Slashdot Mirror
Should Burger King Be Prosecuted For Their Google Home-Triggering Ads? (washingtonpost.com)
Slashdot reader Lauren Weinstein thinks Burger King should be prosecuted for
successfully running an alternate version of its advertisement to trigger Google Home devices again Wednesday:
Someone -- or more likely a bunch of someones -- at Burger King and their advertising agency need to be arrested, tried, and spend some time in shackles and prison cells. They've likely been violating state and federal cybercrime laws with their obnoxious ad campaign... For example, the federal Computer Fraud and Abuse Act broadly prohibits anyone from accessing a computer without authorization... Burger King has instantly become the 'poster child' for mass, criminal abuse of these devices... It was a direct and voluntary violation of law.
I'm going to side with BK on this one. Nice troll of google. Again! With BK you can get a product that will feed you. With google you *are* the product. Not sure which product is the fattiest or greasiest of the two but there you have it.
I've never heard of such a brutal and shocking injustice that I cared so little about!
Give it to me straight... who does this affect - 4 or 5 people tops?
#DeleteChrome
You're looking at this the wrong way - you should see this as an opportunity. When you see an obvious dupe on Slashdot, your first response should be to submit a new, slightly tweaked version of the item.
If we all work together, we can make it so Slashdot's front page is full of eight or nine copies of the same story!
#DeleteChrome
I mean, as long as we are all being dicks, why not have the bigger dick?
I am very small, utmostly microscopic.
I'm not of that opinion. When a company is universally mocked on social media, I have trouble understanding how that is good for that company.
Lauren seriously needs to get a grip on reality if he thinks that jail time and shackles are appropriate punishments for a burger ad that triggers Google's spy equipment. There are real injustices in the world that are worthy of indignation, but Lauren's hyperbolic outrage over trivial first-world-problems (for those dumb enough to buy a Google Big Brother microphone to put in their homes and listen to their every conversation) is just plain silly.
Let's face it. From a marketing perspective, this is a huge success for BK. A relatively small number people were *actually* negatively affected, and I'd bet very few regular BK customers will actually STOP going there as a result. But for a single commercial, a huge number of people are now talking about BK and Whoppers. Even better, some people shift blame to Google for the insecurity of those voice interfaces. It's highly unlikely and negative legal consequences will come from this either.
Whichever sociopathic marketing asshole came up with this ploy is probably getting a big raise this year.
Irony: Agile development has too much intertia to be abandoned now.
Or why not remove Burger King from their search engine? A milder version would be pushing up a warning page when searching for Burger King or any of their trademarks...
Apparently Burger King made a slight change to the article and resubmitted it.
I don't really care as long as I keep getting those sheets of coupons.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Dara Schopp, BK regards the ad as a success, as it has increased the brand's 'social conversation' on Twitter by some 300%," though he's not a fan of "reaching through your TV speakers and directly messing with your digital devices. You may wish to consider alternate vendors for your burger needs."
All publicity is good publicity. Thus the thugs at United Airlines have just completed the most sucessful and money making PR campaign ever.
Next on Burger Kings agenda - Murdering a reandom customer. Strangle that fucker in th efront of the store. That oughta get their Twitter feed, the undeniable measure of success, to go up by a million percent or so.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Already been done --
...
http://www.theverge.com/2017/1...
"One recent instance occurred in Dallas, Texas earlier this week, when a six-year-old asked her family’s new Amazon Echo “can you play dollhouse with me and get me a dollhouse?” The device readily complied, ordering a KidKraft Sparkle mansion dollhouse,"
"The story could have stopped there, had it not ended up on a local morning show on San Diego’s CW6 News. At the end of the story, Anchor Jim Patton remarked: “I love the little girl, saying ‘Alexa ordered me a dollhouse,’” According to CW6 News, Echo owners who were watching the broadcast found that the remark triggered orders on their own devices."
Interesting, I haven't heard of a similar attack on Siri, or Amazon Echo.
is BK just trolling for the biggest fish, or is there something more?
Kevin Mitnick spent 5 years in jail https://en.wikipedia.org/wiki/... and Aaron Swartz was prosecuted/persecuted to the point that he committed suicide https://en.wikipedia.org/wiki/...
Meanwhile, Sony pulls off their rootkit exploit https://en.wikipedia.org/wiki/... and now Burger King with "OK, Google", and nobody goes to prison. The takeaway lesson for cybercriminals... don't do anything as an individual; instead, incorporate as a multinational, and have the corporation do the dirty work, without risk of anyone going to jail.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Seriously? You people are the reason nobody can get along anymore.
