NEWS : TECH (NFPC)

A team of encryption specialists has figured out a way to communicate with each other using silence. No, it's not a Cold War era spy trick, but it's still very tricky. Welcome to SkypeHide.

The group that created the technique for SkypeHide was led by Wojciech Mazurczyk, an assistant professor of computer networks and switching at the Warsaw University of Technology. Mazurczyk and his colleagues specialize in network steganography. Spy nerds know that's the science of hiding information and messages within computer networks.

Redditors Decrypt Mysterious Subway Message

SkypeHide works using something called "packet hijacking." Mazurczyk, along with Maciej Karaś and Krzysztof Szczypiorski, found that whenever we use Skype, the program keeps sending 70-bit data packets during the silences that occur within a conversation. So the computer scientists put their own secret messages into those data packets, according to Nancy Owano at Phys.org.

Mazurczyk told Owano, "The secret data is indistinguishable from silence-period traffic, so detection of SkypeHide is very difficult." This opens up the potential to transmit secret text, audio files and even video during a red herring conversation that's happening. At best, the speed for transmitting these secret messages was 1 kilobit per second, which isn't superfast but could be fast enough to communicate something important.

Spy techniques can backfire, though. What if this technique gets into the wrong hands? Hopefully that long pause between birthday greetings doesn't end up being an ideal time for terrorists to touch base. If secret messages are discovered and have a criminal connection, a law enforcement entity could compel Skype to share messages stored temporarily on its server.

Skype does tells its users to be careful. As much as the site tries to protect users, the site can't guarantee their safeguards "will prevent every unauthorized attempt to access, use or disclose personal information."

10 Trickiest Spy Gadgets Ever

More answers may be forthcoming later this summer, when the Warsaw University of Technology group plans to present SkypeHide at the ACM Workshop on Information Hiding and Multimedia Security in Montpellier, France. In the meantime, if you want to send some secret spy messages, there's always the classics: a red flag in the flowerpot or the chalk mark on the mailbox.

Credit: Hotblack

Has a popular social network finally done the hitherto impossible: revise its privacy rules so drastically that a large chunk of its users flees? The situation is still developing at Instagram, but the free photo-sharing service that Facebook recently bought for $715 million in cash and stock may yet pull that off.

Instagram announced its new privacy policy and terms of service, both of which go into effect Jan. 16, in a low-key blog post on Monday. "Nothing has changed about your photos’ ownership or who can see them," it reassured users.

ANALYSIS: Your Privacy on Google: Don't Panic, Do Think

That's true in a way that can look false. The new "ToS" document -- at over 6,000 words, it runs about six times longer than the old policy -- hides two inflammatory bits about a third of the way down.

One requires users to "agree that a business or other entity may pay us to display your username, likeness, photos [...] in connection with paid or sponsored content or promotions, without any compensation to you." There's no opt-out provision and no exception for users under 18.

Photos on Instagram are public by default, and the old terms gave Instagram arguably even more leeway to monetize those images.

DNEWS VIDEO: GPS Shoe Hotfoots Your Location

But now it looks more blatant.

The new terms' next clause warns Instagrammers that "we may not always identify paid services, sponsored content, or commercial communications as such." The Federal Trade Commission, which frowns on ads that aren't labeled as such, may not be amused.

The new privacy policy, only slightly more verbose than the old, appears innocuous in comparison.

The perception that your photo could get sucked into somebody else's ad--without a chance to rake in the proceeds -- had upset enough Instagram users to jam the service's one endorsed photo-export option, a third-party site called Instaport.me.

Tuesday afternoon, co-founder Kevin Systrom posted a much longer follow-up that said Instagram would update the new terms to clarify that it would not sell photos to advertisers.

A service like Instagram -- with iOS and Android apps to update and servers to run--has to cover its costs somehow. But selling ads isn't the only way to underwrite a free product; one common alternative is to charge a minority of users for added features or capacity, as Yahoo's Flickr service does.

ANALYSIS: Is Internet Destroying Privacy?

(Disclosure: While I have a Flickr Pro account, I have done little with my Instagram account beyond the above images. Applying canned filters to smartphone photos to fake the appearance of age never excited me.)

And posting sweeping, jargon-saturated terms of service and pretending they're no big deal is a monetization strategy Instagram should have definitely known to avoid. Its new corporate overlords could have told it all about that; in some ways, Facebook now looks good in comparison.

