App Store. But after ensuing media coverage caused a sharp increase in the number of Wehe users, Choffnes found himself with a wealth of data.

This data is now the subject of new research set to publish in early 2019, but its findings are already available—and making waves.

They’re all in on it

Working with a team from the University of Massachusetts Amherst, Choffnes confirmed a sneaking suspicion: “Nearly every U.S. cell provider is doing throttling.”

Using a previously established, peer-reviewed technique, the team conducted more than half a million data traffic tests across 161 countries. From this data, the team found that internet service providers are “giving a fixed amount of bandwidth—typically something in the range of one and a half megabits per second to four megabits per second—to video traffic, but they don’t impose these limits on other network traffic.”

Detected throttle rate for each app across internet service providers

The detected rate that the tested app is being limited to. The lower the rate, the more the app is being throttled by the internet service provider.

Hover over the graph to highlight an internet service provider

Data visualization by Lia Petronio/Northeastern University.

And because of differences in their users’ mobile data plans, internet service providers such as T-Mobile might throttle one user’s internet traffic but not the other’s, said Choffnes.

The team also observed that this behavior doesn’t seem to have a clear rationale.

“There’s no evidence that any of these policies are only happening during network overload,” said Choffnes. “They’re throttling video traffic even when the network doesn’t need to. It happens 24/7, and in every region where we have tests.”

Percent of tests with differentiation for each app across internet service providers

The higher the percentage, the more users experienced differentiation from that internet service provider.

Hover over the graph to highlight an internet service provider

Data visualization by Lia Petronio/Northeastern University.

What does this mean for me?

If your data traffic is being throttled, you’re bound to notice.

“It would be like watching a standard-definition television that’s 13 inches big from across the room,” said Choffnes. However, due to variability in the apps themselves, no single experience is ubiquitous.

Choffnes said content providers themselves can impose limits. Take the Netflix app, which defaults to low-quality video resolution. Unless they manually change this setting, said Choffnes, “most users, even without throttling, are going to see low-resolution video.”

However, the intention of Choffnes’s study was “to test whether an internet service provider is giving better or worse performance to one app’s network traffic versus another.” This happens outside of a user’s preference settings—as well as outside their awareness.

What’s the future of differentiation?

Choffnes contacted the Federal Trade Commission to report these findings, and he intends to continue collecting Wehe data to further supplement his research.

In the meantime, he offered advice to consumers on how they can find their footing in the ever-shifting landscape of net neutrality.

To start, he said, consider an internet service provider that doesn’t throttle. For example, if high-resolution video is a priority, research the megabits-per-second caps of different providers. After making the switch, cross-check a company’s specs using the Wehe app.

And, Choffnes said, don’t rule out the legal system. “If you think that net neutrality is something that should become law and not be subject to the whims of each administration and who they appoint to the FCC,” he said, “then encourage your representatives to pass effective and well-thought-out legislation that finally addresses this issue of net neutrality.”

Internet service providers have their own homework.

Choffnes urges providers to “only use throttling when you need to”—that is, only when a network is truly overloaded. If they did this, all users would see their traffic affected equally, regardless of whether they’re customers of T-Mobile or Boost.

Putting the management responsibility on internet service providers takes the burden off content providers. A company such as Google might have the resources and engineering muscle to adjust their own video quality as the need arises, but that’s a less realistic feat for “your next video startup with a skeleton crew that’s just trying to make things work.”

In a world of tech incumbents and differentiation, fairness is scarce. But with more responsibility placed on the internet service providers themselves, users could find themselves in a new age.

“This isn’t really about winners or losers,” said Choffnes. “If the network has enough resources to meet demand, everybody gets what they want.”

Read the whole story
13 hours ago
New York, NY
Share this story

'A public relations nightmare': Ticketmaster recruits pros for secret scalper program

1 Comment

Box-office giant Ticketmaster is recruiting professional scalpers who cheat its own system to expand its resale business and squeeze more money out of fans, a CBC News/Toronto Star investigation reveals.

In July, the news outlets sent a pair of reporters undercover to Ticket Summit 2018, a ticketing and live entertainment convention at Caesars Palace in Las Vegas.

Posing as scalpers and equipped with hidden cameras, the journalists were pitched on Ticketmaster's professional reseller program.

Company representatives told them Ticketmaster's resale division turns a blind eye to scalpers who use ticket-buying bots and fake identities to snatch up tickets and then resell them on the site for inflated prices. Those pricey resale tickets include extra fees for Ticketmaster.

"I have brokers that have literally a couple of hundred accounts," one sales representative said. "It's not something that we look at or report."

