×
Verizon

AST SpaceMobile Stock Surges 69% After Verizon Satellite Internet Deal (cnbc.com) 2

Satellite-to-phones service provider AST SpaceMobile announced a deal with Verizon to provide remote coverage across the United States. "Verizon's deal effectively includes a $100 million raise for AST, as well, in the form of $65 million in commercial service prepayments and $35 million in debt via convertible notes," reports CNBC. "The companies said that $45 million of the prepayments 'are subject to certain conditions' such as needed regulatory approvals and signing of a definitive commercial agreement." Shares of AST jumped 69% in trading to close at $9.02 a share -- the largest single day rise for the company's stock since it went public in 2021. From the report: AST SpaceMobile is building satellites to provide broadband service to unmodified smartphones, in the nascent "direct-to-device" communications market. [...] The Verizon partnership follows a similar pattern to AT&T's work with AST. Back in January, AT&T was a co-debt investor in the company alongside Google and Vodafone. The companies then established the commercial agreement earlier this month, which "lays out in much more detail how we will ultimately offer service together," AST's Chief Strategy Officer Scott Wisniewski said in a statement to CNBC. [...] AST expects to launch its first five commercial satellites later this year.
Google

Google is Killing Off the Messaging Service Inside Google Maps (arstechnica.com) 19

An anonymous reader shares a report: Google is killing off a messaging service! This one is the odd "Google Business Messaging" service -- basically an instant messaging client that is built into Google Maps. If you looked up a participating business in Google Maps or Google Search on a phone, the main row of buttons in the place card would read something like "Call," "Chat," "Directions," and "Website." That "Chat" button is the service we're talking about. It would launch a full messaging interface inside the Google Maps app, and businesses were expected to use it for customer service purposes. Google's deeply dysfunctional messaging strategy might lead people to joke about a theoretical "Google Maps Messaging" service, but it already exists and has existed for years, and now it's being shut down.
Apple

Apple Signals That It's Working on TV+ App for Android Phones (bloomberg.com) 54

Apple is seeking a senior engineer to help build a television and sports app for Android, a sign the company is finally bringing its TV+ service to the rival smartphone platform. From a report: In a job listing published in recent days, Apple said it's looking for someone to lead the development of "fun new features" and "help build an application used by millions to watch and discover TV and sports." The move suggests that the company is looking to gain market share in video streaming -- and is setting aside its rivalry with Android in order to chase additional users. It's rare for Apple to develop software for Google's Android, which competes with its iOS platform. The TV+ service, launched in 2019, is Apple's answer to Netflix or Disney+, and the company has spent heavily on feeding it with original content.
Google

Huge Google Search Document Leak Reveals Inner Workings of Ranking Algorithm (searchengineland.com) 64

Danny Goodwin reports via Search Engine Land: A trove of leaked Google documents has given us an unprecedented look inside Google Search and revealed some of the most important elements Google uses to rank content. Thousands of documents, which appear to come from Google's internal Content API Warehouse, were released March 13 on Github by an automated bot called yoshi-code-bot. These documents were shared with Rand Fishkin, SparkToro co-founder, earlier this month.

What's inside. Here's what we know about the internal documents, thanks to Fishkin and [Michael King, iPullRank CEO]:

Current: The documentation indicates this information is accurate as of March.
Ranking features: 2,596 modules are represented in the API documentation with 14,014 attributes.
Weighting: The documents did not specify how any of the ranking features are weighted -- just that they exist.
Twiddlers: These are re-ranking functions that "can adjust the information retrieval score of a document or change the ranking of a document," according to King.
Demotions: Content can be demoted for a variety of reasons, such as: a link doesn't match the target site; SERP signals indicate user dissatisfaction; Product reviews; Location; Exact match domains; and/or Porn.
Change history: Google apparently keeps a copy of every version of every page it has ever indexed. Meaning, Google can "remember" every change ever made to a page. However, Google only uses the last 20 changes of a URL when analyzing links.