• Since the summer of 2009, Facebook has been posting "redline" documents showing what language it will add or delete from its policies.
• For all the grief I've given Facebook about its privacy interface, it doesn't hide its privacy controls in its apps while keeping them off its site.
• Facebook lets advertisers highlight your interactions as "Sponsored Stories"--Systrom's follow-up identified that as a model Instagram is working towards--but those only cover designated types of user data and remain bound by your privacy settings.
• Two years ago, Facebook added a way for users to download all their data (Twitter is only just now catching up).

That last part is important. Not giving users tools to take out the data they've put in betrays a lack of respect. So does saying "trust us" while serving up several thousand words' worth of legalistic sludge.

Credit: Rob Pegoraro/Discovery

---

Email:

---

By TechNewsDaily Staff

FAA documents don't show any oversight of how drone flights could affect the privacy and civil liberties of Americans. Credit: David Howells/Corbis

Military drones used to track terrorists or insurgents in Afghanistan have also been flying across the U.S. homeland. Newly released documents show U.S. drone flights by the Air Force, Marine Corps and the Defense Advanced Research Projects Agency for the first time.

The Air Force has tested drones in U.S. skies ranging from hand-launched Ravens to the larger Reaper drones responsible for targeting and killing people overseas — all recorded through the Federal Aviation Administration licenses required to fly in national airspace. That information became public through a Freedom of Information Act request from the nonprofit digital rights organization Electronic Frontier Foundation (EFF).

"The FAA recently announced it wants to slow down drone integration into U.S. skies due to privacy concerns," the EFF said. "We are hopeful this indicates the agency is finally changing its views."

But the advocacy organization noted that the FAA documents don't show any oversight of how drone flights could affect the privacy and civil liberties of Americans.

PHOTOS: Top 10 Unmanned Aerial Vehicles Taking Flight

The advocates run a U.S. drone census that aims to track drone flights made in the homeland by the U.S. military, law enforcement agencies, local police departments and universities. Part of that effort has involved requesting the FAA to release documents showing what agencies and organizations applied for licenses to fly drones in U.S. national airspace.

DNEWS VIDEO: Flying Car To Help Soldiers

Drones flown by the Air Force near places such as Virginia Beach, Va., have the cameras and sensors to track moving ground targets for hours at a time. The Reaper drone capable of both spying on people and firing missiles at them has spent much of its time prowling the skies above Nevada, California and Utah.

Some Air Force operators have even practiced surveillance missions they might carry out in Afghanistan by tracking civilian cars on the highways, according to a New York Times report.

The Air Force proved the most accommodating by allowing the related FAA records to go public. The Marine Corps chose to redact so much material from the records that the EFF had a difficult time figuring out the Marines' drone programs.

NEWS: The Skies Open Up for Drones

On the civilian side, the drone records show how many U.S. law enforcement agencies want to use drones for spying on drug activities in the war on drugs.  But some police departments -- specifically the Orange County, Fla., sheriff's department and Mesa County, Colo., sheriff -- chose to withhold some or most of the information about drone flights by claiming that public information could threaten their police work.

The FAA released the new batch of documents more than a year and a half after the EFF filed its Freedom of Information Act request, but has yet to release more than half of the available drone records. The EFF called that "unacceptable."

"Before the public can properly assess privacy issues raised by drone flights, it must have access to the FAA's records as a whole," the EFF said.

Follow TechNewsDaily on Twitter @TechNewsDaily, or on Facebook.

• 10 Ways the Government Watches You
• The Case Against Robots With License to Kill
• 7 Next Generation UAVs

Copyright 2012 TechNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

If you think that companies such as Google and Facebook have a Big Brother feel because of the data they collect, get ready to raise the paranoia levels: Verizon wants to bug your conversations while you sit in front of the TV.

In a patent application, titled “Methods and Systems for Presenting an Advertisement Associated with an Ambient Action of a User” the company has a diagram of a typical living room, with the TV in front. The patent application says, essentially, that by using a variety of methods – infrared sensors, cameras, and microphones – it’s possible to track consumers’ moods and actions and tailor advertisements to that.

