In November 2019, Google accidentally archived videos from users into unrelated photo archives. As a result, a small group of people may find videos in this archive that aren’t theirs. At the same time, their videos may have been made available to others.
Google today sent an email to people who exported their Google Photos library between 21 and 25 November 2019. Google Photos is the default backup app for many Android phones and is also a popular choice for iPhone users, because it offers unlimited backups of photos and videos.
In the space of 4 days, those who downloaded an archive of their photos and videos for offline use were affected by an issue where “some videos in Google Photos were incorrectly exported to unrelated users’ archives”.
Users were also told that “one or more videos in your Google Photos account was affected by this issue”.
To understand the root cause of the issue, one has to be cognisant of how data is stored in the “public cloud”, what that means, and who’s paying for unlimited data storage. Using the public cloud means you’re using someone else’s computer to store your data or run computations. That means “the cloud” in this case is just several thousand computers that work for Google in storing and computing data.
One must always keep an important question in mind: if this is free, who’s paying for it? In this case, the users were paying for it. Google Photos needed (and still needs) a vast amount of photos to train its facial recognition software, which it plans to sell at a later stage.
What went wrong was that they collected photos and videos into temporary folders on their cloud machines with no privilege controls. Then they zipped those folders and gave users a link to download. One can assume that, under high volumes of archive requests, these temp files may not have been deleted before the next batch was processed.
Jon Oberheide, CTO at Duo Security, tweets about how he may have been affected.
Google will probably make more apologies about the issue in further communications. However, the virtual cat is out the bag with this one, because once data is downloaded, Google has no control over it. This issue extends far beyond just applying a bug fix or a patch and moving on.
In Google’s communication, it recommended users perform another export of their content and that they “delete prior exports at this time”.
Our recommendation, in future, is to make encrypted backups by yourself, whether it be in the cloud or on-site, as long as you are the only person with the decryption keys, so that events like these will be extremely unlikely to affect you. Gadget and many security professionals recommend using OwnCloud for backups because it’s secure, open-source, and reasonably simple to set up for home use.
South Africa hit by slow Internet
Internet service providers are warning customers of an Internet outage across South Africa because of cable breaks on international connectivity cables, writes BRYAN TURNER.
Got slow Internet connectivity? So does the rest of South Africa.
The latest we’ve heard is an alert from Internet service provider Webafrica is that there are major outages across all South African Internet providers. The cause is due to cable breaks on the WACS and SAT3 systems, which connect South Africa to the rest of the world.
WACS runs from Yzerfontein in the Western Cape, up the West Coast of Africa and terminates in the United Kingdom, while SAT3 runs from Melkbosstrand also in the Western Cape, up the West Coast and terminates in Portugal and Spain. Alternative cables include ACE (Africa Coast to Europe), which also runs up the West Coast. The SEACOM cable runs from South Africa, up the East Coast of Africa, terminating in both London and Dubai. The EASSy cable also runs from South Africa, up the East Coast, terminating in Sudan, from where it connects to other cables.
As a result, using international websites and services, which include VPNs (virtual private networks) may result in latency – decreased speeds and response times.
Not all hope is lost, though. All international traffic is being redirected via alternative cable routes. Although this form of redundancy should mean no loss in access speeds, the complexity of interconnections between service providers, and delays in switching over, result in decreased speeds and increased latency. Packet loss is likely to affect those using voice and video communication services, so expect scratchy and grainy communications.
Downdetector, which tracks reports of outages, has reflected a spike in reports of outages at Afrihost since 10.30am today (16 January), peaking at 3pm. Telkom saw an even more pronounced spike over the same period, also peaking at 3pm.
Update (10:30 am, 17 Jan): Infrastructure provider, Openserve, has confirmed that it had been liaising with both the WACS and SAT3/WASC undersea cable consortiums in order to determine the loss of service on both submarine cable systems.
The unusual and simultaneous dual cable break has resulted in customers, that are connected to Openserve’s global capacity clients, experiencing reduced speed on international browsing. International voice calling and mobile roaming have also been impacted.
