Fortnite is risking user security in bypassing Google Play Store

Fortnite is a massively popular third-person shooter game, and its highly-anticipated Android version is coming soon. However, the launch has a caveat: Fortnite won't be available on the Google Play Store. Instead, users will have to download it directly from the game's website.

Fortnite maker Epic Games CEO Tim Sweeney told The Verge the company wants to have a "direct relationship" with customers by cutting out the middleman, Google, and in this case also cutting out Google's 30% cut on in-app purchases. But the move could also mean users will have a more direct relationship with malware developers, too.

Bypassing the Play Store also means bypassing its built-in security protections while conditioning people to feel comfortable with downloading apps and services directly from the web. The Google Play Store isn't totally malware-free of course, but its protections like Google Play Protect and regular application security audits mean users who get apps from trusted developers directly from Google's marketplace are better protected than those who install third-party apps outside Google's official store. 

To install a third-party app from a website outside of Google Play (a method called "sideloading"), users must allow apps from unknown sources by modifying the device's security settings. This will let you download Fortnite; but it would also make it easier for illegitimate developers to get you to download malicious content. We've already seen how bad actors will take advantage of Fortnite's move to Android—when the company announced its Android app would be available this summer, Fortnite scams and malicious downloads began popping up on YouTube and around the web to make money off unsuspecting users looking for the game's mobile version. 

It's somewhat understandable from a business perspective. Fortnite hit $1 billion in revenue from in-app purchases last month, and the company doesn't want to split the check with Google. (Apple also takes a chunk of apps' revenue, however the company makes it virtually impossible for iOS users to legitimately download apps from anything but the iOS App Store). 

But from a customer perspective, it sucks. Security experts, tech companies, and app developers all agree it's best practice to only download apps from trusted developers, and only from legitimate app stores. By shirking these practices, Epic Games is normalizing behavior that can lead to kids' phones getting hacked. 

For instance, hackers could masquerade as legit Fortnite representatives or gamers and trick people into downloading malware. This method of phishing Android users to install bad apps and spyware has been used by state-backed adversaries and average bad actors alike. 

Sweeney appears to have a lot of faith in Fortnite users fully understanding proper Android security hygiene. That includes remembering to disable allowing downloads from unknown sources once they've got the game (unless they're running Android Oreo, which asks for permissions individually), and being able to identify malicious applications from the legitimate Fortnite app in the first place. 

By avoiding the Google Play Store, it appears Epic Games is putting profit over the risk of privacy and security issues for its users. In doing so, its players lose. 

Update: A previous version of this post misstated Fortnite's revenue. My bad, thanks Jordan! 

Tech Bytes: The Struggle of Healthy Eating at Conferences

It's that time of year again. Time for the annual pilgrimage to the desert for two major security conferences, Black Hat and DEF CON. That means it's also time for me to have at least one breakdown over too many or too few calories from foods I consider "bad" or "safe." 

I do not have a normal relationship with food. But with all the diets and paleo recipes and celebrity poop teas of our age, what is really normal anyway? Well, it's probably not being afraid of anything with dairy, sugar, or too many carbs, and it's definitely not restricting yourself because if you eat a slice of pizza you will hate yourself for a week. 

Traveling is really difficult for me. I am in recovery from anorexia and purge disorder, and although I went through extensive therapy to try and tame my demons and learn that it's okay to eat more than oatmeal, whenever I break from my normal eating patterns, some of my bad habits return. I think about how many calories are in whatever I put in my body, and tell myself if I eat something I consider "bad," it will ruin everything I have worked so hard to maintain. 

In my life there are four main food groups: vegetables, grains, protein, and fear. I am afraid of pizza. Of fried chicken. Of mayonnaise and thick cuts of meat. And don't get me started on cheese. Cheese is the boogeyman, the scariest food of all. Sometimes I eat my fear foods, and then I feel terrible for days, regretting every bite.