Redditors Decrypt Mysterious Subway Message

The application isn’t specific about the technology. But it does note the possibility of linking smartphones and other devices to a “detection facility.” The point made in the patent application is that traditional targeted ads don’t account for what people actually do when watching television. That is, are you watching the program or did you fall asleep? And are you talking about the cool gadget James Bond just used or did you just say that you dig his fashion choices?

DNEWS VIDEO: COOL JOBS: HACKER

Phones are already equipped with cameras, as are tablets, and a Kinect or Wii already has motion detectors and if you are a Comcast Xfinity customer there’s a web cam (for Skype calls) on top of your TV already. Computers can be pretty good at picking out certain words and do so every time a customer calls a bank.

Microsoft, in fact, said in 2010 that it wanted to target ads to people using the Kinect system in a way that isn’t very different from what Verizon is proposing. The company eventually said it would not use the Kinect’s camera for monitoring -- but only after media outlets asked.  

Verizon’s patent may also be a pre-emptive strike of sorts, to block Apple or Google from trying the same thing. The phone giant hasn’t made any announcements about this technology.

Can You Disappear From The Web? 

The idea that Verizon – or any other company – could just turn on the web cam in your living room without the user’s knowledge is sure to give many people pause. Even if the data is anonymized it’s been demonstrated that the process is far from perfect.

It’s just a patent application, and many ideas that reach the USPTO never see the light of day. Or maybe the ghosts of George Orwell and Jeremy Bentham are sharing a laugh. 

via Dvice, Fierce Cable

Credit: Szeling/Floresco/Corbis

---

Email:

---

A week ago, Facebook announced a round of changes to its two governing documents. Most of these edits were inconsequential, although one would end a worthy experiment in online democracy. And the response so far? Apathy, confusion and a bonus helping of blustering status updates consisting of meaningless legalese, all debunked months ago, in which users "hereby declare that my copyright is attached" to everything they post.

This should not have surprised people. Facebook earned extra suspicion with the news-dump timing of its proposed changes (my e-mail heralding them arrived at 10:46 p.m. on the eve of Thanksgiving), but in other respects we've seen this movie before.

ANAYLSIS: Where Do Profiles Go When Networking Sites Die?

Remember when a 2009 change to Facebook's policies looked like it would give the social network the right to keep your data forever? How a different display order and the "ticker" would destroy the utility of the News Feed (which itself, a few years earlier, was going to destroy Facebook)? How the arrival of the timeline profile interface would upend everybody's image?

Each time, the results have been less dramatic, in part because users neglect these new features, and in some cases Facebook stages its own retreats.

(Disclosures: I market myself on Facebook; so does Discovery News.)

WATCH VIDEO: Video Game Evolution

In this episode, the Menlo Park, Calif., company's proposed changes to its "Statement of Rights and Responsibilities" and "Data Use Policy" look especially undramatic.

As you can see in the "redline" PDFs showing additions and deletions to each document (a practice that other sites should follow), the biggest change would delete a Facebook user's right to vote on privacy-policy changes.

I'm not thrilled about the end of an experiment I applauded at its debut in 2009, but it's been a meaningless exercise so far.

In the first such balloting, 665,654 users voted in the spring of 2009: at best, a third of a percent of the more than 200 million people on Facebook then. Then this summer, 342,632 showed up at the virtual polls out of 900 million-plus users -- even farther from the 30 percent turnout that would make a vote binding.

The only other major expansion of Facebook's reach here is the ability to merge user data from Instagram -- no shock after it spent $741 million in cash and stock on that photo-sharing service -- and future acquisitions.

ANALYSIS: Coming Soon: Free Wi-Fi for Facebook Check-In

Other adjustments only describe in greater detail what the company and other users can do with your data. (It should have underscored the risk involved in accepting friend requests from people you barely know.) One line about being able to restrict who can send you messages got dropped in this revision, but the company has already said it's adding filtering options.

What else could Facebook have said to drain the drama from these changes? It could have reminded users that it already got busted for loosening people's privacy settings without permission. Almost a year ago, Facebook agreed in a sweeping settlement with the Federal Trade Commission that any serious changes to its users' visibility would require their "affirmative express consent."

That deal also requires better policing of third-party apps, regular third-party audits of Facebook's privacy policies for the next 20 years and the prompt wiping of a deleted account's data, among other measures, and won approving comments from the Electronic Frontier Foundation and others.

