Categories
News

2020 census data may not be as anonymous as expected

It’s census time in the US once again and multiple ads are running on both online and offline media to encourage everyone selected for the census to respond. The constitutional goal of the census is to ensure that congressional districts are properly balanced, thereby ensuring adequate representation. The modern census has expanded beyond that simple goal to allow for how Federal resources will be allocated within each district. Since the census collects significant sensitive data on citizens, it is by definition intended to be anonymous.

Having been selected to fill out a census, I decided to do so online, only second-guessing that decision when my browser informed me that the official website was using third-party cookies. For those who aren’t aware, third-party cookies are commonly used by ad networks to target their ads. The census is run by the US government, so why would there be any reason to place ads within a census form?

Given that I speak regularly on matters of cybersecurity and digital privacy, this seemed like an opportune time to dig into why something intended to be anonymous was in reality sharing information with third parties. After all, with most websites seeking consent to place cookies on your browser, it probably makes sense to understand what each category really means and what the real risks are.

As you can see from the screen shot below, my blocker found a few pieces of third-party content that I was interested to look into.

Since modern websites aren’t built from scratch, my first order of business was to determine the core underlying platform. This is important, as that platform likely has a number of tracking features to ensure proper operation or performance. Those same tracking features are going to have representation in the list of third-party cookies but are also mostly harmless. In the case of the 2020 census, the web platform turns out to be the Adobe Experience Platform, which in turn explains any references to adobe.com and demdex.net. These cookies, along with first party cookies, can be classified as functional in nature.

The next most common cookie classification are those cookies relating to the overall performance of the website. These seek to track what the user experience looks like, and as someone who works in this space, I know just how hard it is to balance the user impact of such tools against the desired performance data. In the case of the 2020 census, they are using a service called Boomerang, which is offered by Akamai and references a website at g-mpulse.net. The website itself is hosted within AWS, which in turn allows for additional first party performance metrics to be gathered — all of which helps ensure proper uptime.

With these functional and performance cookies addressed, we can safely turn our attention to those from doubleckick.net, tapad.com, addthis.com, skimresources.com, ads-twitter.com, and facebook.net, among others. The big question we need to ask is, why would anyone running a website like that for the census intentionally want to track visitors using ad networks? To answer this question, we first need to determine if this was simply the result of including the Adobe framework (i.e., does a framework nominally used for commercial websites simply assume ad networks are required?).

A good starting point for this analysis is to inspect the underlying page representation in the browser. This is very different from looking at the page source, as modern dynamic websites often run client-side scripts to determine the final appearance of the web page. You can see the underlying web layout for the 2020 census home page below, and rather than immediately answering questions, it introduces some new ones — specifically, what is the relationship with Bing and Snapchat?

If we remain focused on the original question of tracking cookies, there is an obvious file to investigate: federated-analytics-min.js. This file does indeed represent tracking capabilities, but based on its version info and the lack of Google Analytics, this might be legacy code.

Continuing with the analysis, we eventually arrive at launch-03ad6712691b.min.js, which is hosted by Adobe. This file represents the configuration for the Adobe Experience framework of the 2020 census. After de-obfuscating the file and extracting the configuration json, we see evidence that the file was generated on March 12, 2020 for production use. We can also now explain the Bing, Twitter, and Snapchat code and cookies, which are conditionally present on all pages except for “jobs.”

This evidence points to the presence of ad network cookies being the result of intentional configuration of the 2020 census site. Considering this, we need to ask why the site authors would include tracking cookies on a website intended to anonymously collect data.

One possible answer is that the core requirements didn’t include anonymity for visitors as a functional requirement. Another possible answer is that the authors were accustomed to tracking all visitors by default and a detailed code review wasn’t made by those writing the specifications. One last possible explanation is that, in their attempts to ensure the largest response rate possible, the authors are in effect attempting to target census ads to only those who haven’t completed their census. Considering the physical mail for the census includes the message “YOUR RESPONSE IS REQUIRED BY LAW,” perhaps the authors took ensuring compliance as paramount, allowing that priority to override any potential privacy concerns.

These three scenarios highlight the challenges organizations face when designing for privacy. If we assume the tracking cookies are intentionally placed to ensure maximum response rates, one unintended outcome is that the respective ad networks and social media platforms will then be able to know roughly who responded. When combined with other data sources, these third parties might then be able to identify individual respondents. Such data mining is at the core of how ad networks function and how the usage of personal information for unknown purposes is at the core of regulations like GDPR in Europe and the recently enacted California Consumer Privacy Act.