This is not normal, and it is not healthy. I know this, and I am working on it. Part of maintaining a healthy relationship with food is maintaining healthy habits. At home, my fiancé and I cook vegan recipes regularly, and stick to the foods I consider "safe." That means nothing fried, nothing with heavy meat or dairy, and bowls bursting with fresh fruits and vegetables. It's a comfortable rhythm, and thanks to therapy and mindful habits I feel like I can get through my life without the specter of an eating disorder suffocating me. 

That all falls apart when I travel, especially for work. I joke about this a lot on the internet, about where to find avocados in Las Vegas or that groceries stores are too far from the Strip. I hide behind self-deprecating humor because it's easier than being honest. I also joke about the time I started bawling in the middle of a casino during another tech conference (CES) because I hadn't eaten vegetables (or really anything) all day. Gamblers thought I was drunk; I was actually on the verge of collapse and self-harm. My friend AJ knew, and walked up and down the Strip with me for a while until we found something I considered "safe" to eat. I will never forget the way he smiled -- because I can see why it's humorous when your friend is crying about broccoli -- but didn't judge me, and instead helped me get through the darkness.

Meals on business trips are largely predicated on the food at the venues, at the scheduled dinners, and at whatever line is the shortest. They are also booze-filled, which, for me, exacerbates the feelings of disgust and likelihood of harmful behaviors when my habits are broken. I try hard to stick with what I am comfortable with, but I also don't want people to wonder why I'm not eating what everyone else is.

I am extremely good at hiding things; I just want people to think I'm normal.

I might be embarrassed about my behaviors, but I shouldn't be. At least 30 million people in the US have an eating disorder, and almost 1% of American women will have anorexia at some point in their lives, according to the National Association of Anorexia Nervosa and Associated Disorders. There are millions of people like me -- and chances are some of them go to technology conferences. 

If you are one of those people and you experience the struggle of trying to maintain healthy habits and not self-harm while at events like Black Hat or DEF CON, I want you to know you are not alone. I don't have a solution for surviving Las Vegas or the best ways to plan to eat healthy on business trips because I have not figured it out myself. It is still extremely hard for me. But hopefully by talking about it I can help alleviate the shame and stigma that surrounds eating disorders and encourage people to discuss this with their friends or colleagues who will be sharing the environment if they feel comfortable enough to do so. 

I am not ashamed to have an eating disorder. But it took me quite a while to come to that conclusion. Self-hatred and shame are invisible, but they are absolutely devastating to your body. Some people looked at me with complete disgust when I told them about my behaviors, and those are the looks, the voices, and the feelings I used to focus on. Now I think about the compassion and kindness friends and strangers have shown me when I admit Hey, this shit is really hard!. A kind and empathetic response to these feelings is so powerful, and helps the shame lift. 

I'm excited to spend time in the desert with my friends and coworkers, and hopefully learn a thing or two. And I also hope that this time is easier than the last. If it isn't, that's okay, too. 

The Backbone of the Internet and the Blueprint for Blocking Jerks

Dyn, a performance management company, published a blog post this week highlighting successful collaboration between transit service providers, IXPs, and the anti-spam community to effectively kick an abusive company off the internet.

Bitcanal is the company behind a years-long border gateway protocol (BGP) hijacking campaign. The group took over large groups of IP addresses that didn’t belong to them and allegedly sold some to spammers while participating in a campaign of abusing the fundamental systems that make the internet work and distribute content to your eyeballs. Some IPs belonged to non-existent businesses, but, as security journalist Brian Krebs points out, other addresses managed by legitimate organizations including the Texas State Attorney General’s office the US Department of Defense were roped up in the scheme. Krebs reports researchers have tied Bitcanal to the suspected theft of millions of IPv4 addresses.

Researcher Ronald Guilmette kickstarted the recent plot to takedown Bitcanal, working with transit providers including GTT and Cogent, and internet exchange points (IXPs) to play whack-a-mole when Bitcanal tried to reconnect through other companies. This week internet service provider Hurricane Electric and transit provider IPTelecom disconnected Bitcanal, rendering them “cutoff from the global internet,” Dyn’s Director of Internet Analysis Doug Madory wrote.

