Categories
ProgrammableWeb

Google Building Trust Token API to Help Combat Fraud

Google recently announced that it is building Trust Token API for developer testing. A trust token has been one of the many theorized API solutions to combat fraud in online advertising while allowing trust to propagate from web entity to web entity. As Google prepares to discontinue support for third-party cookies, allowing for trusted share of information continues to be a challenge, and the Trust Token API could be a viable solution.

“Trust tokens enable an origin to issue cryptographic tokens to a user it trusts,” Sam Dutton wrote on web.dev. “The tokens are stored by the user’s browser. The browser can then use the tokens in other contexts to evaluate the user’s authenticity. The Trust Token API allows trust of a user in one context (such as gmail.com) to be conveyed to another context (such as an ad running on nytimes.com) without identifying the user or linking the two identities.”

Google is actively pursuing the Trust Token API, but is looking for other alternatives as well. The company is in ongoing discussions with W3C and others as it looks for an alternative to cookies. It has already included other products to help combat fraud and promote trust such as Ad Transparency Spotlight, the Privacy Sandbox, and a new About this ad feature.

The Trust Token API follows the Privacy Pass protocol. The API is currently in the works, and the five key features currently include trust token issuance, trust token redemption, forwarding redemption attestation, trust-bound keypair and request signing, and private metadata. At the GitHub site, Google has published more details on the API development, privacy considerations, security considerations, potential extensions, and more.

Go to Source
Author: <a href="https://www.programmableweb.com/user/%5Buid%5D">ecarter</a>

Categories
ProgrammableWeb

Vericred Adds ICHRA Affordability Calculator API to ICHRA Development Kit

Vericred, an insurance and benefits data services company, recently introduced its ICHRA Affordability Calculator API. The service expands the company’s ICHRA Development Kit that companies use to build Individual Coverage Health Reimbursement Arrangement (ICHRA) solutions for brokers, employees and employees.

“There is considerable momentum for companies, large and small, to adopt ICHRAs as an alternative to traditional employer-sponsored coverage,“ Michael W. Levin, Vericred co-founder and CEO, commented in a press release. “Our ICHRA Affordability Calculator is yet another element of the infrastructure necessary for developers to create great ICHRA experiences for brokers, employers and employees.”

At its core, the ICHRA Affordability Calculator API allows employers to calculate the minimum contributions it must make to employees’ health insurance costs in order to comply with various laws. Additionally, it calculates how much subsidy an employee would receive if the employee opts out of an ICHRA to purchase a plan through a federal or state-based exchange. The calculators give programmatic and automatic access to the applicable options so that employers and employees alike can compare options and make informed decisions.

The calculator adds to the existing development kit which already includes a number of robust features including group and individual quoting APIs, group and individual disruption analysis APIs, shop by doctor, and shop by drug. Those interested in the new API, or any feature of the ICHRA Development Kit should visit the Vericred website and reach out to the sales team.

Go to Source
Author: <a href="https://www.programmableweb.com/user/%5Buid%5D">ecarter</a>

Categories
ScienceDaily

Scientists discover volcanoes on Venus are still active

A new study identified 37 recently active volcanic structures on Venus. The study provides some of the best evidence yet that Venus is still a geologically active planet. A research paper on the work, which was conducted by researchers at the University of Maryland and the Institute of Geophysics at ETH Zurich, Switzerland, was published in the journal Nature Geoscience on July 20, 2020.

“This is the first time we are able to point to specific structures and say ‘Look, this is not an ancient volcano but one that is active today, dormant perhaps, but not dead,'” said Laurent Montési, a professor of geology at UMD and co-author of the research paper. “This study significantly changes the view of Venus from a mostly inactive planet to one whose interior is still churning and can feed many active volcanoes.”

Scientists have known for some time that Venus has a younger surface than planets like Mars and Mercury, which have cold interiors. Evidence of a warm interior and geologic activity dots the surface of the planet in the form of ring-like structures known as coronae, which form when plumes of hot material deep inside the planet rise through the mantle layer and crust. This is similar to the way mantle plumes formed the volcanic Hawaiian Islands.

But it was thought that the coronae on Venus were probably signs of ancient activity, and that Venus had cooled enough to slow geological activity in the planet’s interior and harden the crust so much that any warm material from deep inside would not be able to puncture through. In addition, the exact processes by which mantle plumes formed coronae on Venus and the reasons for variation among coronae have been matters for debate.

In the new study, the researchers used numerical models of thermo-mechanic activity beneath the surface of Venus to create high-resolution, 3D simulations of coronae formation. Their simulations provide a more detailed view of the process than ever before.