Maybe you shouldn't make your vocalized password the default "OK google." Yeah I know, first world problems...
You can lead a horse to water, but you can't make it dissolve.
It's not that it triggered it, it's that they went around something that was obviously meant to stop them from triggering it. It's like someone putting up a no trespassing sign but the trespassers come and trespass again. That shit will get you six months and a $5000 fine.
No, this is a good thing. The security hole is, and has always been, that the devices only recognize selected trigger words. This hole is due to poor design choices of the manufacturers, and they must step up to the plate to fix it or become liable for any and all consequences.
My GPS in my car has a 100% programmable verbal trigger (I have used "yo, bitch" in the past... so as you can see, quite programmable) and it is almost a decade old. So there's zero question it can be done.
The message is flat on the table now: Amazon, Google, Mycroft... everyone has to set up user-programmable trigger words as part of the install of the device / app. Otherwise this kind of thing, including truly hostile events, will be a regular consumer experience, and the manufacturers will be complicit.
No manufacturer can argue they were ignorant of the risk now. Entirely a good thing. I look forward to them repairing this obvious malfeature.
I've fallen off your lawn, and I can't get up.
Somebody's full of crap. In order to complete an order this way, after getting the Echo to understand what you want and confirming it verbally, you still need the 4-digit confirmation PIN number. That's a 1-in-10000 chance of getting right. If the parents let the kid hear the PIN number, that's on them. Not Amazon.
It's just the news media trolling you, hyperventilating about a non-problem. Again. Still. As they will continue to do tomorrow, because you let them.
I've fallen off your lawn, and I can't get up.
Of course they should. It would be a perfect stage to show off how dumb the CFAA is to luddites in government.
Google will demostrate it is serious about security
Snerk. Sorry, but voice interfaces are a MASSIVE security hole (think tape recorder). There's really no way to completely secure the damn things. You could prevent this attack, but there's lots more where that came from.
As long as Google thinks people want them (and, from the fact that people buy the things, I have to say it looks that way), Google will keep making them. The only way to clean up the mess is to point out the flaws to the point that people don't WANT an always-on voice command system. And the only way that happens is if people find it more annoying than helpful.
So kudos to Burger King for forcibly pointing out that there's a big problem in a way that DOESN'T drain customer's bank accounts.
A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
It would be funny, but then you're just playing BK's marketing game. There would be headlines AGAIN about Google doing that, which is just giving them more publicity. How many marketing campaigns end up with several Slashdot headlines (along with plenty of other big-name media outlets)?
The worst thing that could have happened to BK is that this story was ignored. They way they figure it, the longer they can keep this in the news, the more successful their marketing campaign is. The faux anger will dissipate in fairly short order, but we're still all thinking about BK's Whoppers in the meantime.
Irony: Agile development has too much intertia to be abandoned now.
Companies prove every year that bad publicity is bad.
Target is about to go under from bad publicity on the right.
A whole State is losing billions of dollars from bad publicity on the left, though that should go back to normal now.
It doesn't even matter who is mad, when people get pissed at your company, and your company relies on sales of cheap shit to the masses, or tourism, it hurts.
What confused people in the past was cases where companies got what was actually good publicity, but society had some traditional hang-up that told people it was "bad." So then the company benefits, and some people get confused. Things like a spokesperson or executive having a sex scandal was seen as "bad publicity," but then it would actually help the company. Because it turns out, sex sells. Who knew?!
This means they like to trick people. Do people trust them not to substitute ingredients? Deceptive ads don't only affect people who were tricked, everybody who believes that your ad was deceptive has had their view of your company altered.
corporation, they'd have been arrested, and would currently be awaiting trial in jail with an outrageous bail set.
So fuck Mitt Romney, corporations are not people, they're clearly better than that.
Lauren Weinstein, a whiny, weak-ass, entitled, irresponsible snowflake with no life.
Well, this IS the company that actually made a video game of an adult in a creepy king costume stalking children and making them eat unhealthy food.
What is authorized and un-authorized use? Has Google made any effort to limit use to only the owner, or have they optimized to allow use by anyone who can talk to the device? If there's no authentication, log-in, or physical controls, there's no permission needed to use the device. What does the owner need to do to keep other people from using the device? Turn it off.
I agree - BK exploited a hole in the system in a way that was reasonably annoying but pretty harmless. This just highlights the fact that voice control over computers is a crappy way since there's no way to truly identify that the person who do the command has the right to do it.
It's about as secure as a MS-DOS system.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Burger King's Ad should be firmly covered by the first amendment.
