A new AI-based 60-second retina scanning tool can predict a person’s risk of heart disease by looking at the veins and arteries in their eye.

Level Of Risk Revealed By Looking At Blood Vessels

The test findings of the new ‘Quartz’ tool, published in the British Journal of Ophthalmology, show that the AI software takes only 60 seconds to be able to tell if person’s risk of cardiovascular disease, cardiovascular death, and stroke is higher than expected, and what level the risk is. The non-invasive AI tool arrives at its conclusions by analysing the total area of the retina covered by arteries and veins, and their tortuosity/bendiness, because these factors are known to be related to heart health.

Comparable  

In tests, the QUARTZ (“QUantitative Analysis of Retinal vessels Topology and siZe”) AI software’s risk level assessments were found to have “comparable performance” with the current Framingham Risk Score test’s (FRS) standard 10-year risk predictions.

Trained 

The AI software was trained by the St George’s, University of London research using scanned images from 88,052 UK Biobank participants aged 40 to 69. It has been noted, however that 96 per cent of these scan images were from white people and that this bias would need to be addressed to make the tool more accurate for different ethnicities.

The Value and Benefits 

If rolled out, e.g. given high street availability through opticians, the 60-second AI scanning tool would be a fast, fully automated, low cost, non-invasive way to reach a higher proportion of the population. This could mean improved cardiovascular health in the UK, with saved lives through spotting problems early then enabling appropriate treatments and medication to be given.

Similar 

The idea of analysing retina scans to spot health problems is not new. For example, back in 2018, an AI-based retina scanning tool for spotting diabetic retinopathy was approved for use in the US.

What Does This Mean For Your Business? 

This story shows that AI has benefits not just for business but can be extremely useful in areas such as health due to its ability to carry out complex tasks, quickly. This enables saving time, money, and creating innovative new ways to deliver value-adding, accurate results in fully automated ways (freeing up other resources). The comparable performance of the QUARTZ AI tool with existing methods like FRS is very promising. Also, the fact that such a tool could be given high street availability could prove to save many lives and is an example of how technology such as AI is transforming service delivery and outcomes in a way that can improve upon existing methods.

Following a provisional agreement in June, the European Parliament has voted in favour of a law to ensure that all devices have a single universal charger.

Why? 

Back in June, the EU Parliament highlighted the following reasons why having a single universal charger is necessary:

– Consumers currently face the inconvenience and costs of needing a different charging device and cable every time they purchase a new device. Having one universal charger for all their small and medium-sized portable electronic devices will lead to more re-usage of chargers and will help consumers save up to 250 million euros a year on unnecessary charger purchases.

– The need to make products in the EU more sustainable, and to reduce electronic waste. For example, disposed-of and unused chargers are estimated to represent about 11,000 tonnes of e-waste annually.

– The need to harmonise charging speeds for devices that support fast charging, allowing users to charge their devices at the same speed with any compatible charger.

Vote For A Common Standard : USB Type-C 

The recent European Parliament vote resulted in 602 votes in favour and 13 against (8 abstaining) for a law to require device makers (phones and tablets) to ensure that a single USB Type-C type charger can be used for all devices by 2024 across the 27-nation bloc of the EU.

Under the new rules, laptop manufacturers will also have to make the same change by 2026. It is expected that EU member states will approve the result of the vote on 24 October, whereupon it will be written into EU law.

What Will It Apply To?

The devices that will need to have the single USB-C connectors (normally found in Android devices) are mobile phones and digital cameras, tablets and e-readers, mice and keyboards, GPS devices, headphones, headsets and earphones, handheld videogame consoles, and even portable speakers.

What About Apple? 

Apple, which has its own “Lightning” connector originally objected to the idea saying that it “stifles innovation” and would “harm consumers” in Europe and around the world. However, under the new law, when it comes into force, Apple too will have to change its charging port for iPhones and other devices and is, therefore, likely to be the manufacturer most affected.

What About The UK? 

Since the UK is not in the EU and has said that it is not considering replicating the EU’s idea, a similar UK law is unlikely to be introduced in the near future. However, a parliamentary report from December 2021 stated that “the new requirements may also apply to devices sold in Northern Ireland under the terms of the Northern Ireland Protocol in the Brexit Agreement”. 

What Does This Mean For Your Business? 