Other interesting findings. According to Google's internal documents:

Freshness matters -- Google looks at dates in the byline (bylineDate), URL (syntacticDate) and on-page content (semanticDate).
To determine whether a document is or isn't a core topic of the website, Google vectorizes pages and sites, then compares the page embeddings (siteRadius) to the site embeddings (siteFocusScore).
Google stores domain registration information (RegistrationInfo).
Page titles still matter. Google has a feature called titlematchScore that is believed to measure how well a page title matches a query.
Google measures the average weighted font size of terms in documents (avgTermWeight) and anchor text.
What does it all mean? According to King: "[Y]ou need to drive more successful clicks using a broader set of queries and earn more link diversity if you want to continue to rank. Conceptually, it makes sense because a very strong piece of content will do that. A focus on driving more qualified traffic to a better user experience will send signals to Google that your page deserves to rank." [...] Fishkin added: "If there was one universal piece of advice I had for marketers seeking to broadly improve their organic search rankings and traffic, it would be: 'Build a notable, popular, well-recognized brand in your space, outside of Google search.'"
Chrome

Chromebooks Will Get Gemini and New Google AI Features (wired.com) 9

Google is introducing the Gemini AI chatbot to Chromebook Plus models, enhancing features like text rewriting, image editing, and hands-free control. Here are a few of the top new features coming to ChromeOS, as summarized by Wired: The first notable feature is Help Me Write, which works in any text box. Select text in any text box and right-click -- you'll see a box next to the standard right-click context menu. You can ask Google's AI to rewrite the selected text, rephrase it in a specific way, or change the tone. I tried to use it on a few sentences in this story but did not like any of the suggestions it gave me, so your mileage may vary. Or maybe I'm a better writer than Google's AI. Who knows?

Google's bringing the same generative AI wallpaper system you'll find in Android to ChromeOS. You can access this feature in ChromeOS's wallpaper settings and generate images based on specific parameters. Weirdly, you can create these when you're in a video-calling app too. You'll see a menu option next to the system tray whenever the microphone and video camera are being accessed -- tap on it and click "Create with AI" and you can generate an image for your video call's background. I'm not sure why I'd want a background of a "surreal bicycle made of flowers in pink and purple," but there you go. AI!

Here's something a little more useful: Magic Editor in Google Photos. Yep, the same feature that debuted in Google's Pixel 8 smartphones is now available on Chromebook Plus laptops. In the Google Photos app, you can press Edit on a photo and you'll see the option for Magic Editor. (You'll need to download more editing tools to get started.) This feature lets you erase unwanted objects in your photos, move a subject to another area of the frame, and fill in the backgrounds of photos. I successfully erased a paint can in the background of a photo of my dog, and it worked pretty quickly.

Then there's Gemini. It's available as a stand-alone app, and you can ask it to do pretty much anything. Write a cover letter, break down complex topics, ask for travel tips for a specific country. Just, you know, double-check the results and make sure there aren't any hallucinations. If you want to tap into Google's Gemini Advanced model, the company says it is offering 12 months free for new Chromebook Plus owners through the end of the year, so you have some time to redeem that offer. This is technically an upgrade from Google One, and it nets you Gemini for Workspace, 2 terabytes of storage, and a few other perks.
New features coming to all Chromebooks include easy setup with Android phones via QR code for sharing Wi-Fi credentials, integration of Google Tasks into the system tray, a Game Dashboard for mapping controls and recording gameplay as GIFs, and a built-in screen recorder tool. Upcoming enhancements also include Hands-Free Control using face gestures, the Help Me Read feature with Gemini for summarizing websites and PDFs, and an Overview screen to manage open browser windows, tabs, and apps.

You can check if your Chromebook is compatible with the Chromebook Plus OS update here.
AI

OpenAI Says It Has Begun Training a New Flagship AI Model (nytimes.com) 40

OpenAI said on Tuesday that it has begun training a new flagship AI model that would succeed the GPT-4 technology that drives its popular online chatbot, ChatGPT. From a report: The San Francisco start-up, which is one of the world's leading A.I. companies, said in a blog post that it expects the new model to bring "the next level of capabilities" as it strives to build "artificial general intelligence," or A.G.I., a machine that can do anything the human brain can do. The new model would be an engine for A.I. products including chatbots, digital assistants akin to Apple's Siri, search engines and image generators.

