Biz & IT

Google still claimed to be blocking search rivals on Android, despite Europe’s antitrust action

Published

4 years ago

December 19, 2018

Mobile licensing changes made by Google this fall, when it tweaked terms for OEMs wanting to license its Android smartphone platform on devices destined for the European market, don’t appear to be offering succour to search rivals — despite being triggered by an antitrust ruling intended to reset the competitive playing field.

The European Commission found the search giant guilty of anti-competitive practices related to its Android platform this summer, slapping the company with a $5BN fine. The decision required Google cease practices judged to be illegally skewing the market and do so within 90 days.

It was the second such major EC antitrust finding against Google, after last year’s Google Shopping ruling, when the company was warned that having been found dominant in search it had a “special responsibility” to avoid breaching antitrust rules in any market it plays in.

Google disputes the Commission’s findings of competitive abuse in both cases, and has lodged legal appeals.

But the nature of competition law demands action in the meanwhile, given the threat of punitive penalties for any continued breach. So in October Google responded to the Commission’s Android ruling by updating its regional compatibility agreement to provide a route for OEMs to unbundle key services from the Android OS — rather than requiring its suite of Google apps be pre-loaded for devices to get the Play Store.

However it also incorporated licensing fees for some unbundled configurations (e.g. Android + Play Store). At the same time it said it would not charge any fee to include search or Chrome. And it said it was offering incentives for OEMs to place its eponymous, market dominating search engine (and/or browser) prominently on their devices — despite one of the behaviors the Commission judged illegal being payments Google had made to certain large manufacturers and mobile carriers to exclusively pre-install Google Search.

The Commission did not prescribe specific remedies for the anticompetitive behaviours it pegged to Android — saying it’s “Google’s sole responsibility to make sure that it changes its conduct in a way that brings the infringements to an effective end”.

Though it warned it would closely monitor the company’s conduct, noting that any finding of continued non-compliance would risk fresh fines — of up to 5% of the average daily turnover of Alphabet for each day of non-compliance.

The key word there is “effective” — in terms of what the Commission is watching for.

Meanwhile Google’s dominant position in search naturally makes it the smartphone consumer’s go-to choice — which in turn means there’s a natural incentive for device makers not to ditch Google as the search default. At least for mainstream devices.

But Google’s new European licensing terms for Android appear to be piling additional pressure on OEMs not to switch even for more experimental and/or regional device launches, according to privacy-focused search engine Qwant.

The suggestion is Google’s licensing changes have essentially blocked the launch of an Android device with Qwant search rather than Google as the default.

Pay to install

Its experience suggests Google’s initial ‘remedy’ — far from delivering an “effective end” to the competitive infringements the Commission found — is actively steering OEMs away from search alternatives and rival companies.

Qwant, a French startup, launched its non-tracking search offering back in 2013, and has been on a growth tear on its home turf in recent months — winning over high profile users in the public sector as concern has risen about Silicon Valley’s intrusive grip on user data.

The French National Assembly and the French Ministry of the Armed Forces Minister announced this fall they’d switch to Qwant instead of Google as their default.

Of course the startup is still a minnow compared to Google. But it’s growing: Qwant tracks queries rather than users (given it doesn’t track people), and it says it generated 2.6BN queries in 2016; which grew to 9BN last year; and is now on track to end this year with around 18BN queries.

“So if we think about it that means that last year we were three days of Google; this year six days of Google — not so bad!” says co-founder Eric Leandri.

“In France we have now more than 6% of the market,” he continues. “In Germany something like 2%. And we are still growing. We do growth of 20% by month for the last four months. The growth in our revenue is two digit too, by month.”

Earlier this year it had been hoping to make additional regional marketshare gains by securing a deal to be pre-loaded on Android smartphones destined for European markets. A spokesman tells us it has a framework agreement with Huawei. (The Chinese Android OEM is second only to Samsung in global marketshare terms, according to analysts.)