Having just one type of charger for all devices clearly sounds as though it could save EU consumers an estimated 250 million euros and a lot hassle managing multiple of cables at home or trying to find the right charger quickly, e.g. if a charger has been lost or broken. Clearly, the EU law will be unwelcome news for those companies who currently manufacture the many diverse types of chargers and for many retailers who currently derive revenue from the many different chargers and cables. For Apple, the EU’s decision also appears likely to cause problems and will force the company to come up with a potentially costly solution for its many devices. It may also push the company into the uncomfortable area of having to accept a third-party charger, instead of its own lightning connector. Many UK consumers are likely to be disappointed that the universal charger will not apply in the UK’s jurisdiction both from a convenience and an environmental point of view.

In this article, we look at the many different ways we are being tracked online, plus which measures users can take to avoid being tracked.

Why Are We Being Tracked? 

Internet tracking is used for a number of reasons, including:

– Improving user browser experiences on websites.

– For analytics to improve business performance and inform/feed-into marketing content strategies, and to monitor a website’s usability.

– To enable the targeting of users with advertising, and to generate revenue by selling data about our browsing activities.

Why Should We Be Concerned About Tracking? 

Some of the risks associated with tracking include:

– Privacy and security risks, i.e. our personal data being taken and potentially falling into the wrong hands / being used by cybercriminals, and companies building profiles of users based on sensitive information gained from trackers in websites.

– Matters of transparency and losing control of personal data. For example, where user data is stored and who has access to it is difficult to ascertain, and feeds into privacy and security worries.

– The possible contravention of a user’s legal rights and matters of consent. For example, GDPR, the California Consumer Privacy Act (CCPA) and Privacy Rights Act (CPRA) and others have meant that tech companies can no longer legally track everything that users do and share that data with multiple other third parties as they wish without permission. For example, in the UK, since GDPR’s introduction, websites must display cookie consent and privacy information displayed on the home page.

Most Websites Use Tracking Tools 

Over 80 percent of websites use one or more tracking tools (Epic) and reasons for private browsing may be to avoid having your browsing history recorded, perhaps being on a shared or public computer (to avoid being tracked by your browser), or to avoid downloading cookies (to avoid being tracked by websites), or to be able to sign into multiple accounts simultaneously.

How Are We Being Tracked? 

The different ways that your browsing and free searching behaviour on the web can be tracked include:

– IP address tracking. The IP address (a string of numbers), set by the ISP, is a way for each computer using the Internet Protocol to communicate over a network. The IP address is necessary for accessing the Internet so that web servers know where to send the information that’s being requested.

– Cookies. These are text files loaded into a folder on the user’s web browser by the sites they visit. Cookies record details such as users’ preferences, and the last time they visited the website. Session cookies are used when a person is actively navigating a website but tracking cookies can be used to create long-term records of multiple visits to the same site. From the user point of view, cookies can serve a useful purpose (e.g. for logins) or can be used for targeted advertising.  Google recently announced an end to its third-party (tracking) cookies within 2 years for its Chrome browser following similar, earlier announcements by Safari (Apple), Mozilla’s Firefox (Mozilla) and Brave.

– Signed-in accounts. The accounts a user is signed-in to (e.g. Google or Facebook) can also track what a user has viewed, liked and more.

– Agent strings. When a user sends a request to a webserver to view a website, the request comes with information about the user attached to the User-Agent HTTP header. This ‘agent string’ contains information such as the browser (type and version) and operating system being used.

– Web beacons. These web bugs / tracking beacons track how a user engages with a specific webpage, including the content a user clicks on.

– Mouse tracking / cursor tracking software that records online users’ mouse movements to reveal how they interact with a website.

– Session replay scripts, i.e. programs that record a website visitor’s activity, such as mouse movements, clicks, and scrolls.

– Favicons (super cookies). These work in a similar way to cookies but are more difficult to decline or remove.

– Browser fingerprinting. This involves gathering and combining a variety of information about a user’s device to create a unique online identity which can be tracked.

– Cross-device tracking. This is the matching up of a user’s browsing habits across devices.

Tracked By Mobile Apps 

All mobile apps gather basic data, e.g. the user’s phone number and email address. Also, users are now tracked by 60 per cent of the world’s most used mobile apps (i.e. harvesting and storing data generated through private conversations). 80 per cent of mobile apps collect data on messages their users send and receive.

In addition to trying to gather data, some mobile apps also try to collect cookies, and 50 per cent of them can access a user’s photos and videos.