What struck me about his post was the definitive declaration tucked in at the end: “IXPs are not just a neutral transport bus anymore. They facilitate a unique service that malicious actors can leverage. Like it or not, this makes IXPs responsible too.”

IXPs are in charge of the infrastructure for traffic exchanges between ISPs and content delivery networks (CDNs). If IXPs are seen as complicit in enabling malicious activity and responsible for helping to police it when it becomes unwieldily, then perhaps that ethos could also extend to other internet services enabling bad actors: Social networks.

There is a groundswell of criticism directed at Twitter, Facebook, YouTube, and others for the roles they play in allowing malicious content, bullying, disinformation, and other bad content to proliferate on their platforms. Elected officials in both the US and UK have called on executives for Facebook and Twitter to explain how it’s possible for bot-armies and fraudulent (and often dangerous) information to proliferate on its platform to influence public opinion. The criticism came to a head when a whistleblower for Cambridge Analytica described how his company collected 50 million people’s Facebook data to build psychographic profiles of users in order to sell advertising. The UK fined the social network £500,000 for failing to protect users’ data (which is virtually nothing to Facebook, a company that made $11.97 billion in mostly advertising revenue last quarter).

There are of course differences between IXPs and social networks, fundamental building blocks versus social networks we opt-in to use. One could argue people know what they’re getting into — potential harassment, disinformation, and human monetization — when signing up for these platforms. However, social networks have become almost as fundamental to the way people use the internet as the pipes responsible for it.

Facebook used its Internet.org initiative to provide connectivity to developing countries as an on-ramp to Facebook itself. Its “Free Basics” program includes Facebook and Messenger as part of the free apps available to users where data is cost-prohibitive. (The Outline reported in May that Facebook is pulling its Free Basics plan from some countries following criticism.) About 45% of US adults rely on Facebook for their news. And at the same time it promises to combat disinformation, it still allows popular and harmful conspiracy theorist content to thrive. At an event with reporters this week, Facebook said it’s committed to fighting false news in the same breath as it defended permitting one of the biggest arbiters of that content on its platform.

Despite years of promises, Twitter, too, has failed to properly handle abuse as it simultaneously promotes its value to humanity while being the US President’s favorite platform. Its executives continuously promise to purge suspicious accounts — including this week’s tweet from CEO Jack Dorsey and a report from the Washington Post that the company suspended 70 million accounts in the last couple months — but often consider death threats and other harassment as insufficient evidence of violating its standards. People engage with the world’s biggest events — political, sporting, television — on the same platform used by propagandists to spread disinformation to millions of people during the 2016 US presidential election.

Facebook and Twitter could perma-ban accounts that continuously tweet harmful harassment and hate speech. Twitter has kicked off individual high-profile users for inciting hate speech and mobs of trolls, but that number is tiny. Social networks are loathe to remove speech or humans from their platforms; for both companies, the right to speech and to post virtually whatever you want is engrained deeply in their ethos, and booting publishers or people off their platforms would force them too much into an editorial role. (Facebook’s CEO Mark Zuckerberg recently told Congress it is a “technology company” not a media company, an argument that prevents it from being regulated like broadcasters). Banning accounts can have a financial impact, too. Twitter stock fell 9% on Monday following the news it suspended millions of accounts. 

There are complexities around free speech—it's certainly not as cut and dried as shutting down IP hijackers—but its harmful effects are often extremely obvious. For example, the death threat cited earlier that Twitter ignored until the verified user put them on blast, and one popular conspiracy theory propagated online that resulted in a man bringing an assault rifle to a pizza parlor; he ended up sentenced to four years in jail.

Content distribution services have stepped up before to make editorial decisions about the information flowing on their services. In 2017, Cloudflare dropped neo-Nazi website The Daily Stormer from its network, and web-hosting providers GoDaddy and Google both also dumped the site. The move sparked a debate over power on the internet and whether CDNs and other service providers should decide what can be viewed online.

