Travelers heading to the US have many reasons to be cautious about their devices when it comes to privacy. A report released Thursday from the Department of Homeland Security provides even more cause for concern about how much data border patrol agents can pull from your phones and computers. From a report: In a Privacy Impact Assessment dated July 30, the DHS detailed its US Border Patrol Digital Forensics program, specifically for its development of tools to collect data from electronic devices. For years, DHS and border agents were allowed to search devices without a warrant, until a court found the practice unconstitutional in November 2019. In 2018, the agency searched more than 33,000 devices, compared to 30,200 searches in 2017 and just 4,764 searches in 2015. Civil rights advocates have argued against this kind of surveillance, saying it violates people's privacy rights.

The report highlights the DHS' capabilities, and shows that agents can create an exact copy of data on devices when travelers cross the border. According to the DHS, extracted data from devices can include: Contacts, call logs/details, IP addresses used by the device, calendar events, GPS locations used by the device, emails, social media information, cell site information, phone numbers, videos and pictures, account information (user names and aliases), text/chat messages, financial accounts and transactions, location history, browser bookmarks, notes, network information, and tasks list. The policy to retain this data for 75 years still remains, according to the report.

An anonymous reader quotes a report from TechCrunch: Several companies offering phone-spying apps -- known as "stalkerware" -- are still advertising in Google search results, despite the search giant's ban that took effect today, TechCrunch has found. These controversial apps are often pitched to help parents snoop on their child's calls, messages, apps and other private data under the guise of helping to protect against online predators. But some repurpose these apps to spy on their spouses -- often without their permission. It's a problem that the wider tech industry has worked to tackle. Security firms and antivirus makers are working to combat the rise of stalkerware, and federal authorities have taken action when app makers have violated the law.

One of the biggest actions to date came last month when Google announced an updated ads policy, effectively banning companies from advertising phone-snooping apps "with the express purpose of tracking or monitoring another person or their activities without their authorization." Google gave these companies until August 11 to remove these ads. But TechCrunch found seven companies known to provide stalkerware -- including FlexiSpy, mSpy, WebWatcher and KidsGuard -- were still advertising in Google search results after the ban took effect. Google did not say explicitly say if the stalkerware apps violated its policy, but told TechCrunch that it removed ads for WebWatcher. Despite the deadline, Google said that enforcement is not always immediate. "We recently updated our policies to prohibit ads promoting spyware for partner surveillance while still allowing ads for technology that helps parents monitor their underage children," said a Google spokesperson. "To prevent deceitful actors who try to disguise the product's intent and evade our enforcement, we look at several signals like the ad text, creative and landing page, among others, for policy compliance. When we find that an ad or advertiser is violating our policies, we take immediate action."

An appeals court ruled today that police use of facial recognition technology in the UK has "fundamental deficiencies" and violates several laws. Ars Technica reports: South Wales Police began using automated facial recognition technology on a trial basis in 2017, deploying a system called AFR Locate overtly at several dozen major events such as soccer matches. Police matched the scans against watchlists of known individuals to identify persons who were wanted by the police, had open warrants against them, or were in some other way persons of interest. In 2019, Cardiff resident Ed Bridges filed suit against the police, alleging that having his face scanned in 2017 and 2018 was a violation of his legal rights. Although he was backed by UK civil rights organization Liberty, Bridges lost his suit in 2019, but the Court of Appeal today overturned that ruling, finding that the South Wales Police facial recognition program was unlawful.

"Too much discretion is currently left to individual police officers," the court ruled. "It is not clear who can be placed on the watchlist, nor is it clear that there are any criteria for determining where AFR can be deployed." The police did not sufficiently investigate if the software in use exhibited race or gender bias, the court added. The South Wales Police in 2018 released data admitting that about 2,300 of nearly 2,500 matches -- roughly 92 percent -- the software made at an event in 2017 were false positives. The ruling did not completely ban the use of facial recognition tech inside the UK, but does narrow the scope of what is permissible and what law enforcement agencies have to do to be in compliance with human rights law. Other police inside the UK who deploy facial recognition technology will have to meet the standard set by today's ruling. That includes the Metropolitan Police in London, who deployed a similar type of system earlier this year.

An anonymous reader quotes a report from MarketWatch: TikTok skirted a privacy safeguard in Google's Android operating system to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out, a Wall Street Journal analysis has found. The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies limiting how apps track people and wasn't disclosed to TikTok users. TikTok ended the practice in November, the Journal's testing showed.