How To Avoid Being Tracked 

There are many ways that users can try to avoid tracking, including using:

– Incognito/private browsing mode.
– Private Browsers and Private Browser Extensions.
– VPNs.
– Other privacy tools

Incognito Mode / Private Browsing 

Different browsers have different names for private browsing mode, e.g. InPrivate browsing (Edge), ‘Private’ for Firefox (Mozilla) and Safari, and Incognito for Google Chrome.

Switching to this browser mode loads a new private window. This means that the new window is not signed to any accounts so can’t be tracked by them, cookies are not used, and any browsing is not added to the browser history. In this mode, however, the user’s IP address can still be tracked.

Private Browsers 

Neeva is a new advert- and tracker-free search engine which has just been launched in Europe by former Google executive Sridhar Ramaswamy, using funding by investors. Neeva offers free-to-use search and a password manager, and VPN (for a subscription). Neeva also stresses that its searches are free from bias / corporate influence, suggesting a more impartial experience.

For a more detailed picture of how much tracking is taking place when visiting web pages, Neeva’s Chrome browser extension lists the trackers installed on web pages visited. See https://neeva.com/.

DuckDuckGo is a privacy-centred search engine / privacy browsing app, which is available as a download for mobile devices and a Chrome extension. DuckDuckGo retains a user’s privacy by not saving the user’s browser history, forcing sites to use encrypted connections, blocking cookies and trackers (including ‘hidden trackers’ before they load), and by stopping a user’s searches being sold to third parties for profiling and advertising.

DuckDuckGo employs Smarter Encryption which utilises a list of millions of HTTPS-encrypted websites, which has been generated by continuous crawling the of the web instead of crowdsourcing, thereby keeping it current. Also, DuckDuckGo’s Smarter Encryption enables users to be extra-secure in their browsing by being able to detect unencrypted, non-secure HTTP connections to websites and then automatically upgrading them to encrypted connections. See https://duckduckgo.com/.

Epic is a privacy and security focused, Chromium-based browser that blocks ads, trackers, fingerprinting, crypto mining, ultrasound, signalling, and offers free VPN (with servers in 8 countries). See https://www.epicbrowser.com/.

The Brave privacy-focused, Chromium based browser that is free and open-source. It blocks ads and trackers and allows users to use a Tor in a tab to hide history, and masks location from the sites a user visits by routing a user’s browsing through several servers before it reaches its destination. See https://brave.com/.

The Tor browser uses a distributed network (randomly selected nodes) to anonymise a user’s IP address and encrypts traffic. This makes it incredibly difficult for a user’s web traffic to be traced and very difficult for users to be tracked unless they reveal their IP address by enabling some browser plugins, downloading torrents, or opening documents downloaded using Tor. However, Tor is also used for accessing and is associated with the ‘dark web.’ See https://www.torproject.org/download/.

Private Extensions For Browsers 

Another option for users to try and maintain private browsing is to use an additional private browsing extension/add-on. Examples include:

– Privacy Badger. This is a free extension that gradually learns to block invisible trackers.

– Ghostery. This is a free, open-source privacy and security-related browser extension and mobile browser app that blocks ads and stops trackers.

– Cookie AutoDelete. This is an extension for erasing cookies for a browser tab when it closes.

– HTTPS Everywhere. This free, open-source browser extension automatically switches thousands of sites from “http” to secure “https” thereby protecting the user from many different types of tracking/surveillance and account hijacking.

VPNs – Will Using A VPN Stop You From Being Tracked? 

The short answer is no. Although a virtual private network (VPN) routes a user’s internet through another computer (where many other users of the VPN are using the same IP address) making tracking difficult, it does not stop tracking altogether.

A VPN makes a secure connection to another network over the Internet, encrypts traffic, and hides the user’s IP address. However, VPNs do not protect a user from being tracked, from cookies, from user-agent strings, or through the accounts they are logged into (e.g. Google), or from any VPN’s that keep logs of user activity and which could sell those logs to third parties. Also, some services discourage the use of a certain VPN, and VPNs can slow down the user’s Internet connection dues to the re-routing and encrypting through the VPN server.

Other Privacy Tools 

Examples of some other privacy tools that users can choose to avoid being tracked include combination firewall, antivirus, and VPN tools like Norton 360 Deluxe or Panda Dome, or web proxy tools like Privoxy.