Music journalist Alan Cross suspects Ticketmaster's recruitment of scalpers might not sit well with the ticket-buying public. (Rachel Houlihan/CBC )

CBC shared its findings with Alan Cross, a veteran music journalist and host of the radio program The Ongoing History of New Music, who suspects the ticket-buying public will be far from impressed: "This is going to be a public relations nightmare."

He said there have been "whispers of this in the ticket-selling community, but it's never been outlined quite like this before."

"It does seem a bit stinky, doesn't it?"

By partnering with scalpers, Ticketmaster has done an about-face from its position of less than a decade ago when then-CEO Irving Azoff told U.S. legislators: "I believe that scalping and resales should be illegal."

Two floors above the slot machines and blackjack tables at Caesars, Ticketmaster was one of dozens of vendors and speakers at the convention, which bills itself as a "one-of-a-kind networking event" for industry leaders and small businesses alike.

CBC reporter Dave Seglins signed up as "David Geoffrey," a small-time scalper from Toronto with a fictitious company, DGS Promotions.

The ticketing convention was held at Caesars Palace in Las Vegas. (Darrin Zammit Lupi/Reuters)

With hidden cameras rolling, he mingled with some of the world's most successful scalpers, documenting candid accounts from players inside this notoriously secretive industry.

Casey Klein, Ticketmaster Resale director, held a session that was closed to the media called "We appreciate your partnership: More brokers are listing with Ticketmaster than ever before."

The audience heard that Ticketmaster has developed a professional reseller program and within the past year launched TradeDesk, a web-based inventory management system for scalpers. The company touts it as "The most powerful ticket sales tool. Ever."

A look at the convention floor, where top-level scalpers mingled with representatives from industry leaders such as Ticketmaster. (CBC )

TradeDesk allows scalpers to upload large quantities of tickets purchased from Ticketmaster's site and quickly list them again for resale. With the click of a button, scalpers can hike or drop prices on reams of tickets on Ticketmaster's site based on their assessment of fan demand.

Neither TradeDesk nor the professional reseller program are mentioned anywhere on Ticketmaster's website or in its corporate reports. To access the company's TradeDesk website, a person must first send in a registration request.

Not building a 'better mousetrap'

On the trade show floor, a handful of Ticketmaster salespeople handed out cupcakes, and at two cubicle workstations, they provided online demonstrations of TradeDesk.

One of the presenters, who was unaware he was speaking with undercover journalists, insisted that Ticketmaster's resale division isn't interested in whether clients use automated software and fake identities to bypass the box office's ticket-buying limits.

"If you want to get a good show and the ticket limit is six or eight ... you're not going to make a living on six or eight tickets," he said.

Watch as CBC News goes undercover to expose Ticketmaster's secret scalper program:

Ad : Playback will start after this advertisement

CBC News

Inside Ticketmaster's secret scalper program

Share Video

Playback Status: ready
Assigned test group: None
Identifier: mediaId 1323790404002
Asset: Undetermined
Bitrate: Undetermined
Streaming URL:
Events Log:

CBC News goes undercover to expose Ticketmaster's secret scalper program. 1:21

While Ticketmaster has a "buyer abuse" division that looks out for blatantly suspicious online activity, the presenter said the resale division doesn't police TradeDesk users.

"We don't share reports, we don't share names, we don't share account information with the primary site. Period," he said when asked whether he cares if scalpers use bots to buy their tickets.

CBC heard the same message from a different Ticketmaster employee during an online video conference demonstration of TradeDesk at an earlier stage of the undercover investigation back in March.

"We've spent millions of dollars on this tool. The last thing we'd want to do is get brokers caught up to where they can't sell inventory with us," he said when asked whether Ticketmaster will ban scalpers who thwart ticket-buying limits — a direct violation of the company's terms of use.

"We're not trying to build a better mousetrap."

Scalping pays

Ticketmaster, which is owned by Live Nation, the world's largest concert promoter, has made it clear to shareholders that it plans to expand further into the resale market.

As Part 1 of the CBC News/Toronto Star investigation revealed yesterday, resale tickets are particularly lucrative for Ticketmaster because the company charges fees twice on the same ticket.

So, for example, if Ticketmaster collects $25.75 on a $209.50 ticket on the initial sale, when the owner posts it for resale for $400 on the site, the company stands to collect an additional $76 on the same ticket.

Part 1 of the CBC News/Toronto Star investigation of Ticketmaster published Tuesday revealed how data journalists spent seven months tracking ticket sales for this Saturday's Bruno Mars concert at Toronto's Scotiabank Arena on the box-office giant's website. They found three key ways Ticketmaster helps drive up prices for fans. (Mario Anzuoni/Reuters)

CBC News obtained a copy of Ticketmaster's official reseller handbook, which outlines these fees. It also details Ticketmaster's reward system for scalpers. As scalpers hit milestones such as $500,000 or $1 million in annual sales, Ticketmaster will knock a percentage point off its fees.