Admitting that your mistakes made for a federal case may not be good publicity for most companies. But if Facebook wants to show it's changed, maybe this is a "Life Event" worth highlighting on its own timeline.

Credit: Rob Pegoraro/Discovery

---

Email:

---

Say, hypothetically speaking, you want to engage in some confidential correspondence with a high-ranking government official. You both know to set up dummy Web-mail accounts that don't link back to your real names, maybe even to confine your chatter to messages saved in a shared account's drafts folder.

What could possibly go wrong?

As recently resigned CIA director David Petraeus and author Paula Broadwell have discovered to their detriment, everything.

I hope none of you are having affairs with people running three-letter agencies, but you'd still rather keep your messages out of the sight of strangers. You may not even want your name attached to your e-mail. Good luck, because any of the following six factors can defeat that attempt.

ANALYSIS: Email Location Data Outed Petraeus

1. The Internet Protocol address of whatever computer you send an e-mail from will be logged by your e-mail server (without that step, the message can't go anywhere on the Internet) and then recorded in the message's headers. (You can inspect these usually-hidden details with commands like Gmail's "Show Original.") That "IP" will identify your Internet connection and, to varying degrees, your location, as you can see at sites like What Is My IP Address. One of Broadwell's bigger mistakes was apparently connecting from hotels, which allowed investigators to cross-reference guest records.

WATCH DNEWS VIDEO: CHEATERS AMONG US: THE SCIENCE BEHIND ADULTERY

(You can cloak your IP using anonymity services like the Tor Project. Why the head of an intelligence agency didn't think to use one is unclear, not least since the U.S. government has backed the development of online tools to resist the intrusion of totalitarian regimes.)

2. Keylogging software stashed on your computer by a virus could record everything you write, not just in any one e-mail. That's always a game-over scenario.

3. Strange Wi-Fi can rat you out. A maliciously-run network will log all of your Internet traffic; an unencrypted one will make it easy for a snoop on the same signal to listen in.

4. The recipient's computer is subject to every one of the above risks.

5. The recipient could decide on his or her own that your privacy is no longer worth protecting and forward your e-mail to somebody else. (Some encrypted messaging services allow you to send self-destructing messages, but a computer's screen-capture function--or the lower-tech workaround of pointing a camera at its screen--will work around them.)

6. The government could take an interest in your correspondence. That's the biggest risk of all: By the letter of a 1986 law, the Electronic Communications Privacy Act, that has aged poorly, the feds only need a prosecutor's authorization -- not a judge's -- to obtain messages that your provider has stored for more than 180 days on its servers.

NEWS: When Is It a Crime to Have An Affair?

In practice, you may have a little more security, as Electronic Frontier Foundation staffers explained in a post last week. But there sure are a lot of government requests for user data going around; Google keeps count of these, and the U.S. is far ahead of every other country. In the first half of 2012, Google received 7,969 requests targeting 16,281 users, 90 percent of which it complied with at least partially.

All that said, the FBI probably just isn't that into you, and neither is the average online crook. But no matter how clean you keep your computer and your connections, you can't guarantee that a recipient will keep your words private. So choose them with care.

Credit: Rob Pegoraro/Discovery

---

Email:

---

If Google's "streamlined" search engine tactics -- hawking your search results to marketers and tracking your search habits -- has you crying foul, perhaps a new fowl is in order. DuckDuckGo is a bird of a different feather and, as a recent Washington Post profile suggests, it's starting to spread its wings.

Created by Gabriel Weinberg, the website is an ad-free search engine that doesn't track users' interests to generate search results. It also doesn't monopolize search results to elbow out competitors' content, as Google has been accused of doing.

BLOG: Immortality For Humans By 2045

DNEWS VIDEO: COOL JOBS: HACKER

"My thesis for the company was, what can we do that other search engines, because they're big, can't do easily?" Weinberg told the Post. "Because what's good for Google business is bad for Google users."

Though it's still considered small potatoes next search engine Goliaths like Google and Bing, in one year, DuckDuckGo searches have increased 350 percent, up from 10 million in October 2011 to 45 million last month. That kind of ascent has even attracted financial backing and support from Union Square Ventures, the venture capital firm behind Twitter.