These laws, and many others, were created based on the realization that when companies have access to data, they will find novel ways to use it independent of the original reasons it was collected. This is why we see a proliferation of cookie consent messages on websites and why designing for privacy requires placing the rights and expectations of the consumers front and center.

While we might rightly be concerned about the federal government tracking our census activity, there are two simple ways to reduce the risk — fill out the old school paper option or go full incognito in your browser before even going to the census website.

Tim Mackey is principal strategist at the Synopsys Cyber Security Research Center.

Source: Read Full Article

Categories
News

Halo Infinite May Be In Trouble (Due To COVID-19)

Halo Infinite has been set to be one of the first flagship titles on the upcoming Xbox Series X, though it appears the game’s development has been affected by the destructive novel coronavirus, COVID-19.

Head of Microsoft Studios Matt Booty released a statement that acknowledged the challenges brought about by COVID-19. In the statement, Booty said that, while Xbox is committed to delivering high-quality content to its fans and consumers, it also remains conscious of those who are part of the Xbox Game Studios development teams. As the developers’ health and safety remain vital and integral in Xbox’s decision-making, Microsoft and Xbox Game Studios are “supporting our studio leaders to make the right decisions for their teams and their individual games during this challenging time.”

RELATED: Halo: Infinite Will FAIL Without A Battle Royale Mode

While nothing had been said about Halo Infinite‘s release date or that of any other Xbox Games Studios-developed title, there are implications within Booty’s statement that suggest potential delays. While Halo Infinite developer 343 Industries indicated in a blog post that development was on track for its projected release, the virus may “get worse before it gets better.”

No official changes have been made at this time, but this statement prepares readers, in a way, for any delays made to Halo Infinite or any other Xbox Games Studios-developed titles.

As COVID-19 has been determined to be one of the most infectious viruses, companies have made appropriate decisions to accommodate the unfortunate decision. From shifting to a “work-from-home” model to delays, gaming industry companies have found ways to work around the impacts of the virus, though it will likely continue to have impacts from here on out.

The coronavirus has already had numerous impacts where gaming events are concerned. From the cancelation of E3, leading to a Microsoft digital Xbox event and the cancelation of the Taipei Game Show, the novel coronavirus is rearing its ugly head all across the gaming industry. Of course, while it’s understandable to be depressed over a particular game’s delay, it’s important to keep in mind that the health and safety of those who are heading the development of affected games are of utmost concern.

Source: Read Full Article

Categories
eSports

Riot Games may be hosting a Valorant capture event for content creators this weekend

Since Valorant was revealed earlier this month, we’ve heard a ton of details about the gameplay elements and future plans. Riot Games is certainly not being shy about its game, as they’ve revealed multiple Agents, maps, and weapons. However, what hasn’t really been shown is actual gameplay from players other than the developers. There was supposed to be a live capture event in mid-March, but that was shut down due to the COVID-19 crisis. Since then, no one besides Riot Games has played Valorant.

However, that could be changing this weekend.


  • To view this video please enable JavaScript, and consider upgrading to a web browser thatsupports HTML5 video

    Video Player is loading.Current Time 0:00/Duration 0:00Loaded: 0%Stream Type LIVERemaining Time -0:00 

      1x

      • Chapters
        • descriptions off, selected
        • captions and subtitles off, selected

          This is a modal window.

          Beginning of dialog window. Escape will cancel and close the window.

          End of dialog window.

          Valorant capture event to take place soon?

          According to gaming insider Rod “Slasher” Breslau, Riot Games is holding an online capture event for Valorant starting today. The capture event would allow multiple streamers, esports players, and other content creators to play the game.

          The event will not be streamed, but the players will be able to capture footage. This footage will then be available to publish on a certain future date. Slasher believes that date is April 3, but it very well could change depending on unforeseen circumstances.

          Riot’s previously scheduled Valorant gameplay capture event with big name esports pros, streamers, and youtube creators that was postponed due to the coronavirus will be happening as an online event starting tomorrow through Sunday, sources tell me https://twitter.com/Slasher/status/1234921378274594817 

          Riot has sent an email to pro players, streamers, creators cancelling the Valorant gameplay capture event due to concerns over coronavirus https://twitter.com/Slasher/status/1234379300788482049 

          View image on Twitter

          the Valorant capture event will not be livestreamed and footage is currently scheduled by Riot to be released under embargo as a target date of April 3rd (that might change), i’m told

          the release of Valorant Alpha footage will likely coincide with an announcement of closed beta

          as spotted by reddit, Riot has already added/removed/re-added text on the official website to sign up for Valorant closed beta. pros and streamers will get it first but you plebs will get your chance

          View image on Twitter

          If true, this is huge news for any fans of Valorant. Riot has previously said that the general public won’t get to play before the streamers, professionals, etc. So, if a capture event does take place, then we might not be far away from an open beta.