OpenAI also said it was creating a new Safety and Security Committee to explore how it should handle the risks posed by the new model and future technologies. "While we are proud to build and release models that are industry-leading on both capabilities and safety, we welcome a robust debate at this important moment," the company said. OpenAI is aiming to move A.I. technology forward faster than its rivals, while also appeasing critics who say the technology is becoming increasingly dangerous, helping to spread disinformation, replace jobs and even threaten humanity. Experts disagree on when tech companies will reach artificial general intelligence, but companies including OpenAI, Google, Meta and Microsoft have steadily increased the power of A.I. technologies for more than a decade, demonstrating a noticeable leap roughly every two to three years.

Google

Google's AI Feeds People Answers From The Onion (avclub.com) 125

An anonymous reader shares a report: As denizens of the Internet, we have all often seen a news item so ridiculous it caused us to think, "This seems like an Onion headline." But as real human beings, most of us have the ability to discern between reality and satire. Unfortunately, Google's newly launched "AI Overview" lacks that crucial ability. The feature, which launched less than two weeks ago (with no way for users to opt-out), provides answers to certain queries at the top of the page above any other online resources. The artificial intelligence creates its answers from knowledge it has synthesized from around the web, which would be great, except not everything on the Internet is true or accurate. Obviously.

Ben Collins, one of the new owners of our former sister site, pointed out some of AI Overview's most egregious errors on his social media. Asked "how many rocks should I eat each day," Overview said that geologists recommend eating "at least one small rock a day." That language was of course pulled almost word-for-word from a 2021 Onion headline. Another search, "what color highlighters do the CIA use," prompted Overview to answer "black," which was an Onion joke from 2005.

Security

Memory Sealing 'mseal' System Call Merged For Linux 6.10 (phoronix.com) 50

"Merged this Friday evening into the Linux 6.10 kernel is the new mseal() system call for memory sealing," reports Phoronix: The mseal system call was led by Jeff Xu of Google's Chrome team. The goal with memory sealing is to also protect the memory mapping itself against modification. The new mseal Linux documentation explains:

"Modern CPUs support memory permissions such as RW and NX bits. The memory permission feature improves security stance on memory corruption bugs, i.e. the attacker can't just write to arbitrary memory and point the code to it, the memory has to be marked with X bit, or else an exception will happen. Memory sealing additionally protects the mapping itself against modifications. This is useful to mitigate memory corruption issues where a corrupted pointer is passed to a memory management system... Memory sealing can automatically be applied by the runtime loader to seal .text and .rodata pages and applications can additionally seal security-critical data at runtime. A similar feature already exists in the XNU kernel with the VM_FLAGS_PERMANENT flag and on OpenBSD with the mimmutable syscall."

The mseal system call is designed to be used by the likes of the GNU C Library "glibc" while loading ELF executables to seal non-writable memory segments or by the Google Chrome web browser and other browsers for protecting security sensitive data structures.

Transportation

Could Sea Explosions Finally Locate the 2014 Crash Site of Flight MH370? (cardiff.ac.uk) 31

Malaysia Airlines Flight 370 vanished in 2014 — and efforts continue to find it. In 2018 a UK-based video producer claimed to have discovered the crashed aircraft on Google Maps — but Newsweek pointed out the same wreckage "is visible in imagery dating back to January 1, 2004 — more than a decade before MH370 disappeared."

Marine robotics company Ocean Infinity also failed to find the aircraft after a five-month search in 2018 — but has returned to the headlines this March, writes the Independent, "claiming that they have scientific evidence" for the flight's final resting place. (The company's CEO says the last six years they've been "innovating with technology and robotics to further advance our ocean search capabilities.")