Third-Party Cookies Being Phased Out 

Some recent ‘good’ news in the tracking world is that last year Google announced that it was phasing out third-party cookies (over two years) and would not use other technology to replace these cookies or build features into its Chrome Browser to allow itself access to that data. Google said that it would be switching to Federated Learning of Cohorts (FLoC), a method which groups what it categorises as like-minded online users together so they can be collectively tracked.

What Does This Mean For Your Business? 

The risk of cybercrime, data breaches, and simply being targeted by advertisers mean that for most business users, the security of knowing that they’re not being tracked and that there is a high level of privacy protection by default may be an attractive and useful part of company security measures. Also, using a trusted app/extension/desktop browser may be a convenient way to get greater peace of mind and ensure that all reasonable measures are being taken to cover the many angles of security and privacy. For many businesses, it is likely to be a case of a combination of privacy solutions, e.g. VPNs, secure browsers and extensions, and other privacy tools being used as and when required in a way that is compatible with daily working practices, authorised, approved, and recommended by the company and other relevant stakeholders.

In this insight, we look at what BEC campaigns are, their characteristics, together with what businesses can do to protect themselves from the threat of BEC campaigns.

What Is A BEC Campaign? 

A business email compromise (BEC) campaign is a kind of text-based, impersonation, social engineering scam where, in most cases, the victim is forwarded an email threat that appears to originate from their boss. The email is given legitimacy by appearing to be a thread between a partner company, a customer, or an organisation in the supply chain so that it will be recognised by the target. The email instructs the victim, e.g. someone in the finance department of the business to transfer funds (wire transfer / BACs payment) into an account which is actually that of the scammers.

Types 

In the US, for example, the FBI has defined 5 main types of BEC campaign, which are:

– CEO Fraud: The attackers impersonate the CEO or an executive at the company and target an individual in the finance department.

– Account Compromise: This is where an employee’s email account is hacked/compromised and used to request payments.

– False Invoice Scheme: Mostly targeting foreign suppliers, this method sees the scammer impersonating a supplier to request fund transfers to fraudulent accounts.

– Attorney (Lawyer) Impersonation: As the name suggests, the attacker impersonates a lawyer or legal representative, targeting, for example, lower-level employees because they may be more unlikely to question the validity of the request.

– Data Theft: Targeting HR employees, the motive is to obtain personal or sensitive information about company personnel, e.g. CEOs and executives that can be used as part of future attacks (such as CEO Fraud).

Sometimes Uses Domain Spoofing 

BEC campaigns also sometimes use domain spoofing and lookalike domains to trick the targeted employees.

EAC Often Related To BEC 

It is often the case that email account compromise (EAC) enables the BEC, i.e. gaining control of a legitimate company email account makes it possible to launch convincing BEC campaigns.

Difficult To Detect 

One reason why BEC campaigns are so difficult to detect, e.g. using antivirus, is because they don’t often contain red flags such as malicious links or attachments.

How To Guard Against BEC Campaigns 

Some ways that businesses can defend themselves against the threat of BEC campaigns include:

– Briefing and training staff about the nature of the threat and the different types of well-known BEC campaigns. For example, staff should be informed of the indicators of a possible BEC campaign, e.g. high-level company executives asking for unusual information, being asked not to communicate with others about requests, any requests that would bypass the usual channels, spelling and grammar inaccuracies in the emails, and email domains and “Reply To” addresses that don’t match sender’s addresses.

– Ensure that company email security is robust, and that staff are aware of how to avoid risky behaviour with emails, e.g. clicking on unusual links, downloading attachments, or password sharing.

– Encouraging employees to trust their instincts and, if they have the slightest doubt, let them know that it’s OK to seek help and advice. Attackers often rely upon targeting victims at busy times of the day and making requests sound very urgent, so employees need to know that stopping to check and slowing things down is a good idea.

– Having a clear, blanket procedure in place for any such requests that seeks verification from designated managers who are well-informed about this type of fraud and have the confidence and authority to check and challenge.

What Does This Mean For Your Business? 

Since this type of campaign is difficult to spot with automated solutions (e.g. antivirus) and relies upon human error to work, a human-centred approach to protection, such as employee training and the communication of clear blanket policies about this type of question/request/instruction that prevent any circumvention are a wise move for businesses. As with all social engineering, the criminals are using methods designed to suspend normal judgement, and force an emotional reaction before reasoned, critical decision-making can happen. Really knowing the signs (through training), slowing things down, feeling as though they will be supported by managers, and not being afraid to ask others and stick to the policy are ways in which staff can be empowered to defend the company’s security in the face of the threat of BEC campaigns.