ITWire reports on how Norwegian firm Volue Technology handled a ransomware attack that began on May 5th: The company has set up a Web page with information about the attack and also links to frequent updates about the status of its systems. There was no obfuscation about the attack, none at all. The company said: "The ransomware attack on Volue Technology ('Powel') was caused by Ryuk, a type of malware usually known for targeting large, public-entity Microsoft Windows systems."

What is even more remarkable about this page is that it has provided the telephone number and email address of its chief executive, Trond Straume, and asked for anyone who needs additional information to contact him. Not some underling.
ITWire argues this response "demonstrated to the rest of the world how a ransomware attack should be handled."

sandbagger shares a report from The Register: FingerprintJS, maker of a browser-fingerprinting library for fraud prevention, on Thursday said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser. Konstantin Darutkin, senior software engineer at FingerprintJS, said in a blog post that the company has dubbed the privacy vulnerability "scheme flooding." The name refers to abusing custom URL schemes, which make web links like "skype://" or "slack://" prompt the browser to open the associated application. "The scheme flooding vulnerability allows an attacker to determine which applications you have installed," explains Darutkin. "In order to generate a 32-bit cross-browser device identifier, a website can test a list of 32 popular applications and check if each is installed or not."

Visiting the schemeflood.com site using a desktop (not mobile) browser and clicking on the demo will generate a flood of custom URL scheme requests using a pre-populated list of likely apps. A browser user would typically see a pop-up permission modal window that says something like, "Open Slack.app? A website wants to open this application. [canel] [Open Slack.app]." But in this case, the demo script just cancels if the app is present or reads the error as confirmation of the app's absence. It then displays the icon of the requested app if found, and moves on to its next query. The script uses each app result as a bit to calculate the identifier. The fact that the identifier remains consistent across different browsers means that cross-browser tracking is possible, which violates privacy expectations.

An anonymous reader quotes a report from MIT Technology Review: In 1998 a couple of Stanford graduate students published a paper describing a new kind of search engine: "In this paper, we present Google, a prototype of a large-scale search engine which makes heavy use of the structure present in hypertext. Google is designed to crawl and index the Web efficiently and produce much more satisfying search results than existing systems." The key innovation was an algorithm called PageRank, which ranked search results by calculating how relevant they were to a user's query on the basis of their links to other pages on the web. On the back of PageRank, Google became the gateway to the internet, and Sergey Brin and Larry Page built one of the biggest companies in the world. Now a team of Google researchers has published a proposal for a radical redesign that throws out the ranking approach and replaces it with a single large AI language model, such as BERT or GPT-3 -- or a future version of them. The idea is that instead of searching for information in a vast list of web pages, users would ask questions and have a language model trained on those pages answer them directly. The approach could change not only how search engines work, but what they do -- and how we interact with them.

[Donald Metzler and his colleagues at Google Research] are interested in a search engine that behaves like a human expert. It should produce answers in natural language, synthesized from more than one document, and back up its answers with references to supporting evidence, as Wikipedia articles aim to do. Large language models get us part of the way there. Trained on most of the web and hundreds of books, GPT-3 draws information from multiple sources to answer questions in natural language. The problem is that it does not keep track of those sources and cannot provide evidence for its answers. There's no way to tell if GPT-3 is parroting trustworthy information or disinformation -- or simply spewing nonsense of its own making.

Metzler and his colleagues call language models dilettantes -- "They are perceived to know a lot but their knowledge is skin deep." The solution, they claim, is to build and train future BERTs and GPT-3s to retain records of where their words come from. No such models are yet able to do this, but it is possible in principle, and there is early work in that direction. There have been decades of progress on different areas of search, from answering queries to summarizing documents to structuring information, says Ziqi Zhang at the University of Sheffield, UK, who studies information retrieval on the web. But none of these technologies overhauled search because they each address specific problems and are not generalizable. The exciting premise of this paper is that large language models are able to do all these things at the same time, he says.

An anonymous reader quotes a report from The Verge: Amazon's Alexa has a voice familiar to millions: calm, warm, and measured. But like most synthetic speech, its tones have a human origin. There was someone whose voice had to be recorded, analyzed, and algorithmically reproduced to create Alexa as we know it now. Amazon has never revealed who this "original Alexa" is, but journalist Brad Stone says he tracked her down, and she is Nina Rolle, a voiceover artist based in Boulder, Colorado. The claim comes from Stone's upcoming book on the tech giant, Amazon Unbound, an excerpt of which is published here in Wired. Neither Amazon nor Rolle confirmed or denied Stone's reporting, which he says is based on conversations with the professional voiceover community, but Rolle's voice alone makes for a compelling case.