And this week Indian Express reported that researchers from the UK's Cardiff University investigating the mystery "have come up with a novel plan to unravel it — sea explosions."

More from the Economic Times: Scientists have said that airplanes crashing over oceans create unique acoustic signatures that can travel more than 3,000km through water. These acoustic signatures can be recorded by a network of 11 hydroacoustic stations worldwide that are dotted along the seabed. Researchers at Cardiff University have said that a series of controlled underwater explosions or air gunfire along the 7th arc [where the plane last communicated] can be done to see whether they can isolate a more precise location for MH370.
More details from NDTV: "[W]ithin the time frame and location suggested by the official search, only a single, relatively weak signal was identified,'' Dr Kadri said... ''Similar exercises were performed in the search and rescue mission for the ARA San Juan, a submarine that vanished off the coast of Argentina in 2017. This shows us that it is relatively straightforward and feasible and could provide a means to determine the signal's relevance to MH370, prior to resuming with another extensive search. If found to be related, this would significantly narrow down, almost pinpoint, the aircraft's location,'' Dr Kadri added...

Despite the largest search in aviation history, the plane has never been found.

An announcement from Cardiff University adds that "The experiments would also help develop the use of hydroacoustic technology as a tool for authorities to draw upon when narrowing down potential crash locations for airplanes in the future."
Portables

A Startup's Faster-Than-E-Ink Android Tablet Challenges Apple's IPad (om.co) 97

It's "one of the most talked about devices in Silicon Valley," according to tech writer/investor Om Malik.

The company's web site calls it "the computer, de-invented," promising a tablet with "the world's first full-speed paper-like display." But Its founder has structured the company as a Public Benefit Corporation, with its web site describing the eyestrain-relieving tablet as "designed for deep focus and wellbeing. We refuse to accept a future where our devices are exhausting, addictive, and distracting."

Malik writes that Daylight Computer founder Anjan Katta suffers from ADHD, and "wanted something that allowed him few distractions and allowed him to work with intent." What the company has created is a beautiful tablet — about the size of a normal iPad Air. It is just a "little less than white," white, with a gorgeous screen. It is very simple, elegant, and lovely. It has an e-ink screen, and the matte monochrome paper-like display is optimized for reading, writing, and note-taking. It refreshes at 60 frames per second, a pretty big deal for e-ink displays. This different screen technology developed by the company is called LivePaper and it feels as snappy as anything you have experienced on an iPad. This is what puts it a notch above other e-ink tablets. This is precisely why the new Daylight tablet is much less stressful on the eye and easy to use even in direct sunlight. It has 8 GB memory, about 128 GB in-built storage, an 8-core chip, microphones, speakers, and a powerful battery.

There is no camera — thank God!

An ad from the company suggests the tablet "might change the way you think about screens," promising their device is "less distraction. Less addiction. Less eyestrain. Less blue light... Technology that feels a little bit more human, a bit less demanding."

The blog of product designer Arun Venkatesan calls it one of those devices that "signals an exciting new era where we can harness the power of technology without sacrificing our ability to live intentional, balanced lives."

Tom's Guide notes the tablet "is designed to run normal Android apps, and comes pre-installed with apps like Audible, Kindle, Google Docs and more" — and this may be the only the beginning: Based on various podcast interviews we could find of Katta, the DC1 isn't the end goal of the company. Katta wants to see the Live Paper display in all kinds of devices like monitors, laptops and watches.

Is the Daylight DC1 a technology flash in the pan or will we see a wave of Live Paper devices in the future? It'll be interesting to see how this devices truly works once its in people's hands.

The Internet

How Internet Pioneers Celebrated 50 Years of the Internet (i50ieee.com) 7

Founded in 1963, the Institute of Electrical and Electronics Engineers held a special event Sunday that they said would be "inspiring engineering for the next 50 years."

The event featured talks on the origins of the internet from 80-year-old "father of the internet" Vint Cerf, along with John Shoch (who helped develop the Ethernet and internetwork protocols at Xerox PARC), Judith Estrin (who worked with Cerf on the TCP project), and Robert Kahn (who with Cerf first proposed the IP and TCP protocols). Ethernet co-inventor Bob Metcalfe also spoke at the end of the event.