As billions of people become increasingly reliant on these companies as part of our daily communication and knowledge consumption, it’s time for them to more definitively address their role as responsible stewards of news and information, and the impact bad actors can have on the world beyond the web.

[Social networks] are not just a neutral transport bus anymore. They facilitate a unique service that malicious actors can leverage. Like it or not, this makes [social networks] responsible too.

Parisan suggestions

A friend recently asked for suggestions of what to do in Paris. Here, I give some.

I was there for four days and pointedly avoided most of the tourist destinations because I’ve been to them already. The Champs-Élysées was only worth visiting because the popup art exhibit Art-Élysées, with 75 galleries showcasing work through three pavilions that took up much of my afternoon. The Louvre was teeming with visitors taking selfies, and the Eiffel Tower, though nice to look at, only required about ten minutes of an evening.

So, without further ado, I present to you my Suggestions Of Things To Do in Paris.

What to do

Street Art Tour. This was the best thing I did on my trip. Our guide took us on a tour of Belleville and surrounding neighborhoods. It was a little over three hours, so it’s quite a commitment, but totally worth it.

Canal Saint-Martin, where you might stumble across a flea market bursting with vendors selling trinkets and junk, and the occasional diamond in the rough. I purchased a handful of postcards from 1919-1956. They belonged to someone who died.

Marché des Enfants Rouges, a the oldest covered market in Paris, selling everything from crepes to cheese to fruits and vegetables, along with some of the best Moroccan food I’ve eaten. It’s right next to a ton of lovely little boutiques and antique shops, though I suggest going any other day but Sunday, as most of them are closed.

Aligre Market, a colorful outdoor market where locals do their shopping.

Classical music at La Saint-Chapelle, the holy chapel on the Île de la Cité. It’s a beautiful setting to hear a chamber music concert, and if you’re lucky and the lighting is right, the stained glass is truly something to behold.

Jardin des Plantes and the National History Museum are overflowing with visitors, but wandering through the gardens that are home to plants with medicinal purposes, and the corridors of humanity’s history is will make you forget about bumping into random strangers with selfie sticks.

jardin-des-plantes.jpg

You can get lost in the poetry on the second floor of Shakespeare & Company, the floor dedicated to Sylvia Beach that contains volumes unable to be purchased. In reading nooks, visitors leave little notes, and the worn wood and homey decor makes you feel right at home among the books.

The shops and art galleries along Rue des Francs Bourgeouis and Rue Rambuteau are where I found presents for my family. Street musicians including full jazz bands and an opera singer are set up along the sidewalks, and there are a handful of quaint antique stores and jewelers among the galleries and clothing stores. (The GILDA vintage shop is absolutely worth visiting if you’re into that sort of thing.)

Artazart Design Bookstore is a paradise for designers, photographers, DIYers, chefs, artists, makers, and everyone in between.

Where to eat and drink

Shakespeare & Company Cafe, the cafe next door to the bookstore, has a variety of delicious vegan and gluten-free options, including a peach cobbler to die for. It’s a bit pricey, but that comes with the tourists.

Le Comptoir Général is difficult to explain. It’s a tiki bar, wine bar, coffee bar, and snack bar, all rolled into one. Its plush interior invites you to sit for hours with friends, or wander its large, open floor plan decorated with pop culture and historical artifacts. The patio is quite welcoming, especially in nice weather, although it can get a little smoky, because, well, it’s Paris.

Liberté Patisserie Boulangerie is near Canal Saint-Martin, and it was here I had the most exquisite and delicate pistachio tart I’ve ever eaten in my life.

I was sick of bread and cheese when I stumbled upon Siseng, a fabulous Asian fusion restaurant that’s relatively inexpensive and incredibly delicious. I waited about 15 minutes to get a table for one, but it was worth the wait.

Rue Montorgueil is a lovely pedestrian street lined with cheese shops, wine shops, boulangeries, rotisseries, fish markets, flower markets, and the occasional boutique.