Here's how Stone writes up the process in selecting Alexa's voice: "Believing that the selection of the right voice for Alexa was critical, [then-Amazon exec Greg] Hart and colleagues spent months reviewing the recordings of various candidates that GM Voices produced for the project, and presented the top picks to Bezos. The Amazon team ranked the best ones, asked for additional samples, and finally made a choice. Bezos signed off on it. Characteristically secretive, Amazon has never revealed the name of the voice artist behind Alexa. I learned her identity after canvasing the professional voice-over community: Boulder, Colorado -- based voice actress and singer Nina Rolle. Her professional website contains links to old radio ads for products such as Mott's Apple Juice and the Volkswagen Passat -- and the warm timbre of Alexa's voice is unmistakable. Rolle said she wasn't allowed to talk to me when I reached her on the phone in February 2021. When I asked Amazon to speak with her, they declined."

Following Twitter's lead, Facebook is trying out a new feature designed to encourage users to read a link before sharing it. TechCrunch reports: The test will reach 6% of Facebook's Android users globally in a gradual rollout that aims to encourage "informed sharing" of news stories on the platform. Users can still easily click through to share a given story, but the idea is that by adding friction to the experience, people might rethink their original impulses to share the kind of inflammatory content that currently dominates on the platform.

The strategy demonstrates Facebook's preference for a passive strategy of nudging people away from misinformation and toward its own verified resources on hot-button issues like COVID-19 and the 2020 election. While the jury is still out on how much of an impact this kind of gentle behavioral shaping can make on the misinformation epidemic, both Twitter and Facebook have also explored prompts that discourage users from posting abusive comments.

The Electronic Frontier Foundation (EFF) has filed a lawsuit against the remote testing company Proctorio on behalf of Miami University student Erik Johnson. The Verge reports: The lawsuit is intended to "quash a campaign of harassment designed to undermine important concerns" about the company's remote test-proctoring software, according to the EFF. The lawsuit intends to address the company's behavior toward Johnson in September of last year. After Johnson found out that he'd need to use the software for two of his classes, Johnson dug into the source code of Proctorio's Chrome extension and made a lengthy Twitter thread criticizing its practices -- including links to excerpts of the source code, which he'd posted on Pastebin. Proctorio CEO Mike Olsen sent Johnson a direct message on Twitter requesting that he remove the code from Pastebin, according to screenshots viewed by The Verge. After Johnson refused, Proctorio filed a copyright takedown notice, and three of the tweets were removed. (They were reinstated after TechCrunch reported on the controversy.)

In its lawsuit, the EFF is arguing that Johnson made fair use of Proctorio's code and that the company's takedown "interfered with Johnson's First Amendment right." "Copyright holders should be held liable when they falsely accuse their critics of copyright infringement, especially when the goal is plainly to intimidate and undermine them," said EFF Staff Attorney Cara Gagliano in a statement. "I'm doing this to stand up against student surveillance, as well as abuses of copyright law," Johnson told The Verge. "This isn't the first, and won't be the last time a company abuses copyright law to try and make criticism more difficult. If nobody calls out this abuse of power now, it'll just keep happening."

The Apple vs. Epic legal battle has brought new documents to light, revealing the strained relationship between Apple and Facebook that dates as far back as 2011. 9to5Mac reports: Around this time, Facebook had not yet released a dedicated app for the iPad, which debuted in 2010. Apple's Scott Forstall, then serving as the company's software chief, sent an email to Phil Schiller and Steve Jobs regarding a meeting he had with Mark Zuckerberg about bringing Facebook to the iPad. At the heart of Facebook's concerns was that Apple would not allow the Facebook for iPad application to include "embedded apps." Forstall wrote: "I just discussed with Mark how they should not include embedded apps in the Facebook iPad app -- neither in an embedded web view or as a directory of links that would redirect to Safari. Not surprisingly, he wasn't happy with this as he considers these apps part of the 'whole Facebook experience' and isn't sure they should do an iPad app without them. Everything works in Safari, so he is hesitant to push people to a native app with less functionality, even if the native app is better for non-third party app features."