Long-time Slashdot reader repett0 was an onsite volunteer, and shares that "it was incredible to meet and greet such a wonderful mix of people making technology happen... [T]he event celebrated many key technologies and innovators from the past 50 years and considerations of what is to come in the next 50 years." Video streams are available and more are coming online (including interviews with key innovators, society leadership, and more). If you could not make this event, follow-on activities continue, including the People-Centered Internet Imagine Workshop where a mix of society is working together to consider how to improve humanity's intersection with ever-expanding abilities thanks to technology.
They add that the event was made possible "through the collaboration of many professional computing societies" including the IEEE, People-Centered Internet, Google, Internet Society, IEEE Computer Society, GIANT Protocol, IEEE Foundation — and volunteers from the SF Bay Area ACM and Internet Society.
Microsoft

Thursday's Bing API Outage Took Down DuckDuckGo, Copilot, and ChatGPT Search (theverge.com) 17

Thursday long-time Slashdot reader mschaffer reported that "Microsoft's search engine isn't working correctly, and many alternative search engines that rely on it are down, too."

Bing started "having issues" around 1:30 a.m. EST, reports SearchEngineLand (citing Downdector.com, and sharing screenshots of Bing.com searches failing — even on partner sites like DuckDuckGo).

By Thursday morning search capabilities for ChatGPT, Copilot, DuckDuckGo, and other platforms had stopped working, reports the Verge, saying the issues "appeared to be linked to Bing's API and any service that relies upon it." While Microsoft's own web search engine, Bing, was also seemingly affected, according to TechCrunch, it came back online eventually. By 11AM ET, OpenAI posted a note indicating the issue had been resolved, saying, "Between around 10:10 PM PT yesterday and 6:50 AM PT today, we experienced a partial outage affecting ChatGPT's web-browsing capabilities due to Bing being unavailable." DuckDuckGo posted that "we're coming back up" at around 10:30AM ET, and so did Ecosia, which is "the search engine that plants trees."
Copilot users experienced "a loading loop that prevented users from accessing the service," according to the article, while ChatGPT users attempting a web search got error messages instead.

Ars Technica adds that it also stopped searches from Microsoft's Edge browsers (that hadn't changed their default search settings). But they also had a disturbing observation for people worried that web search is dominated by Google: "most of your other major options were brought down by a single API outage... The overwhelming majority of search tools offering an alternative" to Google are using Google, Bing, or Yandex... Yandex, being based in Russia, is a non-starter for many people around the world at the moment."
But their article digs deep into the alternatives, starting with this list compiled by undergraduate CS major Rohan Kumar of search sites with their own indexes — including Mojeek, Stract, and Right Dao and Yep...
Google

Google Threatens To Pause Google News Initiative Funding In US (axios.com) 20

Google has warned nonprofit newsrooms that a new California bill taxing Big Tech for digital ad transactions would jeopardize future investments in the U.S. news industry. "This is the second time this year Google has threatened to pull investment in news in response to a regulatory threat in California -- but this time, hundreds of publishers outside of California would also feel the impact," reports Axios. From the report: Google's new outreach to smaller news outlets is happening in response to a different bill, introduced this year by State Sen. Steve Glazer, that would tax Big Tech companies like Google and Meta for "data extraction transactions," or digital ad transactions. Tax revenue would fund tax credits meant to support the hiring of more journalists in California by eligible nonprofit local news organizations. With the link tax bill, Google only threatened to pull news investments in California. But the company is telling partners that the ad tax proposal will threaten consideration of new grants nationwide by the Google News Initiative, which funds hundreds of smaller news outlets, sources told Axios. Previous commitments, however, should be secure. A spokesperson for the Institute for Nonprofit News said the organization believes that grants previously committed through GNI as described here "are secure, so INN members should continue to benefit through this particular Fundamentals Labs program."