Through continuous liaison with the technical fault investigation teams of both cable consortiums, Openserve has ascertained that the SAT3/WASC break is in the Libreville, Gabon vicinity and that the WACS breakpoint is in the vicinity of Luanda, Angola.
Update (11:30 am, 21 Jan): The ship that is being sent out to repair the cable was unable to leave the port this weekend, due to bad weather. According to the SA National Research and Education Network (SANREN): “The weather situation in Cape Town has improved and the port reopened. The cable vessel expects to shift to the cable depot quay.”
The ship is expected to take a few days to get to the repair site. SANREN also said in a tweet that it may take another week to repair the cable.
Update (3:00 pm, 21 Jan): Openserve has received confirmation this morning, from the Chief of Mission aboard the vessel, that the ship is being loaded with submarine-rated optic fibre cable, repeaters, all test gear and jointing kits.
Once the loading is concluded, the vessel will depart to the break location to undertake the repair. The Chief of Mission anticipates that all loading will be completed by the evening of Wednesday, 22 January, should all go according to plan.
Gadget will update this article on developments of the connectivity being restored.
MTN accused of terror support
MTN has been included in a lawsuit filed in the United States on behalf of Americans killed or wounded in Afghanistan, accusing it of making payments to the Taliban.
MTN has issued a statement revealing that it is included in a complaint for violation of the Anti-Terrorism Act, filed in the United States District Court for the District of Columbia on 27 December 2019.
The complaint was filed on behalf of American service members and civilians, and their families, who were killed or wounded in Afghanistan between 2009 and 2017.
MTN said in the statement: “The Complaint alleges that several Western businesses supported the Taliban by, inter alia, making payments to ensure the protection of their infrastructure. The defendants named in the complaint are six different groups one of which is MTN and certain of its subsidiary companies including MTN Afghanistan.”
MTN says it is reviewing the details of the report and is consulting its advisers. However, it says, it “remains of the view that it conducts its business in a responsible and compliant manner in all its territories and so intends to defend its position where necessary”.
According to Wikipedia, there were about 32-million mobile phone subscribers in Afghanistan in 2016, with the first two carriers having been US-based Afghan Wireless, and Roshan.
A duopoly agreement between these carriers and the Ministry of Communications and Information Technology (MCIT) meant that no mobile operator could enter the Afghan telecom market until July 2006. The third GSM license was awarded to Areeba, a subsidiary of Lebanese firm Investcom, in September 2005 for a period of 15 years. MTN acquired Investcom for $5.53-billion in 2007, and Areeba was renamed MTN Afghanistan. In the last quarter of 2018, it reported having 6,257-million subscribers.
According to National Public Radio in the United States, the lawsuit states that the Taliban in 2005 began systematically approaching international businesses operating in Afghanistan, and offered them a choice: pay up, or else.
“Defendants paid the Taliban to leave them alone,” the suit alleges. “The payments saved Defendants money: it was cheaper to buy off the Taliban than it would have been to invest in the security necessary to mitigate the terrorists’ threats.”
The Complaint includes the following detail: “Specifically, the Taliban asked MTN and its competitors to “pay monthly protection fees in each province, or face having their transmission towers attacked.” The going rate was “usually in the range of $2,000 per tower, per month, but it depends on who controls the zone around each tower.” In some areas, MTN made payments to local Taliban commanders in exchange for protection from its fighters. In others – such as Helmand and Kandahar – MTN operated in a Taliban-controlled environment in which protection “payments must go directly to Quetta.”
MTN has also been accused of deactivating its cellular towers at night at the request of the Taliban, “which believed US forces were using the cellular networks to track insurgents”.
The Complaint includes MTN Group, MTN Afghanistan and MTN Dubai. The full document can be viewed here: https://afghanistan.terrorismcase.com/wp-content/uploads/2019/12/2019-12-27-001-COMPLAINT.pdf