The Ticketmaster employee who gave the video conference demonstration in March said 100 scalpers in North America, including a handful in Canada, are using TradeDesk to move between a few thousand and several million tickets per year.

"I think our biggest broker right now has probably grabbed around five million," he said.

Cross, who has spent the past two years researching online ticket sales, suspects some fans will read about this and conclude Ticketmaster is colluding with scalpers.

"On one hand, they say, 'We don't like bots,' but on the other hand, 'We have all these clients who may use bots.'"

Imbalance of supply and demand 

Ticketmaster has declined repeated requests for an interview.

CBC and the Toronto Star submitted a list of specific questions about the company's scalper program.

In a statement to CBC News, the company made no mention of the program, nor did it comment on its recruitment effort in Las Vegas.

Ticketmaster did say that as long as there is an imbalance between supply and demand for live events, "there will inevitably be a secondary market."

"As the world's leading ticketing platform, representing thousands of teams, artists and venues, we believe it is our job to offer a marketplace that provides a safe and fair place for fans to shop, buy and sell tickets in both the primary and secondary markets," wrote Catherine Martin, senior vice-president of communications, based in Los Angeles.

But Richard Powers, associate professor at the University of Toronto's Rotman School of Management, says what Ticketmaster is doing is unethical.

With its near monopoly on box-office tickets, Ticketmaster should not also be allowed to profit from the scalping of those same tickets, he says.

"Helping to create a secondary market where purchasers are duped into paying higher prices and securing themselves a second commission should be illegal."

For Alan Cross, the program raises a series of ethical questions:

  • Is this a legitimate form of commerce?
  • Does it violate any consumer protection laws?
  • Is it transparent and fair to consumers?

"It is probably going to trigger some questions," he said, "and if not from governments, certainly from the general public."

— With files from the Toronto Star's Robert Cribb and Marco Chown Oved

Read the whole story
16 hours ago
And this is why I refuse to buy tickets for Ticketmaster venues.
New York, NY
15 hours ago
Glad I quit when I did.
Share this story

In Secret Calls, Putin Cultivated Trump’s Anger at the “Deep State”

1 Comment and 2 Shares

Yet more evidence that Vladimir Putin has continued to ply President Trump with opposition to US intelligence and the so-called “deep state” during their conversations since President Trump entered the White House. Not surprising and yet stunning passage in this excerpt from Greg Miller’s new Trump book …

Trump’s admiration for the leader of Russia was inexplicable and never wavered after taking office. He praised the Russian leader, congratulated him, defended him, pursued meetings with him, and fought virtually any policy or punitive measure that might displease him.

A trained intelligence operative, Putin understood the power of playing to someone’s insecurities and ego. On cue, he reciprocated with frequent praise for the president he had sought to install in the White House.

In phone conversations with Trump, Putin would whisper conspiratorially, telling the U.S. president that it wasn’t their fault that they could not consummate the relationship that each had sought. Instead, Putin sought to reinforce Trump’s belief that he was being undermined by a secret government cabal, a bureaucratic “deep state.”

“It’s not us. We get it,” Putin would tell Trump, according to White House aides. “It’s the subordinates fighting against our friendship.”

Why do we think President Trump insisted on a private meeting with Putin in Helsinki, with no aides present?

Read the whole story
17 hours ago
New York, NY
Share this story

How to Stop Spam Robocalls With STIR/SHAKEN

1 Comment

By every measure available, robocalls and spam phone calls have reached epidemic levels. Unwanted calls are by far the largest source of consumer complaints to the FTC, up to 7.1 million in 2017 versus 5.3 million in 2016. YouMail estimated that there were 3.4 billion robocalls placed in April of 2018, up from 2.5 billion in April of 2017. Phone-verification service Truecaller reports that while in 2014 the average American received 15 spam phone calls a month, by 2018 the average American was getting slammed with 23 spam phone calls a month.

It’s the reason I never pick up my phone if someone isn’t in my contact list, and why you probably don’t either. On an average day, I get more spam phone calls than legitimate calls, and it’s been that way for years at this point.