Google's concern, sources familiar with the company's thinking told Axios, is that the new California ad tax bill could set a troubling wider precedent for other states. California's Senate tax committee approved the "ad tax" bill May 8. Days after that, Google started making calls to nonprofits about potentially pausing future Google News Initiative funding, sources told Axios. Opponents argue (PDF) the ad tax burden would get passed down to consumers and businesses. They also say the measure would face legal challenges, similar to a digital ad tax introduced in Maryland last year.

Google

Google Search's 'udm=14' Trick Lets You Kill AI Search For Good (arstechnica.com) 40

An anonymous reader quotes a report from Ars Technica: If you're tired of Google's AI Overview extracting all value from the web while also telling people to eat glue or run with scissors, you can turn it off -- sort of. Google has been telling people its AI box at the top of search results is the future, and you can't turn it off, but that ignores how Google search works: A lot of options are powered by URL parameters. That means you can turn off AI search with this one simple trick! (Sorry.) Our method for killing AI search is defaulting to the new "web" search filter, which Google recently launched as a way to search the web without Google's alpha-quality AI junk. It's actually pretty nice, showing only the traditional 10 blue links, giving you a clean (well, other than the ads), uncluttered results page that looks like it's from 2011. Sadly, Google's UI doesn't have a way to make "web" search the default, and switching to it means digging through the "more" options drop-down after you do a search, so it's a few clicks deep.

Check out the URL after you do a search, and you'll see a mile-long URL full of esoteric tracking information and mode information. We'll put each search result URL parameter on a new line so the URL is somewhat readable [...]. Most of these only mean something to Google's internal tracking system, but that "&udm=14" line is the one that will put you in a web search. Tack it on to the end of a normal search, and you'll be booted into the clean 10 blue links interface. While Google might not let you set this as a default, if you have a way to automatically edit the Google search URL, you can create your own defaults. One way to edit the search URL is a proxy site like udm14.com, which is probably the biggest site out there popularizing this technique. A proxy site could, if it wanted to, read all your search result queries, though (your query is also in the URL), so whether you trust this site is up to you.

Youtube

YouTube Rolling Out Its Widely Hated New Web Redesign (9to5google.com) 61

Ben Schoon reports via 9to5Google: After first appearing earlier this year, YouTube once again appears to be rolling out a new redesign for its website that everyone hates. In mid-April, Google started testing a redesign to YouTube's website, which moved the title of the video, its description, and the comments to the side of the screen. In their place, video recommendations were moved directly underneath the video being watched with much larger thumbnails and titles. The change was widely hated by almost everyone who got it, but it didn't show up for all users. In the weeks to follow, YouTube reverted the redesign. Now, the YouTube redesign is back.

As spotted by many users, YouTube has started rolling out this redesign yet again. The new look has been appearing over the past few days, though it doesn't seem like it's a wide rollout. Rather, it appears to still be a test more than anything else. What does this second attempt mean? It's still unclear if YouTube intends to make this new look the default experience, but a second round of testing certainly implies more data is being gathered.

Google

Google: Stop Trying To Trick Employees With Fake Phishing Emails (pcmag.com) 100

An anonymous reader shares a report: Did your company recently send you a phishing email? Employers will sometimes simulate phishing messages to train workers on how to spot the hacking threat. But one Google security manager argues the IT industry needs to drop the practice, calling it counterproductive. "PSA for Cybersecurity folk: Our co-workers are tired of being 'tricked' by phishing exercises y'all, and it is making them hate us for no benefit," tweeted Matt Linton, a security incident manager at Google.

Linton also published a post on the Google Security blog about the pitfalls of today's simulated phishing tests. The company is required to send fake phishing emails to its employees to meet the US government's security compliance requirements. In these tests, Google sends an employee a phishing email. If the worker clicks a link in the email, they'll be told they failed the test and will usually be required to take some sort of training course. However, Linton argues that simulated phishing tests can lead to harmful side effects, which can undermine a company's security. "There is no evidence that the tests result in fewer incidences of successful phishing campaigns," Linton said, noting that phishing attacks continue to help hackers gain a foothold inside networks, despite such training. He also pointed to a 2021 study that ran for 15 months and concluded that these phishing tests don't "make employees more resilient to phishing."