The identifiers collected by TikTok, called MAC addresses, are most commonly used for advertising purposes. The White House has said it is worried that users' data could be obtained by the Chinese government and used to build detailed dossiers on individuals for blackmail or espionage. In a statement, a spokesperson said the company is "committed to protecting the privacy and safety of the TikTok community. Like our peers, we constantly update our app to keep up with evolving security challenges." The company said "the current version of TikTok does not collect MAC addresses."

University of Michigan researchers recently published a study showing facial recognition technology in schools has limited efficacy and presents a number of serious problems. From a report: The research was led by Shobita Parthasarathy, director of the university's Science, Technology, and Public Policy (STPP) program, and finds the technology isn't just ill-suited to security purposes, it can actively promote racial discrimination, normalize surveillance, and erode privacy while marginalizing gender nonconforming students. The study follows the New York legislature's passage of a moratorium on the use of facial recognition and other forms of biometric identification in schools until 2022. The bill, a response to the Lockport City School District launching a facial recognition system, was among the first in the nation to explicitly regulate or ban use of the technology in schools. That development came after companies including Amazon, IBM, and Microsoft halted or ended the sale of facial recognition products in response to the first wave of Black Lives Matter protests in the U.S.

A U.S. appeals court on Tuesday reversed a lower court ruling against chip supplier Qualcomm in an antitrust lawsuit brought by the Federal Trade Commission. From a report: The United States Ninth Circuit Court of Appeals also vacated an injunction that would have required Qualcomm to change its intellectual property licensing practices. The decision amounted to a near complete victory for the San Diego company, the largest supplier of chips for mobile phones and also a key generator of wireless communications intellectual property and industry standards. Qualcomm was fighting a May 2019 decision by U.S. District Judge Lucy Koh in San Jose, California. That judge sided with antitrust regulators, writing that Qualcomm's practice of requiring phone makers to sign a patent license agreement before selling them chips "strangled competition" and harmed consumers.

A consumer advocacy group is suing Zoom and seeking millions of dollars in damages, accusing the company of misleading its users about the strength of its encryption protections. From a report: The nonprofit group Consumer Watchdog is also accusing the videoconferencing company of deceiving users about the extent of its links with China and the fact that some calls between people in North America were routed through servers in China. That raises the danger Beijing could steal or demand access to the contents of those calls, according to a copy of the lawsuit, which was shared exclusively with The Cybersecurity 202.

Those phony claims "lull[ed] consumers and businesses into a false sense of security" and helped Zoom to soar in popularity during the early months of the pandemic, according the lawsuit, which was filed late yesterday in Washington D.C. Superior Court. The consumer group fears that if Zoom isn't punished, other companies will be incentivized to make false claims about their security and privacy protections to attract users and stand out against competitors.

An anonymous reader quotes a report from Wired: Internet connectivity and cellular service in Belarus have been down since Sunday evening, after sporadic outages early that morning and throughout the day. The connectivity blackout, which also includes landline phones, appears to be a government-imposed outage that comes amid widespread protests and increasing social unrest over Belarus' presidential election Sunday. The ongoing shutdown has further roiled the country of about 9.5 million people, where official election results this morning indicated that five-term president Aleksandr Lukashenko had won a sixth term with about 80 percent of the vote. Around the country, protests against Lukashenko's administration, including criticisms of his foreign policy and handling of the Covid-19 pandemic, grew in the days leading up to the election and exploded on Sunday night. The government has responded to the protests by mobilizing police and military forces, particularly in Minsk, the capital. Meanwhile, opposition candidates and protesters say the election was rigged and believe the results to be illegitimate.

On Monday, Lukashenko said in an interview that the internet outages were coming from abroad, and were not the result of a Belarusian government initiative. Belarus' Community Emergency Response Team, or CERT, in a statement on Sunday blamed large distributed denial-of-service attacks, particularly against the country's State Security Committee and Ministry of Internal Affairs, for causing "problems with equipment." The Belarusian government-owned ISP RUE Beltelecom said in a statement Monday that it is working to resolve the outages and restore service after "multiple cyberattacks of varying intensity." Outside observers have met those claims with skepticism. "The truth of what's going on in Belarus isn't really knowable right now, but there's no indication of a DDoS attack. It can't be ruled out, but there's no external sign of it that we see," says Alp Toker, director of the nonpartisan connectivity tracking group NetBlocks. After midnight Sunday, NetBlocks observed an outage that went largely unnoticed by the Belarus population, given the hour, but the country's internet infrastructure became increasingly wobbly afterward. "Then just as polls are opening in the morning, there are more disruptions, and those really continue and progress," says Toker. "Then the major outage that NetBlocks detected started right as the polls were closing and is ongoing."

