On Friday, Apple and Google announced a joint collaboration to make a Covid-19 "contact-tracing" framework available for legions of Android and iOS smartphones. Slated for release next month, the platform will give public health organizations the ability to track infections and use Bluetooth proximity analysis to warn people if they've come into contact with someone who has reported that they're infected. The service will be opt-in only and is designed to preserve privacy, the companies say. The pandemic has fueled debate about contact-tracing apps, but researchers say that it is possible to design encryption schemes for such services in a way that would successfully protect user privacy.
In other pandemic news, the Trump administration's hesitation to invoke the Defense Production Act to spur N95 mask manufacturing in the United States may mean that it's too late now for the effort to help the way it would have. And election officials are scrambling to scale up voting contingency plans for primaries and Election Day this year, including adding capacity for potential expanded absentee voting by mail. President Trump attempted to politicize vote-by-mail efforts in a number of remarks and tweets this week.
Researchers made a map of all the nations they've linked to the use of zero-day exploits; these elite tools are far more widespread than you might think. Plus, researchers from Cisco Talos demonstrated that cheap 3D printers are making it easier than ever to clone fingerprints and trick smartphone and laptop fingerprint locks.
If you need something to do this weekend, cut through the hubbub and use WIRED's comprehensive guide to making your Zoom meetings more private and secure.
And there's more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.
Signal Says It Will Leave the US Market If the EARN IT Act Passes Congress
The end-to-end encrypted messaging app Signal, which is respected and trusted for its transparent, open source design, says that it will be one of the immediate casualties should the controversial EARN IT Act pass Congress. Written by South Carolina Republican senator Lindsey Graham and Connecticut Democrat Richard Blumenthal and introduced in the Senate last month, the EARN IT Act claims to be a vehicle for improving how digital platforms reduce sexual exploitation and abuse of children online. But the law would really create leverage for the government to ask that tech companies undermine their encryption schemes to enable law enforcement access. Signal developer Joshua Lund said in a blog post on Wednesday that Signal is not cool with that! More specifically, he noted that Signal would face insurmountable financial burdens as a result of the law and would therefore be forced to leave the US market rather than undermine its encryption to stay. Given that Signal is recommended and used across the Department of Defense, Congress, and other parts of the US government, this would be a seemingly problematic outcome for everyone.
WhatsApp Takes New Steps to Stop the Spread of Misinformation on Its Platform
WhatsApp announced on Tuesday that it will restrict forwarding of highly forwarded messages, so users can only send them to one chat at a time. The idea is to make it much more difficult and tedious to bulk-forward a message. WhatsApp has put other restrictions on forwarding in the past. Last year it started labeling highly forwarded messages with a double-arrow icon, and it has been particularly focused on curbing the spread of misinformation in recent months, given the Covid-19 pandemic.
Travelex Paid $2.3 Million to Hackers After Being Hit by Ransomware
Hackers hit the currency exchange firm Travelex with ransomware at the beginning of January, crippling the company's operations. This turned out to be just the beginning of the company's problems and financial woes. The Wall Street Journal reports, though, that before it was embroiled in the drama of a major accounting scandal, Travelex paid its ransomware attackers a whopping $2.3 million in an attempt to get them to go away. Paying hackers their requested ransom is not illegal in the United Kingdom where Travelex is based, but it is frowned upon by the international law enforcement community and security experts. Victims can't be sure that attackers will actually retreat after they receive the ransom, and paying emboldens hackers to attempt more ransomware schemes.