Zuckerberg suggested a few compromises to Forstall: Do not include a directory of apps in the Facebook app, links, or otherwise; Do not have third-party apps run in the embedded web view; Allow user posts in the news feed related to apps; and Tapping on one of these app-related links would (1) fast switch to a native app if one exists and the user has it installed, (2) take the user to the App Store if a native app exists and the user has not installed it, (3) link out to Safari otherwise.

"I think this is all reasonable, with the possible exception of #3," Forstall wrote in the email. Steve Jobs responded and wrote, "I agree -- if we eliminate Fecebooks third proposal it sounds reasonable." Note Jobs's spelling of Facebook there. A few days later, Forstall followed up and said that Zuckerberg did not like Apple's counterproposal. [...] CNBC adds: "When Facebook's iPad app eventually launched, it said that it would not support its own Credits currency on iOS for apps like Farmville -- a compromise along the lines of what Apple's executives discussed.

A U.K. company behind digital addressing system What3Words has sent a legal threat to a security researcher for offering to share an open-source software project with other researchers, which What3Words claims violate its copyright. From a report: Aaron Toponce, a systems administrator at XMission, received a letter on Thursday from London-based law firm JA Kemp representing What3Words, requesting that he delete tweets related to the open-source alternative, WhatFreeWords. The letter also demands that he disclose to the law firm the identity of the person or people with whom he had shared a copy of the software, agree that he would not make any further copies of the software and to delete any copies of the software he had in his possession. The letter gave him until May 7 to agree, after which What3Words would "waive any entitlement it may have to pursue related claims against you," a thinly-veiled threat of legal action. "This is not a battle worth fighting," he said in a tweet.

Toponce told TechCrunch that he has complied with the demands, fearing legal repercussions if he didn't. He has also asked the law firm twice for links to the tweets they want deleting but has not heard back. "Depending on the tweet, I may or may not comply. Depends on its content," he said. U.K.-based What3Words divides the entire world into three-meter squares and labels each with a unique three-word phrase. The idea is that sharing three words is easier to share on the phone in an emergency than having to find and read out their precise geographic coordinates. But security researcher Andrew Tierney recently discovered that What3Words would sometimes have two similarly-named squares less than a mile apart, potentially causing confusion about a person's true whereabouts. In a later write-up, Tierney said What3Words was not adequate for use in safety-critical cases.

This week the New York Times published their online investigation into the seamy world of the professional slander industry. (Alternate URL.)
At first glance, the websites appear amateurish. They have names like BadGirlReports.date, BustedCheaters.com and WorstHomeWrecker.com. Photos are badly cropped. Grammar and spelling are afterthoughts. They are clunky and text-heavy, as if they're intended to be read by machines, not humans. But do not underestimate their power...

One woman in Ohio was the subject of so many negative posts that Bing declared in bold at the top of her search results that she "is a liar and a cheater" — the same way it states that Barack Obama was the 44th president of the United States. For roughly 500 of the 6,000 people we searched for, Google suggested adding the phrase "cheater" to a search of their names. The unverified claims are on obscure, ridiculous-looking sites, but search engines give them a veneer of credibility. Posts from Cheaterboard.com appear in Google results alongside Facebook pages and LinkedIn profiles....

That would be bad enough for people whose reputations have been savaged. But the problem is all the worse because it's so hard to fix. And that is largely because of the secret, symbiotic relationship between those facilitating slander and those getting paid to remove it.
Who, exactly? The Times spoke to:

• Cyrus Sullivan, the Portland-based owner of one site who also runs a reputation-management service "to help people get 'undesirable information' about themselves removed from their search engine results. The 'gold package' cost $699.99. For those customers, Mr. Sullivan would alter the computer code underlying the offending posts, instructing search engines to ignore them...."

• 247Removal's owner Heidi Glosser, who "charges $750 or more per post removal, which adds up to thousands of dollars for most of her clients. To get posts removed, she said, she often pays an 'administrative fee' to the gripe site's webmaster. We asked her whether this was extortion. 'I can't really give you a direct answer,' she said." She appeared to have links to...

• Web developer Vikram Parmar, who seemed to be running several sites that produced slander while also simultaneously running sites that made money by removing that slander.