The disruption extended even to virtual private networks -- a common workaround for internet outages or censorship -- most of which remain unreachable. "Belarus hasn't had a lot of investment in circumvention technologies, because people there haven't needed to," Toker says. Meanwhile, there are a few anecdotal indications that the outages were planned, and even possibly that the government warned some businesses and institutions ahead of time. A prescient report on Saturday from the Russian newspaper Moskovsky Komsomolets included an interview with a salesperson who warned journalists attempting to buy SIM cards that the government had indicated widespread connectivity outages might be coming as soon as that night.

An anonymous reader quotes a report from The Hill: The Environmental Protection Agency (EPA) will sign and issue new rules this week that will get rid of certain methane gas emission requirements for oil and gas producers, The Wall Street Journal reported Monday. Unidentified administration officials told the newspaper that the new rules will include getting rid of requirements for producers to have systems and processes to find methane leaks. They will also end EPA oversight of smog and emissions from pipelines and storage sites and lessen monitoring and reporting requirements for certain pollutants, the Journal reported. The new rules have most of the major elements of proposals from 2018 and 2019, according to the newspaper.

In 2019, the agency proposed eliminating requirements for oil and gas companies to install technology for monitoring methane emissions from pipelines, wells and facilities. In 2018, it proposed reducing the frequency of monitoring methane emissions of oil and gas wells to every two years and compressor stations that help transport natural gas to just once a year. However, the Journal reported Monday that the administration would forgo the measures that would have reduced the inspection frequency due to difficulty in justifying them legally.

A California judge ruled that Uber and Lyft must classify their drivers as employees in a stunning preliminary injunction issued Monday afternoon. The Verge reports: The injunction is stayed for 10 days, however, giving Uber and Lyft an opportunity to appeal the decision. Uber said it planned to file an immediate emergency appeal to block the ruling from going into effect. [...] Drivers' groups hailed the ruling as forward progress in their fight to upend Uber and Lyft. "Today's ruling affirms what California drivers have long known to be true: workers like me have rights and Uber and Lyft must respect those rights," Mike Robinson, a Lyft driver and member of the Mobile Workers Alliance, a group of Southern California drivers, said in a statement.

But Uber maintains this ruling will result in fewer jobs during a global pandemic that is putting strain on the state's economic conditions. "The vast majority of drivers want to work independently, and we've already made significant changes to our app to ensure that remains the case under California law," an Uber spokesperson said. "When over 3 million Californians are without a job, our elected leaders should be focused on creating work, not trying to shut down an entire industry during an economic depression." A Lyft spokesperson agreed. "Drivers do not want to be employees, full stop," the spokesperson said. "We'll immediately appeal this ruling and continue to fight for their independence. Ultimately, we believe this issue will be decided by California voters and that they will side with drivers." Earlier today in an op-ed via The New York Times, Uber CEO Dara Khosrowshahi said lawmakers should require gig economy companies to create benefits funds, which would "give workers cash that they can use for the benefits they want, like health insurance or paid time off."

An anonymous reader quotes a report from The Intercept: Documents published in the BlueLeaks trove, which was hacked by someone claiming a connection to Anonymous and published by the transparency collective Distributed Denial of Secrets, show the information that TikTok shared with U.S. law enforcement in dozens of cases. Experts familiar with law enforcement requests say that what TikTok collects and hands over is not significantly more than what companies like Amazon, Facebook, or Google regularly provide, but that's because U.S. tech companies collect and hand over a lot of information. The documents also reveal that two representatives with bytedance.com email addresses registered on the website of the Northern California Regional Intelligence Center, a fusion center that covers the Silicon Valley area. And they show that the Federal Bureau of Investigation and Department of Homeland Security actively monitored TikTok for signs of unrest during the George Floyd protests.