The results helped Montési and his colleagues identify features that are present only in recently active coronae. The team was then able to match those features to those observed on the surface of Venus, revealing that some of the variation in coronae across the planet represents different stages of geological development. The study provides the first evidence that coronae on Venus are still evolving, indicating that the interior of the planet is still churning.

“The improved degree of realism in these models over previous studies makes it possible to identify several stages in corona evolution and define diagnostic geological features present only at currently active coronae,” Montési said. “We are able to tell that at least 37 coronae have been very recently active.”

The active coronae on Venus are clustered in a handful of locations, which suggests areas where the planet is most active, providing clues to the workings of the planet’s interior. These results may help identify target areas where geologic instruments should be placed on future missions to Venus, such as Europe’s EnVision that is scheduled to launch in 2032.

Story Source:

Materials provided by University of Maryland. Note: Content may be edited for style and length.

Go to Source
Author:

Categories
ProgrammableWeb

Adzerk Announces API and SDK Betas

Adzerk, an ad serving API provider, recently announced a number of API and SDK updates. Those included new beta tests of API features and SDKs, as well as a series of bug fixes and new product features. The company is actively soliciting participants in its API beta and the new SDKs are open source and ready for testers.

First, Adzerk is beta testing increased dayparting capability. Dayparting allows users to limit a flight to serve on specific days, times, or both. Accordingly, for users wanting to serve ads only in the evenings, dayparting functionality allows that. Until the current beta, users were allowed one daypart. The new beta allows for 10 dayparts per flight. Visit the changelog announcement to learn more.

Next, the company is testing the public beta of new SDKs. The SDKs are specifically for embedding Adzerk Decision and UserDB functionality into third-party applications. JavaScript, TypeScript, Java, Ruby, Python, and Clojure SDKs are now available for beta testing. This adds to the existing iOS and Android Decision SDKs. Links to all SDKs are available in the Decision SDK documentation.

As always, much of Adzerk’s new offerings depend on new releases from social media platforms. In its Q2 Industry review, Adzerk details new features and products from Snapchat, TikTok, Facebook, YouTube, Roku, Spotify, Instacart, and LinkedIn. Check out the recap to see how Adzerk is capitalizing on these updates. Finally, Adzerk has issued a number of bug fixes specifically to improve UI function, stability, and reliability all of which can be seen on the changelog.

Go to Source
Author: <a href="https://www.programmableweb.com/user/%5Buid%5D">ecarter</a>

Categories
ProgrammableWeb

A Stark Reminder about API Security As India Bans TikTok Over Privacy Concerns

Recently the Indian government said that it will ban TikTok along with dozens of other well-known apps developed in China saying that the apps pose a threat to the “sovereignty and integrity of India.” This comes on the heels of a border dispute between the two countries last month that led to the deaths of at least 20 Indian soldiers.

59 apps in total have been banned including popular messaging app WeChat and mobile browser UC Browser. India’s Ministry of Information Technology said the ban was due to user complaints that TikTok was “stealing and surreptitiously transmitting users’ data in an unauthorized manner.”

Now, the decentralized international hacking group known as Anonymous has come out with the accusation that TikTok is “essentially malware operated by the Chinese government running a massive spying operation.” This is in response to a thread from a Reddit user who claims to have reverse-engineered the app and found it to be nothing more than a thinly veiled data collection service.

According to Reddit user bangorlol, TikTok is using APIs to collect user information including (exact quotes):

  • Phone hardware (CPU type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)
  • Other apps you have installed (I’ve even seen some I’ve deleted show up in their analytics payload – maybe using as cached value?)
  • Everything network-related (ip, local ip, router mac, your mac, wifi access point name)
  • Whether or not you’re rooted/jailbroken
  • Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds – this is enabled by default if you ever location-tag a post IIRC
  • They set up a local proxy server on your device for “transcoding media”, but that can be abused very easily as it has zero authentication

If that weren’t bad enough, bangorlol claims that TikTok neglected to use HTTPS to encrypt traffic between its app and its servers. In an important lesson to any API provider about one of the key boxes to check when reviewing an API security plan, this could have potentially caused and that its API to leaked users’ email addresses and secondary emails (used for password resets) to prying eyes.

This information has yet to be independently verified by other researchers, but this is not the first time TikTok has been accused of poor security at best and nefarious activities at worst. The US armed forces have described the app as a threat to cybersecurity, Reddit CEO Steve Huffman has described it as “fundamentally parasitic,” and child advocacy groups filed a complaint stating that TikTok fails to give parents notices of “practices regarding the collection, use, or disclosure of personal information.”