But finally, the Times reminded their readers that "in certain circumstances, Google will remove harmful content from individuals' search results, including links to 'sites with exploitative removal practices.' If a site charges to remove posts, you can ask Google not to list it.

"Google didn't advertise this policy widely, and few victims of online slander seem aware that it's an option. That's in part because when you Google ways to clean up your search results, Google's solution is buried under ads for reputation-management services..."

Hmmmmmm shares a report from The Guardian: The French government is planning to harden counter-terrorism laws, permitting the use of algorithms to detect online extremist activity, amid a growing political row over security in the run up to next year's presidential race. The interior minister, Gerald Darmanin, said attackers were now "isolated individuals, increasingly younger, unknown to intelligence services, and often without any links to established Islamist groups." This was a growing problem for France because they self-radicalized very quickly, within days or weeks. These attackers no longer used text messages or mobile phones to communicate but instead went online or used social media direct messaging, he said. Darmanin said algorithms would allow the state to potentially pick up if a person was repeatedly searching online for a topic such as beheadings. He argued that Google and other online commercial sites already used algorithms and the state should be able to as well, with independent oversight -- despite concern from some rights lawyers that there would not be enough transparency.

"The last nine attacks on French soil were committed by individuals who were unknown to the security services, who were not on a watchlist and were not suspected of being radicalised," Darmanin told France Inter radio. This meant new methods were needed, he said, adding that of 35 attacks prevented by the state since 2017, two were stopped by intelligence work online. Since 2017, French security agencies have been able to use algorithms to monitor messaging apps. The new bill would make that experimental use permanent and extend the use of algorithms to websites and web searches. The legislation makes permanent several temporary measures in use since France's state of emergency after the Islamist terrorist attacks in 2015. It would give security agencies more power to watch over and limit the movements of high-risk individuals after release from jail, for two years rather than one.

"Nomadland" director Chloe Zhao made history on Sunday by becoming the first woman of color and first Chinese woman to win the Oscar for best director. Official media, major search engines and internet censors in her home country are making as if it didn't happen. From a report: Ms. Zhao's win, just the second time a woman has walked away with best director, unleashed a flurry of congratulatory messages on Chinese social-media sites when it was announced Monday morning Beijing time. By midafternoon, nearly all of the posts had been erased. Searches for her name on Baidu and Sogou, the country's dominant search engines, produced numerous links to news of her previous accolades but only scattered links to deleted articles about the Academy Award honor.

State broadcaster China Central Television, the official Xinhua News Agency, and Communist Party mouthpiece the People's Daily stayed silent on the award throughout the day. Two state media reporters told the Journal they had received orders from China's propaganda ministry not to report on her victory, despite what they described as her status as a Chinese national, because of "previous public opinion." China's Foreign Ministry declined to comment on the removal of social-media posts during a regular news conference on Monday, saying it wasn't a diplomatic issue.

Still smarting from last month's dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a massive scale, links Facebook accounts with their associated email addresses, even when users choose settings to keep them from being public. Wired reports: A video circulating on Tuesday showed a researcher demonstrating a tool named Facebook Email Search v1.0, which he said could link Facebook accounts to as many as 5 million email addresses per day. The researcher -- who said he went public after Facebook said it didn't think the weakness he found was "important" enough to be fixed -- fed the tool a list of 65,000 email addresses and watched what happened next. "As you can see from the output log here, I'm getting a significant amount of results from them," the researcher said as the video showed the tool crunching the address list. "I've spent maybe $10 to buy 200-odd Facebook accounts. And within three minutes, I have managed to do this for 6,000 [email] accounts."

The researcher [...] said that Facebook Email Search exploited a front-end vulnerability that he reported to Facebook recently but that "they [Facebook] do not consider to be important enough to be patched." Earlier this year, Facebook had a similar vulnerability that was ultimately fixed. "This is essentially the exact same vulnerability," the researcher says. "And for some reason, despite me demonstrating this to Facebook and making them aware of it, they have told me directly that they will not be taking action against it."

In a statement, Facebook said: "It appears that we erroneously closed out this bug bounty report before routing to the appropriate team. We appreciate the researcher sharing the information and are taking initial actions to mitigate this issue while we follow up to better understand their findings." A Facebook representative didn't respond to a question asking if the company told the researcher it didn't consider the vulnerability important enough to warrant a fix. The representative said Facebook engineers believe they have mitigated the leak by disabling the technique shown in the video.