Eat With lets you attend a dinner party with a total stranger. My Argentinian-inspired meal was phenomenal, a five-course meal cooked by Belén Gowland, a Le Cordon Bleu-trained chef and all around amazing human.

My notebook in Paris

This is the first in a series of posts I wrote in my notebook while on vacation in 2015. Republishing it here.

A smell can tell you a lot about a place. Does the putrid smell of garbage mask the smell of window box gardens and falafel stands like it does in New York on trash day in the summer? This smell tells you New York needs to work on its infrastructure.

Paris in the fall smells like a symphony of a city fully lived in, overflowing with people who are only there for a moment, and those who have lived there for decades. It smells like cigarettes and fresh-baked bread. It smells like fog and tour buses. It smells like the damp, dead leaves that crunch or slide under your feet when you walk to the subway, which, while being efficient and easy to navigate, smells like the blood and sweat of a city that’s held humanity and commerce in its arms for centuries.

I like riding the trains in Paris. You see all kinds of people in transit—tourists folding and unfolding their maps, making sure they’re headed in the right direction and inevitably get off a stop too early or too late. Old ladies dressed in colorful wool with black patent leather shoes, reading pages of yellowed French novels. Moms lecturing their bored-looking children about homework that wasn’t turned in on time. Drunk people.

The best part about traveling by train is that it’s impossible not to fit in. You are one of hundreds of people traveling in the same general direction, none with anything in common except that your bodies are simultaneously gliding the same way, which means you all have more in common than you might have considered in the first place.

Along with luggage and groceries or maps and books, each person carries with them a story that is not immediately obvious. When you ask one about it, you’ll discover their stories are just like yours, but with different characters, emotions, belonging, and scents. Your stories are the same because you’re each carrying it with you; it clings to you like a shadow. Different because no one is the same.

aligre-market.jpg

I get off the train in the 12th arrondissement. It smells like spices from the rotisserie and coffee from a nearby cafe. I walk a few blocks through the rows upon rows of fruits and vegetables in Aligre Market, stopping for a banana and a slice of fresh bread bursting with nuts and dried fruit, so hot that the first bite singes my tongue and I have to wait impatiently to finish it. I keep walking. It smells like vegetables transported in crates that mushed up a tomato or two en route.

My boots slip on the cobble stones as I wander into Oberkampf. Here, no tourists clutter the streets, and shop keepers stand outside smoking with neighbors, all of whom seem to have their hands full of baguettes. Saturday mornings must be the time to refill the pantry.

A child no older than six walks by with his own grocery bags full of fresh-baked carbohydrates. A man in a window three floors up, whistles and waves at him between drags of his cigarette. The boy smiles and nods, careful not to drop his packages.

I wait outside a cafe for the street art tour to start. On a large blue wall, “Mother Teresa is Kate Moss,” is spray-painted haphazardly as if the person didn’t really believe in their graffiti. By the time the group begins its tour, the black graffiti is painted over, and Mademoiselle Kat is preparing to put up her own masterpiece on Le Mur. It’s a commissioned wall that changes each fortnight, our guide, Virginie, explains.

Things are changing throughout these neighborhoods, which include Oberkampf and Belleville. Artists like Késa and Diamant take to the streets with art meant to provoke and inspire you to look up, away from your feet and your phone. At the same time, the city is slowly chipping away at the culture that makes these neighborhoods so diverse and vital. Here is the “real Paris,” Virginie says. Different cultures giving the neighborhood its diversity in food, clothing, and art. And smells.

grafitti-tour.jpg

It is here that street art is as much a part of Parisian culture as croissants. Along Rue de Noyez, professional artists’ work is intertwined with the public’s, adorning walls gifted to the street artists by the city. But soon one of these walls will disappear; a projects building will be erected to house the people who are getting displaced, or cannot afford to live in their apartments anymore. Gentrification, Virginie says, means that soon many of these ethnic restaurants will be replaced with hip joints attracting a new kind of crowd to the neighborhood. The “real Paris” is disappearing. And so is the street art.

Take pictures to put on Facebook, she says. This way the art can live on.