The Telephone Consumer Protection Act of 1991 ostensibly should protect against these calls, but rapid advances in technology have quickly outstripped what Congress could imagine 27 years ago. The FCC has declared war on robocall spam, forming a “Robocall Strike Force” in 2016, and on May 11 of this year, the FCC hit a robocaller named Adrian Abramovich, who made over 96 million robocalls, with a fine of $120 million, the largest ever levied by the FCC. But with 111 million robocalls being placed every day, Abramovich is just a drop in the ocean. Fines and FCC regulation aren’t going to solve this problem. Cheap and easy-to-use technology is to blame for the rising flood of robocalls in the U.S. — so it will likely be technology that stops it.

Phone spam skyrocketed thanks to two things. The first is the rise of the Voice over Internet Protocol (VoIP), a series of standards that allow users of services like Skype or Google Voice to call someone halfway around the world for nearly nothing. It’s been a major boon, drastically lowering the cost for people around the world to communicate, but it also means that open-source software can let a single computer hooked up to the web make thousands of calls an hour. Buy a dozen dirt-cheap PCs, and you can easily place hundreds of thousands of calls an hour, from anywhere in the world to anywhere in the world.

The second is the easy ability of anyone to “spoof” a phone number. Spoofing is the technique of faking the number that shows up on your phone’s caller ID. There can be legitimate reasons to spoof a phone number — a dentist’s office calling to make sure you’re coming in for a checkup may want to make sure it always shows up as the same outbound number, even if someone from a specific extension is making the call. But spoofing, by and large, is used by spammers and scammers to fake you out. “Neighbor spoofing,” a relatively new technique, mimics target telephone numbers’ area codes and local exchange numbers — this is why in the past year or so, you’ve suddenly been hit with a tremendous number of calls from phone numbers nearly identical to yours. (In my case, I’ve gotten a spam phone call from my own telephone number.) In more nefarious hands, spoofing can be used to mimic your bank, the IRS, your electric company, or any other organization where you might be inclined to divulge financial details.

Almost no one wants to end VoIP. But spoofing phone numbers? That could be stopped — and since mid-2015, a consortium of engineers from phone carriers and others in the telecom industry have worked on a way to do exactly that, worried that spam phone calls could eventually endanger the whole system. “We’re getting to the point where nobody trusts the phone network,” says Jim McEachern, principal technologist at the Alliance for Telecommunications Industry Solutions (ATIS.) “When they stop trusting the phone network, they stop using it.”

The solution: the STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs) standards. The idea: make it so every phone has a certificate of authenticity attached to it — a kind of digital signature — that allows you to once again trust your caller ID.

The (greatly) simplified way this would work: Someone would place an outbound call. That call would contain a certificate verifying that the call is indeed coming from the number it claims to be coming from. The phone call is passed along to the incoming carrier (e.g., AT&T), which would then check the certificates public key against a heavily encrypted private key. A policy administrator, run by the telecom industry with oversight from the FCC, would be in charge of handing out certificates and making sure everything is on the level.

For people with passing knowledge of how the modern web works, the STIR/SHAKEN authentication schema may seem familiar. The vast majority of sites you visit on the modern web use SSL certificates, and web browsers like Chrome will increasingly warn you away if a website’s certification seems hinky. The matching of a public key against a private one is the foundation of modern cryptography like PGP. “The telephone network we have now is laughably nonsecure,” says Jim Dalton, CEO of TransNexus, a software firm dedicated to fighting telecom fraud. “This is applying the lessons of data networks to telephone networks.”

STIR/SHAKEN has spent the last year or so running in a test-bed environment overseen by ATIS. Companies are currently testing out their networks, software, and infrastructure on STIR/SHAKEN, with small federations of phone companies all agreeing to trust one another’s certificates — a system that doesn’t easily scale. For this system to work, carriers on both sides of a phone call need to be involved. Verizon has stated that it plans to begin to implement STIR/SHAKEN in parts of its network this year, with a bigger rollout scheduled for 2019. Other carriers, per McEachern, will likely follow suit.

So what does it look like when your phone starts to buzz with an incoming call in a world where STIR/SHAKEN is in place? “It’s still a matter for debate,” says McEachern. “There isn’t consensus for what should be done. Work is still proceeding irrespective of that.”

One option would be for your phone to display something like a verification check mark on every inbound call that has an authentication certificate, affirming that if you’re getting a call from the IRS, it is indeed the IRS. This wouldn’t immediately stop the plague of robocalls, but it would at least allow you to pick up the phone with confidence.

Another option: Most of the major carriers are already using back-end analytics tools to build out spam and block lists, but these are hamstrung by the fact that they can only really rely on the incoming phone number, which is easily spoofed. A world with STIR/SHAKEN provides much more information about the point of origin, and allows for a spam-blocking system with much greater insight and accuracy. Instead of seeing whether a call is verified or not, you may simply stop getting most of the spoofed robocalls that litter your missed-calls list today.