The owner of the Daily Mail newspaper and MailOnline website is suing Google over allegations the search engine manipulates search results. The BBC reports: Associated Newspapers accuses Google of having too much control over online advertising and of downgrading links to its stories, favoring other outlets. It alleges Google "punishes" publishers in its rankings if they don't sell enough advertising space in its marketplace. Google called the claims "meritless."

Associated Newspapers' concerns stem from its assessment that its coverage of the Royal Family in 2021 has been downplayed in search results. For example, it claims that British users searching for broadcaster Piers Morgan's comments on the Duchess of Sussex following an interview with Oprah Winfrey were more likely to see articles about Morgan produced by smaller, regional outlets. That is despite the Daily Mail writing multiple stories a day about his comments around that time and employing him as a columnist. In response, a Google spokesperson said: "The Daily Mail's claims are completely inaccurate. The use of our ad tech tools has no bearing on how a publisher's website ranks in Google search. More generally, we compete in a crowded and competitive ad tech space where publishers have and exercise multiple options. The Daily Mail itself authorizes dozens of ad tech companies to sell and manage their ad space, including Amazon, Verizon and more. We will defend ourselves against these meritless claims."

April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA). The Register reports: Forty-four different products and services are affected, mainly having to do with Azure, Exchange Server, Office, Visual Studio Code, and Windows. Among the vulnerabilities, four have been publicly disclosed and a fifth is being actively exploited. Nineteen of the CVEs have been designated critical. "This month's release includes a number of critical vulnerabilities that we recommend you prioritize, including updates to protect against new vulnerabilities in on-premise Exchange Servers," Microsoft said in its blog post. "These new vulnerabilities were reported by a security partner through standard coordinated vulnerability disclosure and found internally by Microsoft. We have not seen the vulnerabilities used in attacks against our customers.

Clicking through Microsoft's coy links to CVE-2021-28480 (9.8 severity), CVE-2021-28481 (9.8 severity), CVE-2021-28482 (8.8 severity), and CVE-2021-28483 (9.0 severity), you'll find the unspecified security partner is the NSA. Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9 are affected by this set of problems. "NSA urges applying critical Microsoft patches released today, as exploitation of these #vulnerabilities could allow persistent access and control of enterprise networks," the signals intelligence agency said via Twitter.

Data from 500 million LinkedIn users has been scraped and is for sale online, according to a report from Cyber News. A LinkedIn spokesperson confirmed to Insider that there is a dataset of public information that was scraped from the platform. From a report: "While we're still investigating this issue, the posted dataset appears to include publicly viewable information that was scraped from LinkedIn combined with data aggregated from other websites or companies," a LinkedIn spokesperson told Insider in a statement. "Scraping our members' data from LinkedIn violates our terms of service and we are constantly working to protect our members and their data." LinkedIn has 740 million users, according to its website, so the reported data scraping of 500 million users means about two-thirds of the platform's user base could be affected. The data includes account IDs, full names, email addresses, phone numbers, workplace information, genders, and links to other social media accounts.

Sky TV, one of the largest broadcasters in the UK, has won a court injunction to prevent links to its TV shows from being illegally shared online. The interim order targets a man who moderated several TV-focused communities on Reddit while raising funds through Patreon and PayPal. TorrentFreak reports: According to an action filed by Sky in a Scottish court, Cherzo1 was the moderator of three sub-Reddits -- r/UKTVLAND, r/notapanelshow, and r/UKPanelShowsOnly -- which together had more than 51,000 subscribers. Cherzo also had a YouTube channel with more than 95,000 subscribers. According to Sky, all of these platforms were used to infringe the company's copyrights. In evidence to support its action, Sky states that Cherzo1 was motivated by money, receiving payments from fans and followers via Patreon and directly into his PayPal account. [...]

In order to curtail Cherzo1's activities, Sky asked the court to hand down an "interdict ad interim," a term used in Scotland to describe an interim injunction. The broadcaster asked the court to order Cherzo1 to stop uploading copies of broadcasts, stop posting hyperlinks to shows on Reddit and anywhere else on the Internet, and forbid him from assisting any third party to do the same. A court will grant an interim interdict if it believes there is a prima facie case against the defendant. [...] Anyone found breaching such an order could be subjected to a fine or even imprisonment.