BLOG: Your Privacy On Google: Don't Panic, Do Think

To be fair, Google processes billions of searches each day, so it's unlikely DuckDuckGo will dethrone the world's most popular search engine anytime soon. However, Brad Burnham, managing partner of Union Square says a little healthy competition isn't such a bad thing.

"We think it's the right time and the right platform to take a crack at this market," he told the Post. "At what point does the breadth of Google's ambitions begin to diminish its focus on its core asset and open up an opportunity for a competitor? There will be an evolution in the marketplace that opens an opportunity for others. I'm not ready to cede to Google the dominant position in search until the end of time."

via the Washington Post

Credit: DuckDuckGo

---

Email:

---

Your communication online can be easy, or it can be encrypted. Good luck combining both: Any service secure enough to defeat eavesdropping by three-letter government agencies has come with a payload of added complexity.

A new company called Silent Circle says it's cracked that equation. And it has credentials to make such a claim: Its founders include one of the most famous names in cryptography, Pretty Good Privacy developer Phil Zimmermann, plus other security experts and several U.S. and British special-operations veterans.

"PGP" exhibited the promise and peril of strong cryptography when it debuted in 1991. This open-source software worked well enough for the U.S. government to investigate Zimmermann (the feds dropped the case in 1996), but it was sufficiently tricky that relatively few people adopted it.

ANALYSIS: Unlimited Security Suite Protects All Devices

Silent Circle promises the same uncrackable encryption in simple iOS and Windows apps for voice, video and text-message communication, with Android support coming later. That's a compelling pitch, and it's gotten this National Harbor, Md., firm attention after its Oct. 15 launch.

I've been trying its iOS Silent Phone and Silent Text apps since. They generally work as advertised--but some rough edges and a $20 monthly fee may limit their reach.

One holdup involved its setup. After you create an account at Silent Circle's site, you must generate a different activation code there to type into each app you install; its apps don't explain this step well.

DNEWS VIDEO: COOL JOBS: HACKER

After that, however, the encryption becomes invisible. When you contact another Silent Circle user, the two apps quickly exchange data to set up a one-time encryption key; you both confirm it worked by verifying that you see the same sequence of words in the app. In one call, this was the unintentionally-timely "stormy handiwork"; in a text, it was "Uniform Quebec One One."

After each exchange, the software destroys that key after computing a "hash" value from it, which it will use to generate the next one-time key. The company never sees each key.

Silent Circle says it will publish its source code for others to inspect. Matthew Green, a computer-science professor at Johns Hopkins University, is waiting for that but said its system "looks like a pretty solid protocol."

Green also noted one unavoidable vulnerability: You can be spoofed if somebody takes a caller's phone and imitates their voice. Zimmermann called that the "Rich Little attack" at a meeting in September.

ANALYSIS: Eye Movements Could ID Computer Users

Christopher Soghoian, a privacy researcher with the American Civil Liberties Union, also wanted to see Silent Circle show its code so outside researchers could "beat up their text encryption protocol" to test for any vulnerabilities.

(My conversations with Green and Soghoian happened over unencrypted e-mail.)

Over a series of calls, I ran into a different issue: audio dropped out briefly, and video calling suffered from sluggish frame rates and sometimes the absence of audio. There's also no voicemail.

The Silent Text app requires more trust, since you can't verify a person's identity by their voice in it. Its "Burn Notice" feature can wipe messages after a preset interval, but you can defeat that with screen captures.

In the coming weeks, Silent Circle plans to offer the option to call conventional numbers from the app--which could help travelers calling the U.S. from countries that tap phone lines. A Silent Mail service is also on the way.

The company has already drawn business from governments and corporations (not to mention some anxiety from the latter), and it will offer free service to human-rights organizations. Will individuals pay $20 a month for calls no government can tap? You tell me.

---

Email:

---

Lend me thine ears ye scurvy pirates pillaging the World Wide Web, a vigilant armada will soon be on thy trail. By year's end, the nation's major Internet service providers will launch a six-strikes-an-you're-out initiative that may put a damper on your plundering days of wide-spread downloading.

The "Copyright Alert System" strategy (CAS), backed by the Obama administration, Hollywood and major record labels, aims to disrupt and potentially terminate Internet access for those who continually infringe upon copyright laws.

The program, which monitors peer-to-peer file-sharing services, includes participation by AT&T, Cablevision Systems, Comcast, Time Warner Cable and Verizon.