The Commission’s antitrust ruling opened the door to this possibility, given it banned Google from prohibiting OEMs from launching non-Google approved Android forks. So after the ruling things were looking good for Qwant, with the startup on the cusp of securing a device deal for a few European countries, as Leandri tells it.

He blames Google’s licensing changes for putting the kibosh on a launch they’d been expecting to be able to announce in November. Early that month the startup pinged us to trail forthcoming news — of “a major partnership that will allow us to accelerate in the smartphone market” — only to go silent.

A few weeks later it got in touch again to say it had had to postpone the announcement.

“We are very near to one or two deals to be by default or in the list of search engines in some Android cell phone made by a very large Asian manufacturer… Just for Europe, and just for some countries in Europe but we are talking about 10 million or 20 million of cell phones,” says Leandri now.

“And when we have won the bid against Google in October then Google start to say that in Europe you have to pay $40 for Android. So now if you install Qwant you have to pay $40 and if you install Google they give you some cash.”

“Before it was impossible to bid against Google because Google was blocking everything. Now you can — but now the solution of Google is you have to pay $40 if you don’t install Google by default with Chrome just on the bar. You know the bar that is fixed on Android. And this is again an abuse of their dominant position,” he adds.

“Because if I want, for example, 10 million smartphones, the guy has to pay $400M to Google. Do you really think they will pay $400M to Google just to install Qwant?”

Google’s rebuttal of the Commission’s antitrust finding for Android has focused on claims that its approach of free licensing combined with a bundle of Google services has generally enabled competition to thrive in the mobile app ecosystem, as well as claiming lower prices are a “classic hallmark… of robust competition”.

Yet Qwant’s experience offers a clear counterpoint, underlining how challenging it remains to try to compete with Google’s core search business when the same company also dominates the smartphone market and can just throw the levers of Android’s licensing terms to configure how much ‘appetite’ OEMs have for investing in alternative search defaults (given tiny hardware profit margins in the Android space).

After Qwant won over Huawei to building a device with its search engine in prime position, Leandri says it was Google’s changes to the licensing terms for Android that threw a spanner in the works.

“After that pressure then the manufacturer doesn’t know how to react now,” he says, confirming he believes there’s currently no chance for the device to be launched. Not without further changes to how Android operates in the market — i.e. further regulatory intervention.

“So we will work a lot with the European Commission to stop that,” he adds. “But again, again my question is why Google goes that way?”

We reached out to Google to ask about the fees it would charge an OEM wanting to launch an Android device with Google Play but without Google search as the default in Europe.

We also asked how charging a fee for Android if OEMs don’t also bundle Google services can help increase competition, per the Commission’s intention.

At the time of writing Google had not responded to our questions.

We also reached out to Huawei for comment and will update this story with any response.

Even if Qwant and Huawei get their way, and European buyers in a handful of countries are able to choose to buy an Android device with a little search localization as its differentiating out-of-the-box twist, Leandri isn’t under any illusions that a majority of consumers will still switch back to Google of their own accord — given its dominance of search.

He reckons those who’d stick with a non-Google search choice might be as low as a third or 40%.

But his point is that, as it stands, Qwant doesn’t even have the chance to try competing against the Google Goliath on its own terms. And he argues that’s simply not fair.

“Google has billions to make advertisement to ask people to switch, right. And they can even do advertisement on the Play Store for zero because they control the Play Store. Why they don’t come back to a normal market where we are all on the same line and they just compete with advertisement, with pushing their products, with a better proposition of value. It’s crazy, it’s crazy!” he says.

“They have 95% of the market, and on that market they expect that if they don’t have the search by default there then they don’t do money with the Play Store. This is bullshit. They do billions of euros with the app on the Play Store each year. With the 30% that they take on the apps. So this is not true. This is not true, sorry.

“So right now this is our goal and my main work actually is just to obtain the right to have a fair competition — a simple, fair competition.”

“I don’t want to dismantle Google. I don’t want Google to be fined 10BN. I don’t care. The only thing I want is to have the right to have a fair competition,” he adds.

We asked the European Commission to respond to Qwant’s experience, and for an update on its monitoring of Google’s compliance with the Android antitrust ruling.