An anonymous reader quotes a report from The Intercept: The popular legal research and data brokerage firm LexisNexis signed a $16.8 million contract to sell information to U.S. Immigration and Customs Enforcement, according to documents shared with The Intercept. The deal is already drawing fire from critics and comes less than two years after the company downplayed its ties to ICE, claiming it was "not working with them to build data infrastructure to assist their efforts." Though LexisNexis is perhaps best known for its role as a powerful scholarly and legal research tool, the company also caters to the immensely lucrative "risk" industry, providing, it says, 10,000 different data points on hundreds of millions of people to companies like financial institutions and insurance companies who want to, say, flag individuals with a history of fraud. LexisNexis Risk Solutions is also marketed to law enforcement agencies, offering "advanced analytics to generate quality investigative leads, produce actionable intelligence and drive informed decisions" -- in other words, to find and arrest people.

The LexisNexis ICE deal appears to be providing a replacement for CLEAR, a risk industry service operated by Thomson Reuters that has been crucial to ICE's deportation efforts. In February, the Washington Post noted that the CLEAR contract was expiring and that it was "unclear whether the Biden administration will renew the deal or award a new contract." LexisNexis's February 25 ICE contract was shared with The Intercept by Mijente, a Latinx advocacy organization that has criticized links between ICE and tech companies it says are profiting from human rights abuses, including LexisNexis and Thomson Reuters. The contract shows LexisNexis will provide Homeland Security investigators access to billions of different records containing personal data aggregated from a wide array of public and private sources, including credit history, bankruptcy records, license plate images, and cellular subscriber information. The company will also provide analytical tools that can help police connect these vast stores of data to the right person. In a statement to The Intercept, a LexisNexis Risk Solutions spokesperson said: "Our tool contains data primarily from public government records. The principal non-public data is authorized by Congress for such uses in the Drivers Privacy Protection Act and Gramm-Leach-Bliley Act statutes." They declined to say exactly what categories of data the company would provide ICE under the new contract, or what policies, if any, will govern how agency agency uses it.

The file-sharing blog TorrentFreak reports: Google was asked to remove a TorrentFreak article from its search results this week. The article in question reported that "The Mandalorian" was the most pirated TV show of 2020.

This notice claims to identify several problematic URLs that allegedly infringe the copyrights of Disney's hit series The Mandalorian. This is not unexpected, as The Mandalorian was the most pirated TV show of last year, as we reported in late December. However, we didn't expect to see our article as one of the targeted links in the notice. Apparently, the news that The Mandalorian is widely pirated — which was repeated by dozens of other publications — is seen as copyright infringement?

Needless to say, we wholeheartedly disagree. This is not the way.
TorrentFreak specifies that the article in question "didn't host or link to any infringing content." (TorrentFreak's article was even linked to by major sites including CNET, Forbes, Variety, and even Slashdot.)

TorrentFreak also reports that it wasn't Disney who filed the takedown request, but GFM Films... At first, we thought that the German camera company GFM could have something to do with it, as they worked on The Mandalorian. However, earlier takedown notices from the same sender protected the film "The Last Witness," which is linked to the UK company GFM Film Sales. Since we obviously don't want to falsely accuse anyone, we're not pointing fingers.
So what happens next? We will certainly put up a fight if Google decides to remove the page. At the time of writing, this has yet to happen. The search engine currently lists the takedown request as 'pending,' which likely means that there will be a manual review. The good news is that Google is usually pretty good at catching overbroad takedown requests. This is also true for TorrentFreak articles that were targeted previously, including our coverage on the Green Book screener leak.

An anonymous reader shares a report from Motherboard, written by Ben Munster: When you buy an NFT for potentially as much as an actual house, in most cases you're not purchasing an artwork or even an image file. Instead, you are buying a little bit of code that references a piece of media located somewhere else on the internet. This is where the problems begin. Ed Clements is a community manager for OpenSea who fields these kinds of problems daily. In an interview, he explained that digital artworks themselves are not immutably registered "on the blockchain" when a purchase is made. When you buy an artwork, rather, you're "minting" a new cryptographic signature that, when decoded, points to an image hosted elsewhere. This could be a regular website, or it might be the InterPlanetary File System, a large peer-to-peer file storage system.