You seem to be confusing burger king, the corporation, with you or I or any other "individual 1337 h4xx0r". If "we" did this, we would be in jail for life. Corporations don't get put in jail. Corporations doing invasive marketing don't even generally pay fines. People accept this as another battle in the ad wars, and don't really see two corporations fighting as anything but spectacle of the elites.
One would hope that people take away from this that voice interfaces are terribly insecure to leave running all the time. Or even better, that google has to come up with a better defence mechanism for its hardware.
If its that easy to hack, its that easy to hack. No government can legislate away security flaws.
-
Ask Benetton if there is no such thing as bad publicity. Their controversial ad campaigns from the 90's shocked and abused the trust of many resulting in my and so many others boycotting them and tossing the sweaters we had.
They were oh so happy in the beginning -- "Look at all the free publicity!". Middle term it became "Hey guys, why are our sales tanking?" Long term was the closure of 90% of it's stores and a voluntary return to obscurity in order to not disappear completely.
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
Or why not remove Burger King from their search engine?
Because it's legally an incredibly stupid thing to do for a company that states over and over again they are not abusing a monopoly position.
I wonder if anyone has figured just how malicious this actually is, it is insidiously so when we consider this deliberate repeat activations of what is a google search recorded against a users google account and feeds into the advertising interest algorithms for the advertising google's network serves. It is directly going to skew adverts to win win the advert buy auction on an interest score rather than a price per an advert.
Look, I'm not going to attack someone's character over one ridiculous belief. That being said, believing that Burger King did something that violates the CF&A is a pretty fucking stupid belief. Believing that jail is a solution to what is essentially a harmless hack is even more ridiculous. In fact I would go so far as to say that they did the world a favor by giving the proletariat a wake-up call, albeit as an unintended side effect rather than as their intended purpose.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Lack of security features isn't an agreement to let others to use your product.
If I leave my front door open and random people just walk in my home I would be pissed can I could get them removed by law for trespassing because.
We shouldn't need a fortis for protection all the time to make sure people behave.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
"They manipulated my 'computer' from far way through sound waves to do their bidding, on purpose, repeatedly."
When you turn your computer on, and navigate to a webpage, the remote computer, through the internet sends files to your PC that manipulates what is displayed on your computer to show you what it wants to show you. Are they hacking your computer?
What if they send you video file and it starts playing? what if they send you some javascript (and you've enabled javascript) and a little program runs on your computer inside the browser sandbox all nice and proper? Are they hacking your computer?
Presumably this is ok, because you turned on your computer and requested that it do this?
Well.. didn't you also purchase this google thing, with an always on microphone, and set it up on the internet set to obey any commands it recognized? And then you put this thing within earshot of your TV with the volume turned up loud enough to ensure it could hear it?
And they didn't 'hack' you. They didn't run an exploit, overflow a buffer, or escape from the sandbox. They issued a request... literally a verbal request, in plain english. And your system was setup to audibly play their content, to listen to anything audible, and consent to anything it recognized.
Are you sure you aren't a little bit responsible here?
As always, It's all about intent right? What did BK intend? They wanted to get your device to play you a 2ndary ad. Nobody disputes that.
What exactly did "you" intend? When you setup an always listening device within earshot of your TV set to obey any audio command that it recognized? You did THAT? but simultaneously didn't intend for it do things the TV said?
I mean, i don't want to blame the victim; but this isn't a girl wearing provocative clothing getting assaulted.
This is a girl wearing provocative clothing, simply being approached and politely asked for a photo. The fact that she's gone and rigged her phone to always be listening and to automatically send photos of herself naked to anyone who asks for a photo is really on her. Maybe she only "intended" her boyfriend to get pictures? Well, sorry, that's not the system she setup.
Nope. United's Contact of Carriage explicitly lists the conditions where they can remove a seated customer without consent, and none of those apply. They contacted away their right to declare the passenger as a trespasser.
Moreover, the airport police were not acting within the scope of their police duties at the time. They were instead acting as agents of United, and as such, the principal (United) shares responsibilities for their actions.
This. I, for one, think that the law is too strict, but it should be applied consistently, so BK should find themselves in front of a judge for this just as any bored teenager would for being caught doing the same.
"When information is power, privacy is freedom" - Jah-Wren Ryel
...The only way to clean up the mess is to point out the flaws to the point that people don't WANT an always-on voice command system. And the only way that happens is if people find it more annoying than helpful.
People have always found passwords to be annoying. So much so that the "top 10 worst passwords" lists haven't really changed in decades. Yes, the same fucking stupid behavior of picking a shitty password has been passed on through generations of computer users. Identity theft on the rise because of it? Sure. People still don't give a shit.