A spokeswoman declined to comment on an individual case but we understand the Commission has been sending questionnaires to market players as part of its compliance monitoring.

It’s clear the regulator’s intention with the Android decision was to expand consumer choice by creating opportunities for competition that didn’t exist before — including for rival search and browser providers to be able to compete on the merits with Google when it comes to pre-loading their products on Android devices.

So if the Commission’s monitoring efforts confirm instances where competition is being blocked, as appears the case here with Qwant, further interventions will surely follow.

Leandri also points out that Google made much the same arguments vis-a-vis ‘fair competition’ more than a decade ago — when it called for the then computing incumbent, Microsoft, not to stand in the way of Internet upstarts by bundling MSN search into its Internet Explorer web browser.

“The market favors open choice for search, and companies should compete for users based on the quality of their search services,” said Marissa Mayer in 2006, then Google’s vice president for search products. “We don’t think it’s right for Microsoft to just set the default to MSN. We believe users should choose.”

“I totally agree with what they say in 2006! Just exchange Microsoft for Google and that’s it!” he says now, adding: “We have to fight because there is not a lot of other way. But I stop fighting tomorrow as soon as I have a fair competition.

“I’m not waiting for the Commission to make the competition. Right now the percentage of growth that I have in France it’s not based on the Commission who has won or not. It’s based on our value proposition.”

Leandri is also president of the Open Internet Project, a European organization whose members lobby for regulatory action to rein in what they view as Google’s abusive dominance of digital markets, and which was also involved in the Google Shopping complaints — though he points out that in the Android case three of the five complainants are American.

“We are the only European. So the problem is not only for a small startup in Europe. Who, y’know, complained because ‘Google is so cool’. And we are so dumb. And so ridiculous. But the problem is for Oracle, it’s for the Fair Search. It’s not for kids.”

Source link

Biz & IT

Hackers exploit WordPress plugin flaw that gives full control of millions of sites

Published

6 hours ago

March 31, 2023

Francisco Peguero

Getty Images

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said.

The vulnerability, which carries a severity rating of 8.8 out of a possible 10, is present in Elementor Pro, a premium plugin running on more than 12 million sites powered by the WordPress content management system. Elementor Pro allows users to create high-quality websites using a wide range of tools, one of which is WooCommerce, a separate WordPress plugin. When those conditions are met, anyone with an account on the site—say a subscriber or customer—can create new accounts that have full administrator privileges.

The vulnerability was discovered by Jerome Bruandet, a researcher with security firm NinTechNet. Last week, Elementor, the developer of the Elementor Pro plugin, released version 3.11.7, which patched the flaw. In a post published on Tuesday, Bruandet wrote:

An authenticated attacker can leverage the vulnerability to create an administrator account by enabling registration (users_can_register) and setting the default role (default_role) to “administrator”, change the administrator email address (admin_email) or, as shown below, redirect all traffic to an external malicious website by changing siteurl among many other possibilities:
MariaDB [example]> SELECT * FROM `wp_options` WHERE `option_name`='siteurl';
+-----------+-------------+------------------+----------+
| option_id | option_name | option_value     | autoload |
+-----------+-------------+------------------+----------+
|		 1 | siteurl     | https://evil.com | yes 	 |
+-----------+-------------+------------------+----------+
1 row in set (0.001 sec)

Now, researchers with a separate security firm, PatchStack, report that the vulnerability is under active exploitation. Attacks are coming from a variety of IP addresses, including:

193.169.194.63
193.169.195.64
194.135.30.6

Files uploaded to compromised sites often have the following names:

wp-resortpack.zip
wp-rate.php
lll.zip

URLs of compromised sites are often being changed to:

away[dot]trackersline[dot]com

The broken access control vulnerability stems from Elementor Pro’s use of the “elementor-pro/modules/woocommerce/module.php” component. When WooCommerce is running, this script registers the following AJAX actions:

/**
 * Register Ajax Actions.
 *
 * Registers ajax action used by the Editor js.
 *
 * @since 3.5.0
 *
 * @param Ajax $ajax
 */
public function register_ajax_actions( Ajax $ajax ) {
   // `woocommerce_update_page_option` is called in the editor save-show-modal.js.
   $ajax->register_ajax_action( 'pro_woocommerce_update_page_option', [ $this, 'update_page_option' ] );
   $ajax->register_ajax_action( 'pro_woocommerce_mock_notices', [ $this, 'woocommerce_mock_notices' ] );
}

and

/**
 * Update Page Option.
 *
 * Ajax action can be used to update any WooCommerce option.
 *
 * @since 3.5.0
 *
 * @param array $data
 */
public function update_page_option( $data ) {
   update_option( $data['option_name'], $data['editor_post_id'] );
}

The update_option function “is supposed to allow the Administrator or the Shop Manager to update some specific WooCommerce options, but user input aren’t validated and the function lacks a capability check to restrict its access to a high privileged user only,” Bruandet explained. He continued:

Elementor uses its own AJAX handler to manage most of its AJAX actions, including pro_woocommerce_update_page_option, with the global elementor_ajax action. It is located in the “elementor/core/common/modules/ajax/module.php” script of the free version (which is required to run Elementor Pro) :
/**
 * Handle ajax request.
 *
 * Verify ajax nonce, and run all the registered actions for this request.
 *
 * Fired by `wp_ajax_elementor_ajax` action.
 *
 * @since 2.0.0
 * @access public
 */
public function handle_ajax_request() {
   if ( ! $this->verify_request_nonce() ) {
  	$this->add_response_data( false, esc_html__( 'Token Expired.', 'elementor' ) )
     	->send_error( Exceptions::UNAUTHORIZED );
   }
   ...

Anyone using Elementor Pro should ensure they’re running 3.11.7 or later, as all previous versions are vulnerable. It’s also a good idea for these users to check their sites for the signs of infection listed in the PatchStack post.

Biz & IT

These angry Dutch farmers really hate Microsoft

Published

15 hours ago

March 31, 2023

Francisco Peguero

As soon as Lars Ruiter steps out of his car, he is confronted by a Microsoft security guard, who is already seething with anger. Ruiter, a local councillor, has parked in the rain outside a half-finished Microsoft data center that rises out of the flat North Holland farmland. He wants to see the construction site. The guard, who recognizes Ruiter from a previous visit when he brought a TV crew here, says that’s not allowed. Within minutes, the argument has escalated, and the guard has his hand around Ruiter’s throat.

The security guard lets go of Ruiter within a few seconds, and the councillor escapes with a red mark across his neck. Back in his car, Ruiter insists he’s fine. But his hands shake when he tries to change gears. He says the altercation—which he will later report to the police—shows the fog of secrecy that surrounds the Netherlands’ expanding data center business.

“We regret an interaction that took place outside our data center campus, apparently involving one of Microsoft’s subcontractors,” says Craig Cincotta, general manager at Microsoft, adding that the company would cooperate with the authorities.

The heated exchange between Ruiter and Microsoft’s security guard shows how contentious Big Tech’s data centers have become in rural parts of the Netherlands. As the Dutch government sets strict environmental targets to cut emissions, industries are being forced to compete for space on Dutch farmland—pitting big tech against the increasingly political population of Dutch farmers.

There are around 200 data centers in the Netherlands, most of them renting out server space to several different companies. But since 2015, the country has also witnessed the arrival of enormous “hyperscalers,” buildings that generally span at least 10,000 square feet and are set up to service a single (usually American) tech giant. Lured here by the convergence of European internet cables, temperate climates, and an abundance of green energy, Microsoft and Google have built hyperscalers; Meta has tried and failed.

Against the backdrop of an intensifying Dutch nitrogen crisis, building these hyperscalers is becoming more controversial. Nitrogen, produced by cars, agriculture, and heavy machinery used in construction, can be a dangerous pollutant, damaging ecosystems and endangering people’s health. The Netherlands produces four times more nitrogen than the average across the EU. The Dutch government has pledged to halve emissions by 2030, partly by persuading farmers to reduce their livestock herds or leave the industry altogether. Farmers have responded with protests, blockading roads with tractors and manure and dumping slurry outside the nature minister’s home.