          The beta was originally scheduled for the summer, but rumor has it that it could happen much sooner. Of course, that was before the COVID-19 outbreak, so things could have changed on that front. Regardless, if this rumor is true, this is a positive sign for the community that’s patiently waiting to get their hands on Valorant.

          Are you excited for the beta? Let us know, and keep up with Daily Esports for all Valorant news and updates.

          Source: Read Full Article

      • Categories
        News

        Source 2 Engine May Be Coming to CS:GO Very Soon

        The Source 2 engine might finally be coming to Counter-Strike: Global Offensive very soon.

        Believe it or not, Counter-Strike: Global Offensive is running on an engine that’s over 15 years old. The original Source engine came out with Half-Life 2, and while CS:GO uses a highly modified version of that engine, it’s still got the same underlying structure as a 15-year-old game.

        While this means CS:GO can run on computers that are positively ancient, it also means that more modern first-person shooters look a heckuva lot better than CS:GO.

        But it looks like CS:GO is finally due for an upgrade. According to multiple sources, Counter-Strike will be ported to the new(ish) Source 2 engine within the next few months.

        First, we have Valve News Network’s Tyler McVicker. In a video posted last month, McVicker said that sources within the company told him that Valve has been developing a version of the Source 2 engine for CS:GO “for a few years,” and that this ported version of the game should be arriving later this year.

        That was later confirmed by CS:GO historian and competitive club owner Nors3 in a tweet just a few days ago. “About Source 2 being released in CS:GO in 2 months: it seems trustworthy because I heard from reliable sources BUT with Valve you can never be 100% confident with unofficial dates,” he said. “Better multiply it by two.”

        Elements of the Source 2 engine are actually already present. The Panorama UI update from 2018 was just the beginning of CS:GO‘s port where Source 2 replaced much of CS:GO‘s out-of-game menus.

        Dota 2‘s February update also contained bits of CS:GO Source 2 code which updated the game’s rendering, shadows, and skyboxes, as noted again by Nors3.

        There’s been no official word from Valve, but Dexerto reports that there will be a “year-long beta period” after CS:GO finally does make the full transition to Source 2. We’ll be sure to keep our eye on Valve for when they do eventually make an official announcement.

        Source: Read Full Article

        Categories
        Reviews

        Ziggurat Interactive May Bring Back a Bunch of Old, Forgotten Games

        These days, it isn’t necessarily uncommon to see rereleases, remakes and remasters of older games. However, it’s a bit less common to see those of lesser-known oldies. Yet, publisher Ziggurat Interactive will be focused on this very niche, bringing back old IP’s in various formats, according to GamesIndustry.biz.

        Apparently, this will include titles that go back as far as the 80s, or the 8-bit era. As such, there will undeniably be some forgotten classics that some fans will be hankering for Ziggurat to revisit.

        RELATED: Final Fantasy VII Remake Fixes The Biggest Problem With FFXV’s Battle System

        Although still heralded as a classic among the run ‘n’ gun fan club, Gunstar Heroes is an IP that has been largely untouched outside of a few rereleases for over a decade. As one of the most intense, cartoonish, and over-the-top side-scrolling shooters of all time, a sequel or from-the-ground-up remake would be much appreciated. With new graphical capabilities, the barrage of explosions on-screen could be far more easily supported than they had been back in the day.

        The Super Star Wars series is another 2D IP that has since been overshadowed by other Star Wars titles like Knights of the Old Republic and the Battlefront games. However, in their day, they were some of the best Star Wars games around. With a variety of combat styles, the games were surprisingly challenging and seriously entertaining. Although it would be more dependent on EA’s jurisdiction, a comeback of any kind for these games would be splendid for the old-school Star Wars crowd.

        While more recent (and not necessarily forgotten totally), the Burnout series ran out of gas, leading to EA’s pushing for the Need for Speed series. The high-octane racing franchise saw a brief comeback with a remaster of Burnout Paradise in 2018 but has since been somewhat dormant. While another IP controlled by EA, any sort of return of this action-racing hybrid would also be much appreciated. It seems either a proper follow-up to Burnout Paradise is in order, or is a remake of Burnout 3: Takedown.

        With a bevy of untouched classic IP’s out there, there’s no telling what the possibilities are among Ziggurat’s initiatives. One thing’s for sure, the return of 80s-style games will hit many old-school gamers with a wave of nostalgia.

        Source: Read Full Article