Businesses

iFixit is Breaking Up With Samsung (theverge.com) 13

iFixit and Samsung are parting ways. Two years after they teamed up on one of the first direct-to-consumer phone repair programs, iFixit CEO and co-founder Kyle Wiens tells The Verge the two companies have failed to renegotiate a contract -- and says Samsung is to blame. From a report: "Samsung does not seem interested in enabling repair at scale," Wiens tells me, even though similar deals are going well with Google, Motorola, and HMD. He believes dropping Samsung shouldn't actually affect iFixit customers all that much. Instead of being Samsung's partner on genuine parts and approved repair manuals, iFixit will simply go it alone, the same way it's always done with Apple's iPhones. While Wiens wouldn't say who technically broke up with whom, he says price is the biggest reason the Samsung deal isn't working: Samsung's parts are priced so high, and its phones remain so difficult to repair, that customers just aren't buying.
Wireless Networking

Why Your Wi-Fi Router Doubles As an Apple AirTag (krebsonsecurity.com) 73

An anonymous reader quotes a report from Krebs On Security: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally -- including non-Apple devices like Starlink systems -- and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices. Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates.

Both Apple and Google operate their own Wi-Fi-based Positioning Systems (WPS) that obtain certain hardware identifiers from all wireless access points that come within range of their mobile devices. Both record the Media Access Control (MAC) address that a Wi-FI access point uses, known as a Basic Service Set Identifier or BSSID. Periodically, Apple and Google mobile devices will forward their locations -- by querying GPS and/or by using cellular towers as landmarks -- along with any nearby BSSIDs. This combination of data allows Apple and Google devices to figure out where they are within a few feet or meters, and it's what allows your mobile phone to continue displaying your planned route even when the device can't get a fix on GPS.

With Google's WPS, a wireless device submits a list of nearby Wi-Fi access point BSSIDs and their signal strengths -- via an application programming interface (API) request to Google -- whose WPS responds with the device's computed position. Google's WPS requires at least two BSSIDs to calculate a device's approximate position. Apple's WPS also accepts a list of nearby BSSIDs, but instead of computing the device's location based off the set of observed access points and their received signal strengths and then reporting that result to the user, Apple's API will return the geolocations of up to 400 hundred more BSSIDs that are nearby the one requested. It then uses approximately eight of those BSSIDs to work out the user's location based on known landmarks.

In essence, Google's WPS computes the user's location and shares it with the device. Apple's WPS gives its devices a large enough amount of data about the location of known access points in the area that the devices can do that estimation on their own. That's according to two researchers at the University of Maryland, who theorized they could use the verbosity of Apple's API to map the movement of individual devices into and out of virtually any defined area of the world. The UMD pair said they spent a month early in their research continuously querying the API, asking it for the location of more than a billion BSSIDs generated at random. They learned that while only about three million of those randomly generated BSSIDs were known to Apple's Wi-Fi geolocation API, Apple also returned an additional 488 million BSSID locations already stored in its WPS from other lookups.
"Plotting the locations returned by Apple's WPS between November 2022 and November 2023, Levin and Rye saw they had a near global view of the locations tied to more than two billion Wi-Fi access points," the report adds. "The map showed geolocated access points in nearly every corner of the globe, apart from almost the entirety of China, vast stretches of desert wilderness in central Australia and Africa, and deep in the rainforests of South America."

The researchers wrote: "We observe routers move between cities and countries, potentially representing their owner's relocation or a business transaction between an old and new owner. While there is not necessarily a 1-to-1 relationship between Wi-Fi routers and users, home routers typically only have several. If these users are vulnerable populations, such as those fleeing intimate partner violence or a stalker, their router simply being online can disclose their new location."

A copy of the UMD research is available here (PDF).

Slashdot Top Deals