By the time we’re back in front of the blue wall, it is covered with zombie brides.

My ankle burns as I follow the streets to Canal Saint-Martin. No one I walk by looks up, and I find that now I have a hard time looking anywhere else.

I pass by multiple vegan restaurants and fusion cuisines on my way to a place that could only be described as a hipster haven. Le Comptoir General has a tiki bar, coffee bar, wine bar, and snack bar, decorated with pop culture and history I know little about. No one is speaking English.

Across the canal is a design and bookstore, and I find myself wishing I knew more people who appreciate the same things I do. Those who keep coming to mind are exes. They would love it here.

I fall in love with the boutiques and cafes, and cacophony of noise that seeps out through the streets of the canal neighborhood. It reminds me of Brooklyn. Or Valencia street. It is then that I realize that this is what Virginie meant by Paris losing itself. I think for a second that I am part of the problem.

I buy black and white shoes from the Bensimon popup store. I drink organic coffee.

At night by the Eiffel Tower, you can feel an electric human energy. It’s fueled by selfie sticks and city maps, tired children and grumbling locals who, by accident, find themselves in the middle of it. I buy a baguette and eat it in a silent park, watching the light fade from lavender to navy to a deep, dark black, and the tower change from an orangeish yellow to a bold, sparkly gold.

I yell at a man selling trinkets who won’t leave me alone. My foot hurts. I’m tired. I walked 18 miles today.

Perhaps it is because I romanticized it so much in my head that Paris feels like a bit of a let down. Or perhaps that it’s because I’m on the tail end of my solo trip, not hearing a voice I recognize for days, seeing couple after couple cuddled up in cafes, or strolling through markets feeding each other bits of crepe. I’m happy for them and a little envious. For they surely planned their trip better than I did.

But I end up at a warehouse party with a bunch of design students on drugs, so there’s always an unexpected adventure when traveling serendipitously.

Some places smell like love. Paris is not one of those places. You may sense it briefly on the wind as it rustles the changing trees along the Champs-Élysées, or in a quiet moment when you’re sitting alone on a park bench. But then someone wanders by with a cigarette, and it disappears in a puff of smoke.

The serenity I found in Bruges was not matched in Paris. It’s too busy, too big, too transitory, while being rooted in history. It’s familiar and unrecognizable. It can overwhelm you, or force you to stumble upon something entirely unexpected.

I’m not sure I found what I was looking for in Paris, though I’m not entirely sure what that would be. I half-expected to know it when I saw it.

Someone recently told me I had too many expectations. Perhaps he is right, and true inspiration or romance comes when you’re not looking for much of anything at all.

notre-dame.jpg

On my final evening in Europe, I wander through the third arrondissement, and the Île de la Cité. Lit up at night, cathedrals like Notre Dame look even more imposing. Sainte-Chapelle is completely dark on the outside, inside illuminated only by a soft glow of yellow lights. The stained glass towers over the room, lifeless, its beauty snuffed out with the sunset. A man with a violin begins to play to a small audience in the freezing chapel.

The notes cascade like raindrops echoing on the stone walls of the church. Slow, fast, impossible chords filling my heart with joy, melancholy, curiosity, and frequently, heartbreak. With each piece he exposes something of himself, and with it, a part of me, too. I sit so still my legs go numb, my brain thinking of things I tried to forget, and remembering moments long-forgotten.

Sixty minutes feels like sixty seconds by the time he is done.

I am the only other solo patron at the program. Sitting in front of me, an old man who shuffles when he walks became a statue, his expression not changing from the moment he sits down to the time his feet shuffle slowly out of the theater.

I feel lighter when I leave the chapel, as if the heaviness I felt inside is carried off by notes composed long ago.

The train is quiet and smells like old, worn clothes. When I get to the quiet street on which my temporary apartment sits, filled with photos of best friends, postcards, and post-it notes, scribbles reminding the bed’s occupant that life is beautiful and love is real, I say goodnight to Paris.

My breath glistens in the moonlight.