Security News

Will Elon Musk follow the rules?

Plus, Google Play offers a new “data privacy” app descriptor, and the metaverse just might reshape manufacturing.

European Union officials Cedric O and Thierry Breton both mentioned on Twitter that they expect Elon Musk to abide by the rules of the new Digital Service Act (DSA). The new legislation requires user-generated platforms to police its content, implementing robust content moderation systems that allow them to take down quickly any illegal material like hate speech or child sexual abuse. Rule-breakers will have to pay 6% of their global annual revenues, which for Twitter would be just over $300 million. Musk has called himself a “free speech absolutist,” saying that his vision is to make Twitter into a “digital town square.”

Avast Security Evangelist Luis Corrons thinks Musk and the DSA will get along in some ways. “Funny enough, some of the measures Elon Musk is said to take with Twitter align fully with the DSA, like making Twitter’s algorithms open source. Not that funny is that the concerns come from Musk’s strong position in favor of free speech, while the DSA promotes outsourcing censorship.” Musk spoke about his more conservative views on Twitter, while the EFF and other associations are already worried about the DSA’s approach to some topics. For more on this story, see CNBC

Google offers Europe “reject all” button for cookies

After France’s data protection agency (CNIL) fined Google €150 million (about $170 million) for using confusing language in cookie banner options, Google announced it would give European users a “reject all” option. Users have always been able to accept all cookies with a single click, but in order to reject them all, users had to click through a series of menus. CNIL called that policy unlawful because it steered users into accepting cookies, which ultimately benefited Google’s advertising business. The new choices for European users will be “accept all,” “reject all,” and “more options” (to exercise more granular control). For more, see The Verge.

Google Play rolls out new app privacy section

This week, Google introduced a new section to app descriptions in the Play Store called “Data privacy & security,” where developers can explain what data they collect from users, such as location, personal info, financial info, web history, contacts, and various file types. Developers are also expected to list their data security practices, including if the data is encrypted in transit and if users can request their data be deleted. The rollout will take a few weeks before everyone sees the new section in the Play Store. And while every app description will include the section, it does not necessarily mean every app will provide the data. For more on this, see Ars Technica.

“Package Planting” exploits flaw in NPM

NPM, the default package manager for the Node.js JavaScript runtime environment, has patched a logical flaw that allowed bad actors to pass off rogue libraries as legitimate, tricking unsuspecting users into installing files that could contain malware. Previously, NPM allowed adding anyone as a maintainer of the package without notifying users or getting consent, which meant that an adversary could create malware-laced packages and assign them to trusted, popular maintainers without their knowledge. For more on this story, see The Hacker News

Could the metaverse reshape manufacturing?

According to VentureBeat, the metaverse will offer new opportunities for innovation that could reshape the manufacturing industry. First, designing new prototypes will only require graphic rendering, not physical construction, so the innovation cycle will be accelerated. Next, the metaverse will be fertile ground for product testing, as its decentralized nature allows for diverse market research. Additionally, the metaverse could lead to democratization, decentralization, and increased transparency in manufacturing across industries. Finally, the metaverse will connect the digital and physical worlds in ways that will prompt new fields of innovation, business models, and demand for manufacturing. 

This week’s must-read on the Avast blog 

In a recent keynote address at Stanford University, Obama discussed the role of government in online technologies, the relationship between democracy and tech companies, and the role of digital media to elevate authoritarian rulers.