In short, there is no fixing this. People WANT insecurity. They WANT to be lazy. It's the entire fucking reason they paid good money for an always-on voice command system that has no need for an annoying password to sit in the privacy of their home.
Shocked, ok. but how did they "abuse the trust"? What trust du you have (or do you need) to buy a plain sweater withthe only difference from other china produced mass market ware is a certain word?
And for the return to obscurity.. That's what's happening to all mass market fashon brands. They start with an exclusive price tag and everyone wants a genuine "Foobar" shirt. Then profits are increased by becomming more and more "available" (both in number of stores and price) until everyone will buy them. And when the early adopters give the first pieces to welfare, the brand folds.
bickerdyke
But it would be really simple here: That activation phrase is already annoying enough. ("Hey Siry" rolls like something you'd normaly say to someone, but chanting some company name to get results back sounds more like arcane magic summoning a demon from mammon's hell..)
Why not use individualized activation phrases?
Give your "personal assistant" some personality! A name of it's own, randomly modulate the speech synthesis parameters a bit for each device, and BK would need to go "OK John, OK Helen, OK Majel, OK Eliza, OK HAL..." and the spot would be over without triggering any device
bickerdyke
Cheese? I don't order anything with cheese there anymore because I can barely taste it. The other day I ordered two Whoppers, and it was taking a while. "She put cheese on there by accident, so we're going to remake them because we can't just pick it off." "Don't bother, I don't mind the cheese, I just don't need it." And I was able to confirm that I really could barely taste the cheese. (To be fair, it's because of all the other flavors, but I've stopped getting cheese on burgers in general, not just BK. I don't want to pay 50 cents for extra calories that I can't even taste.)
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Well, that's kind of the thing, isn't it? It's *hard* to draw that boundary and the CFAA is really vague about what constitutes unauthorized. I mean, do we commit a felony if we link to perfectly accessible sites where the owner has written a ToS that purports to give them full control? How do we even know that we weren't authorized? Clearly we need to have some kind of notice. And the web is full of programs, it's not reasonable to expect everyone to read every ToS on the web, clearly we should have some expectation that if the site gives us access when we ask for it that we're allowed to actually view the page. But at the same time, we can't go too far in legitimizing those who hack the websites into giving access. At the same time, I'd hate to see felonies for people who put an anonymous email into anonymous FTP or who don't feed some website all their personal details when signing up.
That's why I think that access should be authorized as long as it is given and there's no important deception. Here 'important' simply means that if you hadn't deceived the site, it wouldn't have granted access. It also requires actual deception--something untrue. For example, pretending that you were the owner of some account and trying to reset the password, lying to the support staff to get access, or simply brute forcing an account that isn't yours. It'd be best to add in some minimum amount of damages that have to have been suffered, too, so that some technical violations that cause no actual harm don't get treated as federal crimes. Say, for example, if some kid claims to be 18 to access a porn site.
I find this to be a more balanced idea that focuses the criminal penalties on people who are actually up to no good, without giving websites carte blanche to dictate what is and is not a felony.
Is this really "a thing" now? If so, and you're worrying about it, just please fucking shoot yourself.
For the good of humanity. Just off you over-sensitive ass and have done!
It's not BK's problem that Google's device security is half-baked shit.
Chas - The one, the only.
THANK GOD!!!
"Burger King has instantly become the 'poster child' for mass, criminal abuse of these devices."
What Burger King has become the "poster child" for is the utter and complete insecurity of any of the "Internet of Things", most of which have no security at all. There's not even any way to MAKE them secure. I sincerely hope that every IoT designer and programmer was interrupted by this and will see the light.
It' is ALSO an enormous argument against anyone putting ANY faith in Wikipedia. NEVER use Wikipedia.
It's also another warning (as if we needed one, after "Oath of Fealty") that computer/brain interfaces will make it trivially easy to implant false memories in the brain of any person who gets one.
All commercials use heavy range compression to boost the relative loudness. Just detect that, a quality a real voice would never have, and then advertisers would have to at least make the ad quieter to bypass it.
Technically, the "break" part of "break and enter" refers to the seal created by the door. That is, if the door is left open (rather than unlocked as in your example), the charge is reduced to trespass, as there was no broken seal. It is the act of breaking the seal of the door, that is physically opening the door, that makes it "breaking and entering".
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
There are actual technical reasons for using one name.
In the Kinect, there is a very lower power custom hardware circuit that only detects the phrase 'XBox On", and nothing else. I would guess other devices work in a similar fashion.
This saves hardware and electrical costs when spread over millions of devices that are always 'on' by allowing them to be in a low-power state, yet still able to respond when triggered, without it people would be complaining about the constant waste of the power drain.