TikTok has of course denied any wrongdoing and from a legal standpoint, they may be right. But by this point, we know the dangers of giving away our information, especially when it’s not clear just how much we are giving away in the first place. The revelations made by bangorlol are only the latest in a growing pile of evidence that users of TikTok should proceed with caution.

Go to Source
Author: <a href="https://www.programmableweb.com/user/%5Buid%5D">wsantos</a>

Categories
ProgrammableWeb

Hasura Introduces Hasura Cloud

Hasura, a data access infrastructure company, recently introduced Hasura Cloud. Hasura Cloud provides secure and instant access to data across hybrid and multi-cloud environments. It uses the unified GraphQL API to achieve this cross-cloud capability. Because it utilizes GraphQL, Hasura Cloud helps businesses achieve their cross-cloud goals without investment in expensive IT investments.

Hasura Cloud was borne out of Hasura’s existing enterprise product: Hasura Pro. Hasura Pro is amplified in Hasura Cloud with the addition of cloud-specific functionality. Features include data caching, auto-scaling, global availability and consumption-based pricing.

The goal of Hasura Cloud is to help data owners unlock data that is trapped in silos. Whether businesses face problems with fast-moving operational data, or static data warehouses and lakes, Hasura cloud was built to provide assistance. The primary method lying behind Hasura cloud is an approach that connects applications by federating access to where the underlying data lies. Hasura does this with an API approach that has security, governance, and scalability baked in.

Early testers of Hasura Cloud have had nothing but good things to say with the new offering. Hasura introduced the product at Hasura Con ’20. This year’s version was a virtual event that brought Hasura developers and collaborators together for six straight days of working together. To learn more, visit Hasura site.

Go to Source
Author: <a href="https://www.programmableweb.com/user/%5Buid%5D">ecarter</a>

Categories
ScienceDaily

Common food additive causes adverse health effects in mice

A common food additive, recently banned in France but allowed in the U.S. and many other countries, was found to significantly alter gut microbiota in mice, causing inflammation in the colon and changes in protein expression in the liver, according to research led by a University of Massachusetts Amherst food scientist.

“I think our results have a lot of implications in the food industry and on human health and nutrition,” says lead author Hang Xiao, professor and Clydesdale Scholar of Food Science. “The study confirmed a strong linkage between foodborne titanium dioxide nanoparticles (TiO2 NPs) and adverse health effects.”

Along with colleagues at UMass Amherst and in China, Xiao published the research in Small, a weekly, peer-reviewed, interdisciplinary journal that covers nanotechnology.

Gut microbiota, which refers to the diverse and complex community of microorganisms in the gut, plays a vital role in human health. An imbalance of gut microbiota has been associated with a range of health issues, including inflammatory bowel disease, obesity and cardiovascular disease.

Human exposure to foodborne TiO2 NPs comes primarily from a food additive known as E171, which is made up of different-size particles of TiO2, including one-third or more that are nanoscale. E171, which makes products look whiter and more opaque, is found in such food as desserts, candy, beverages and gum. E171 exposure is two to four times higher in U.S. children than in adults, Xiao points out that one study found.

Smaller than 100 nanometers, foodborne nanoscale particles may have unique physiological properties that cause concern. “The bigger particles won’t be absorbed easily, but the smaller ones could get into the tissues and accumulate somewhere,” Xiao says.

In their study, Xiao and his team fed either E171 or TiO2 NPs to two populations of mice as part of their daily diet. One population was fed a high-fat diet similar to that of many Americans, two-thirds of whom are obese or overweight; the other group of mice was fed a low-fat diet. The mice fed a high-fat diet eventually became obese, while the mice on the low-fat diet did not.

“In both the non-obese mice and obese mice, the gut microbiota was disturbed by both E171 and TiO2 NPs,” Xiao says. “The nanosized particles caused more negative changes in both groups of mice.” Moreover, the obese mice were more susceptible to the adverse effects of TiO2 NPs, causing more damage in obese mice than in non-obese ones.

The researchers found TiO2 NPs decreased cecal levels of short-chain fatty acids, which are essential for colon health, and increased pro-inflammatory immune cells and cytokines in the colon, indicating an inflammatory state.

To evaluate the direct health impact of gut microbiota disrupted by TiO2 NP, Xiao and colleagues conducted a fecal transplant study. They gave mice antibiotics to clear out their original gut microbiota and then transplanted fecal bacteria from the TiO2 NP-treated mice to the antibiotic-treated mice. “The results support our hypothesis that including TiO2 NPs in the diet disrupts the homeostasis of the gut microbiota,” Xiao says, “which in turn leads to colonic inflammation in the mice.”

The study also measured levels of TiO2 in human stool samples, finding a wide range. Xiao says further research is needed to determine the health effects of long-term — such as life-long and multigenerational — exposure to TiO2 NPs.