Clements distinguished between the NFT artwork (the image) and the NFT, which is the little cryptographic signature that actually gets logged. "I use the analogy of OpenSea and similar platforms acting like windows into a gallery where your NFT is hanging," he said. "The platform can close the window whenever they want, but the NFT still exists and it is up to each platform to decide whether or not they want to close their window." [...] "Closing the window" on an NFT isn't difficult. NFTs are rendered visually only on the front-end of a given marketplace, where you see all the images on offer. All the front-end code does is sift through the alphanumeric soup on the blockchain to produce a URL that links to where the image is hosted, or less commonly metadata which describes the image. According to Clement: "the code that finds the information on the blockchain and displays the images and information is simply told, 'don't display this one.'"

An important point to reiterate is that while NFT artworks can be taken down, the NFTs themselves live inside Ethereum. This means that the NFT marketplaces can only interact with and interpret that data, but cannot edit or remove it. As long as the linked image hasn't been removed from its source, an NFT bought on OpenSea could still be viewed on Rarible, SuperRare, or whatever -- they are all just interfaces to the ledger. The kind of suppression detailed by Clements is likely the explanation for many cases of "missing" NFTs, such as one case documented on Reddit when user "elm099" complained that an NFT called "Big Boy Pants" had disappeared from his wallet. In this case, the user could see the NFT transaction logged on the blockchain, but couldn't find the image itself. In the case that an NFT artwork was actually removed at the source, rather than suppressed by a marketplace, then it would not display no matter which website you used. If you saved the image to your phone before it was removed, you could gaze at it while absorbing the aura of a cryptographic signature displayed on a second screen, but that could lessen the already-tenuous connection between NFT and artwork. If you're unable to find a record of the token itself on the Ethereum blockchain, it "has to do with even more arcane Ethereum minutiae," writes Ben Munster via Motherboard. He explains: "NFTs are generally represented by a form of token called the ERC-721. It's just as simple to locate this token's whereabouts as ether (Ethereum's in-house currency) and other tokens such as ERC-20s. The NFT marketplace SuperRare, for instance, sends tokens directly to buyers' wallets, where their movements can be tracked rather easily. The token can then generally be found under the ERC-721 tab. OpenSea, however, has been experimenting with a new new token variant: the ERC-1155, a 'multitoken' that designates collections of NFTs.

This token standard, novel as it is, isn't yet compatible with Etherscan. That means ERC-1155s saved on Ethereum don't show up, even if we know they are on the blockchain because the payments record is there, and the 'smart contracts' which process the sale are designed to fail instantly if the exchange can't be made. [...]"

In closing, Munster writes: "This is all illustrative of a common problem with Ethereum and cryptocurrencies generally, which despite being immutable and unhackable and abstractly perfect can only be taken advantage of via unreliable third-party applications."

In his "Technically Incorrect" column, Chris Matyszczyk shares one employee's gripe about their new lockdown-incuded online workplace: Writing to New York magazine's The Cut — specifically workplace advice columnist Alison Green — the employee expressed frustration about their boss's so-called Zoom Happy Hours. "These aren't really happy hours," the employee says. "They're more 'work meetings with alcohol on Zoom,' and while they're framed as not 'technically' obligatory, they definitely are, and I get pointed comments if I choose to not attend."

Worse, they're not in actual working hours. Their boss, though, believes everyone's in lockdown, so what's the difference...? This particular boss has decreed the (not really) optional Happy Hour is between 5 p.m. and 7:30 p.m...

I was struck by new research from the University of Sydney. The academic title is: "Collecting experimental network data from interventions on critical links in workplace networks." But drift to the press release and you find: "Benefits of team-building exercises jeopardized if not truly voluntary." Lead researcher Dr. Petr Matous described the situation quite baldly: "Many workers told us that they despise team building activities and see them as a waste of time."
The researchers recommend employers try to encourage a good relationship between two employees — but to let them ultimately work it out for themselves. And Matyszczyk believes this approach makes even more sense on Zoom. "If you're on a Zoom Happy Hour with, say, 50 people, there's still only one actual conversation. Even if you want to participate, it's hard to get a word in and have it instantly understood, never mind appreciated."

That is, unless your boss decides to distribute all the online Happy Hour participants into smaller "breakout rooms"...