The courts have also halted thousands of building projects—forcing construction jobs like Microsoft’s to apply for permits proving they would not make the nitrogen crisis worse.

However, Microsoft’s newest data center has yet to receive those permits. The local environment agency told WIRED it is still assessing the company’s paperwork. In a system where farmers and house developers’ projects have stalled as they wait for nitrogen permits, there’s a sense that Microsoft has jumped the queue. “They don’t have the right permission to build,” says Ruiter, who represents the municipality of Hollands Kroon. To him, it is a double standard to let Microsoft keep building while other construction work has been put on hold. “When farmers don’t have the permission to build a farm, they will not build the farm. Microsoft doesn’t have the right permission to build a data center, but they already got started building the data center.”

Biz & IT

AI-generated video of Will Smith eating spaghetti astounds with terrible beauty

Published

1 day ago

March 30, 2023

Francisco Peguero

Enlarge / Stills from an AI-generated video of Will Smith eating spaghetti that has been heating up the Internet.

Amid this past week’s controversies in AI over regulation, fears of world-ending doom, and job disruption, the clouds have briefly parted. For a brief and shining moment, we can enjoy an absolutely ridiculous AI-generated video of Will Smith eating spaghetti that is now lighting up our lives with its terrible glory.

On Monday, a Reddit user named “chaindrop” shared the AI-generated video on the r/StableDiffusion subreddit. It quickly spread to other forms of social media and inspired mixed ruminations in the press. For example, Vice said the video will “haunt you for the rest of your life,” while the AV Club called it the “natural end point for AI development.”

We’re somewhere in between. The 20-second silent video consists of 10 independently generated two-second segments stitched together. Each one shows different angles of a simulated Will Smith (at one point, even two Will Smiths) ravenously gobbling up spaghetti. It’s entirely computer-generated, thanks to AI.

And you will see it now:

We know what you’re thinking: “Didn’t I see this kind of advanced deepfake technology in 1987‘s The Running Man?” No, that was Jesse “The Body” Ventura defeating a fake Arnold Schwarzenegger in a dystopic game show cage match, set somewhere between 2017 and 2019. Here in 2023, we have fake Will Smith eating spaghetti.

This feat is possible due to a new open source AI tool called ModelScope, released a few weeks ago by DAMO Vision Intelligence Lab, a research division of Alibaba. ModelScope is a “text2video” diffusion model that has been trained to create new videos from prompts by analyzing millions of images and thousands of videos scraped into the LAION5B, ImageNet, and Webvid datasets. That includes videos from Shutterstock, hence the ghostly “Shutterstock” watermark on its output.

AI community HuggingFace currently hosts an online demo of ModelScope, although it requires an account, and you’ll need to pay for compute time to run it. We tried to use it but it was overloaded, likely due to Smith’s spaghetti mania.

According to chaindrop, the workflow for creating the video was fairly simple: give ModelScope the prompt “Will Smith eating spaghetti” and generate it at 24 frames per second (FPS). Next, chaindrop used the Flowframes interpolation tool to increase the FPS from 24 to 48, then slowed it down to half speed, resulting in a smoother video.

Of course, ModelScope isn’t the only game in town regarding the emerging field of text2video. Recently, Runway debuted “Gen-2,” and we’ve previously covered early text2video research projects from Meta and Google.

Since Will Smith eating spaghetti became a viral hit, the Internet has been graced with follow-ups such as Scarlett Johansson and Joe Biden eating spaghetti. There’s even Smith eating meatballs, a video that is perhaps actually truly horrifying. But it’s still great somehow—perfect future meme fodder.

Of course, once the outputs of these text2video tools get too realistic, we’ll have other issues to deal with—deep social and cultural issues, likely. But for now, let’s enjoy ModelScope’s imperfect, horrible glory. We apologize in advance.