Go to Source
Author:

Categories
ProgrammableWeb

Security Researcher Saves 100 Million Starbucks Customers’ Personal Data From Exploitation

A security researcher, Sam Curry, recently noticed what he called “suspicious” API calls when ordering a Starbucks gift card for a friend. After learning that Starbucks runs a bug bounty program, Curry dug a little deeper. Soon thereafter, Curry found that Starbucks had potentially exposed personal records of around 100 million customers.

The security issue Curry uncovered was a result of the directory traversal bug. Curry reported the vulnerability through the bug bounty program before bad actors were able to exploit the personal data. That data included names, emails, phone numbers, and addresses.

Directory traversal, or file path traversal, allows attackers to read arbitrary files on a server where an application runs. In the case of Starbucks, endpoints under the /bff/proxy/ on the Starbucks app routed requests to retrieve store data. Although Starbucks had a firewall in place, Curry was able to get around it and traverse API calls to find URLs that shouldn’t be accessible on the internal host.

Curry reported the vulnerability to Starbucks on May 16 and Starbucks remedied the situation in less than a day. The highest reward under the Starbucks bug bounty program is $4,000 which Curry received. Starbucks has not commented on the incident.

Go to Source
Author: <a href="https://www.programmableweb.com/user/%5Buid%5D">ecarter</a>

Categories
ProgrammableWeb

Google Maps Celebrates 15th Birthday with New Customization Features

Google MapsTrack this API recently celebrated its 15th birthday. As part of that celebration, the Maps team announced a number of new beta features and a roadmap for making the next 15 years even more powerful than the first. Of all the features Google is adding to Google Maps, a single word seems to sum them all up: customization.

Google Maps customization has typically occurred on the client-side JSON. Those customizations were then sent to the service with map requests. This caused a number of limitations, including URL character limits. Google is moving customization to the cloud-side which will provide a number of benefits. First, it gives map designers more options. Second, it creates more flexibility for pushing out changes across maps. Finally, with styling on the server-side, non-coders can no participate in the map styling process.

Next, Google is introducing Vector Maps to the JavaScript API. Vector maps are rendered on the client-side, unlike raster tilemaps. The client-side rendering is handled through WebGL, which utilizes the user device’s GPU. This enables smoother, crisper maps tiles that will improve the map look during panning and zooming. Vector Maps are now supported on JavaScript, Android, and iOS, so Google is adding it to all three platforms.

Finally, Google is adding more customization to points of interest features. When points of interest were originally rolled out across the various map features, everything was labeled “business.” Now, Google is using five sub-categories: lodging, shopping, food & drink, car rental, and gas stations. This will allow map users to customize which type of businesses are used in their maps. Map designers will also be able to decide how many points of interest are included on their maps, although default settings will include the number that Google has determined is the average ideal as gained through years of testing.

Check out all new features and customization abilities in the docs (AndroidiOSJavascript). For the new, server-side features, they can be found in the ‘Map Management’ and ‘Map Styles’ tabs of the Cloud Console. To see more on the progress of Google Maps over the years, and where it’s headed next, visit Google’s Mapping the Future site.

Go to Source
Author: <a href="https://www.programmableweb.com/user/%5Buid%5D">ecarter</a>

Categories
ProgrammableWeb

Redox and Curative Partnership Demonstrates How APIs Allow Rapid Response to COVID-19

Redox, a provider of an interoperability platform for healthcare data exchange, has recently teamed with FDA-authorized COVID-19 testing company Curative to send COVID-19 test results to various state public health departments. This partnership has seen projects launched in 24 states.

According to  Isaac Turner, CIO and co-founder, Curative, “Every state has its own unique, mandatory reporting requirements for COVID-19 testing. This can be challenging for an organization like ours, which is so focused on working as quickly as possible to scale up testing services nationwide.” The partnership allows Curative to use the Redox API to connect patient data to state officials for COVID-19 reporting, and contact tracing programs. The Redox API helps standardize healthcare data and its network allows healthcare organizations, payers and healthcare applications to securely share it. By leveraging it, Curative has been able to manage the various state requirements and distribute results quickly. Of the 24 states where projects have been launched, two states, Illinois and Delaware, are now fully live.

The COVID-19 pandemic has required a rapid response by private, public and governmental organizations. APIs are an enabler of this speed and in cases like Curative, can even help inform public health policies. As we’ve seen, change is inevitable, whether the disruption comes from a global health crisis or natural shifts in market conditions. Organizations that are poised to leverage APIs will be the ones positioned to best deal with this change.

Go to Source
Author: <a href="https://www.programmableweb.com/user/%5Buid%5D">wsantos</a>