DNEWS VIDEO: COOL JOBS: HACKER

BLOG: 10 Trickiest Spy Gadgets Ever

First offenders will receive an email alert from their Internet service provider saying their account may have been misused for online piracy. After a second offense, the alert could contain an educational message about online copyright laws.

After the third and fourth strikes, users could receive a pop-up notice "asking the subscriber to acknowledge receipt of the alert."

After four alerts, the warnings stop and the real punishments come to the surface...kind of.

The CAS program calls these "mitigation measures," which could include "temporary reductions of Internet speeds, redirection to a landing page until the subscriber contacts the ISP to discuss the matter or reviews and responds to some educational information about copyright, or other measures (as specified in published policies) that the ISP may deem necessary to help resolve the matter."

BLOG: Why The Web is Sick of SOPA

Gigi Sohn, president of digital rights group Public Knowledge, and an adviser to the Center for Copyright Information, the group behind the program, told Wired that offenders won't be penalized each time an infringement is detected.

"Each strike is not one infringement," Sohn said. "Each strike is dozens or scores or hundreds of infringements."

Considering that, after the first infringement is detected, strikes will only be counted every seven days and that there's a grace period between each alert, this dragnet sounds like it has some pretty big holes for occasional pirates to easily slip through.

Forgive my skepticism, but '600-strikes and you're out' seems like a long leash, not to mention a very passive-aggressive way to project authority.

via Wired

Credit: Images.com/Corbis

---

Email:

---

Does the world need yet another video-chat service, yet another app to share footage from your phone, and yet another site to find out where to go tonight? Most likely not, but that didn't stop many of the 78 startups making six-minute presentations at the DEMO Fall conference in Santa Clara, Calif., this week.

Fortunately, DEMO -- the fall's other big launchpad for startups after TechCrunch Disrupt SF -- offered more substantive fare. These four in particular caught my eye.

Ube: This Austin firm won the conference's prize of a million dollars in free advertising on tech publisher IDG's sites for its smartphone-controlled home-automation system. Instead of you running wires through the house and attaching controller modules to existing appliances, Ube will sell $55 replacement power outlets, plugs and $60 light switches and plans a Kickstarter campaign to raise more funds.

Each includes a small Android computer and all can talk to each other and an elegant-looking mobile app via WiFi for easy remote control and monitoring. They say their system will also talk to Internet-linked appliances like "connected" TVs and Blu-ray players, which sets this apart from Belkin's less-ambitious, but already available WeMo.

bandu: Boston-based Neumitra introduced this stress-monitoring system, which links a chunky-looking watch that measure's your galvanic skin response for anxiety with an iPhone app that tracks these measurements and indexes them on the map (presumably, TSA security checkpoints rank high). When you start to freak out, the app tries to put you at ease by sending reminders to the watch's screen to do things like practice breathing exercises, call your mom or look at photos or listen to songs that make you happy.

The company's taking pre-orders on the crowdfunding site IndieGoGo at $189 a pop, but its target market is health care for veterans and other high-stress populations.

MoveEye: Twin Cities-based Tarsier had the conference's strangest eyewear: a set of glasses that use two off-the-shelf Logitech webcams to track the movements of your hands and fingers (and make the wearer look like a complete dork). Tarsier's software allows those gestures to control the action on a computer or TV screen.

I gave it a test drive by playing a racing game with my hands held out as if they were gripping a steering wheel. It worked, although the system got confused when I tilted my head as the car went around a turn. Tarsier says this is two years from shipping (when the glasses will be lighter and smaller than the prototype I donned). By then, though, connected TVs with webcams for living-room video chats may get smart enough to use them for the kind of no-remote control I saw Oblong Industries show off last month.

Passboard: Passwords can look awfully frail as a way to secure our important accounts, but what can we use instead of them? The San Francisco startup Passban takes an all-of-the-above approach, allowing you to choose and combine different forms of authentication on an Android or iOS device: recognizing your voice, recognizing your face, checking to see if you're in a designated location, or entering an old-fashioned password, among others. This flexible setup also gets around the problem of you being in a place that's too noisy or too dark for voice or facial recognition.

Or people may be content to continue wrestling with passwords, with only a minority opting to augment them with measures like Google's two-step verification.

---

Email:

---