A world with STIR/SHAKEN won’t be a telephonic utopia. Legacy systems like older landlines and rural phone systems wouldn’t be able to take advantage (though they could start cribbing from the spam and blocking lists used by other carriers). Legitimate VoIP users on services like Skype or Google Voice may need to jump through a few extra hoops to verify that they are who they say they are. As it’s currently envisioned, STIR/SHAKEN will only work in the U.S., and robocalls and phone spam are at this point a global problem. And STIR/SHAKEN will also add some overhead to phone companies, a cost that phone companies may pass along to customers.

It’s also entirely possible that phone spammers will simply change up tactics. Right now, many overseas call centers utilize VoIP calling, but route all of that activity through a private branch exchange (PBX) based in the United States — meaning it appears as a phone call originating in the U.S. While STIR/SHAKEN would mean that robocalls originating from suspect PBX operators would start to get marked as spam, right now it’s relatively easy to simply set up shop all over again. The hope is that an industry-led regulatory body is nimble enough to catch spammers as they adapt, and update standards accordingly.

And it doesn’t mean that you’ll never get an unwanted phone call ever again. “The fact that a phone number is verified doesn’t mean it’s a good call,” says McEachern. “Dr. Evil could get a verified phone number. You still don’t want a call from Dr. Evil.”

Right now, our phones are rapidly becoming like the spam-stuffed email in-boxes of an earlier internet era. But Bayesian spam-filtering and other techniques began to evolve for email in-boxes, allowing for spam to be shunted off into spam folders. The key insight that defeated email spam was that it would be nearly impossible to stop email spammers; it was too cheap to send out emails and too easy to set up shop nearly anywhere in the world and reach millions of people. But it was possible to make it so that the average person never saw that spam. As spam stopped showing up in in-boxes, it stopped bringing in as much money, and email spam overall went on the decline.

The STIR/SHAKEN authentication uses the same strategy. There is a whole cottage industry set up to support phone spam, employing people around the globe. But eliminate the ability for spammers to impersonate any phone number at will, and the economics stop making as much sense — and you can once again start picking up your phone when it rings.

Read the whole story
17 hours ago
I need this so much.
New York, NY
Share this story

Mirai botnet creators praised for helping FBI, won’t serve prison time

1 Comment

Jason Alden/Bloomberg via Getty Images

More than nine months ago, three men pleaded guilty to creating and operating the Mirai and Clickfraud botnets.

However, on Tuesday, after prosecutors announced that the men had provided "extensive" and "exceptional" assistance to federal law enforcement, a federal judge in Alaska sentenced each of them to just five years of probation—no prison time.

The men, Paras Jha, 22, of Fanwood, New Jersey; Josiah White, 21, of Washington, Pennsylvania; and Dalton Norman, 22, of Metairie, Louisiana, will continue to cooperate with the FBI.

In particular, prosecutors called out their assistance in the 2017 federal takeover of the Kelihos botnet.

Additionally, the Mirai trio helped thwart online fraud, prevent further DDOS attacks, mitigate an attack that leveraged a weakness in servers using the Memecache object caching system, and even assisted researchers investigating an attack from a possible state actor.

As Ars reported in October 2016, Mirai degraded or completely took down Twitter, GitHub, the PlayStation network, and hundreds of other sites by targeting Dyn, a service that provided domain name services to the affected sites.



to being behind Mirai, according to court documents that were unsealed late last year. The Rutgers University computer science student was originally publicly


as a likely suspect in January 2017 by Brian Krebs, a well-known independent computer security journalist.

In a sentencing memorandum submitted on September 11, 2018, Adam Alexander, a federal prosecutor, marveled at how the men could be so notorious in the online DDOS community, and yet at the same time, "socially immature young men living with their parents in relative obscurity."

"That gulf between their online personas and the reality of their daily lives offline is mirrored in the gulf between the sophistication and significance of their criminal botnet activities both in terms of the Mirai botnet and the successor Clickfraud scheme," Alexander continued.

"Collectively, the three were much more talented at building a botnet than they were at successfully monetizing their criminal activity, although they demonstrated a marked and unfortunate degree of refinement when they transitioned from Mirai to Clickfraud. It is fortunate to all involved that their activities were disrupted, and it is worthwhile to note that if they hadn’t there is every reason to believe that they would still be engaging in significant cyber crime in the United States and abroad."

Ultimately, he concluded: "All three have significant employment and educational prospects should they choose to take advantage of them rather than continuing to engage in criminal activity."

Read the whole story
17 hours ago
New York, NY
Share this story
Next Page of Stories