The number of requests for subscriber information that TikTok says it receives from law enforcement is significantly lower than what U.S. tech giants reportedly field, likely because police are more accustomed to using data from U.S. companies and apps in investigations. TikTok enumerates its requests from law enforcement in a biannual transparency report, the most recent of which says that for the last half of 2019, the company received 100 requests covering 107 accounts. It handed over information in 82 percent of cases. Facebook, by contrast, says it received a whopping 51,121 requests over the same period, and handed over at least some data in 88 percent of cases. A 2018 document found in BlueLeaks titled "Law Enforcement Technology Investigations Resource Guide" gives police details on how to obtain records from Musical.ly, which was acquired by ByteDance and merged into TikTok that year. "In the releases shown in BlueLeaks, TikTok handed over multiple IP addresses, information about the devices used to register for accounts, cellphone numbers, and unique IDs tied to platforms including Instagram, Facebook, or Google if the user logged in using a social media account," the report adds.

"It is unclear whether these data releases were in response to warrants, subpoenas, or other requests, and the company would not give details, citing user privacy. The accounts for which TikTok handed over data in the BlueLeaks dump range from influencers with tens of thousands of followers to people who primarily post for friends."

In a legal filing, says Apple: Consumers encountering Applicant's Mark are likely to associate the mark with Apple. Applicant's Mark consists of a minimalistic fruit design with a right-angled leaf, which readily calls to mind Apple's famous Apple Logo and creates a similar commercial impression, as shown in the following side-by-side comparison. John Gruber, writing at DaringFireball: Here's the comparison. I could actually see this being a reasonable objection if Prepear were selling computers or phones or watches. But they're a recipe app. Their logo clearly looks like a pear, not an apple, and their pear does not even look like an Apple-logo-like pear. Back in the old days Apple didn't even pursue legal action against the Banana Junior series of personal computers, and their logo was a six-color banana.

With SoftBank's Masayoshi Son trying to sell ARM, a columnist for the Observer newspaper has a suggestion for the U.K. government (and specifically Brexit Tories), calling the Cambridge-based company "a kind of public-interest commercial company: licensing state-of-the art instruction sets that can be implemented in silicon architecture by everyone. It was in nobody's pocket." Its business, as its chief founder, Tudor Brown, acknowledges, relied on it never betraying its neutrality... A future owner could almost trash Arm in the pursuit of its own commercial ends. Nvidia, reported to be in advanced talks with Son, is just such a possible owner. Rooted in the games industry, it has found to its surprise that its processing units are much in demand as artificial intelligence applications mushroom. Son wanted to sell Arm to an industry coalition that might protect the company's independence and business model. None could be found, so, desperate for cash, given a string of failed and written-down investments (WeWork, Uber etc), he is now having to sup with a buyer that can only destroy Arm.

Nvidia's ambitions are scarcely hidden. Once it owns Arm it will withdraw its licensing agreements from its competitors, notably Intel and Huawei, and after July next year take the rump of Arm to Silicon Valley, just as Google has done with the British AI company DeepMind. Arm, and Britain's hopes to be a player in hi-tech, will be dead.

Ownership is fundamental and the lesson of the story is that unless Britain creates the legal, cultural and institutional framework allowing companies such as Arm (or DeepMind) to have anchor shareholders — or simply allowing founder shareholders to have powerful differential voting rights as in the U.S. and Canada — we are condemned to inferiority. But even now Britain could act. The government could offer a foundational investment of, say, £3bn-£5bn and invite other investors — some industrial, some sovereign wealth funds, some commercial asset managers — to join it in a coalition to buy Arm and run it as an independent quoted company, serving the worldwide tech industry... if Britain is to develop an industrial strategy, this is how it must act...

A successful capitalism is always about framing innovative private dynamism within a fit-for-purpose regulatory and ownership architecture designed by the state, a reality that neither major party has ever understood. The open question is whether Brexit Tories, forced by reality, might change. This kind of audacious deal could appeal to Johnson and Cummings, a statement of intent to match China in our commitment to a decisive presence in 21st-century hi-tech.

Brexit was meant to give Britain the freedom to make this kind of move.

Richard Stallman gave a new interview to the site Cointelegraph, which asked him his feelings about cryptocurrencies. "I'm not against them," Stallman answers "I'm not campaigning to eliminate them, I just don't particularly want to use them."

Cointelegraph then asks Stallman how he feels about tests underway for the Chinese government's own central bank digital currency: Richard Stallman: "Digital payment systems are fundamentally dangerous if they are not engineered to ensure privacy. China is the enemy of privacy. China shows what totalitarian surveillance is like. I consider that hell on earth. That's part of why I haven't used cryptocurrencies that are issued by the community. If the cryptocurrency is issued by a government, it would surveille people just the way credit cards do and PayPal does, and all those other systems meaning completely unacceptable."
Stallman later says "I don't do any kind of digital payments, and the reason is the systems that exist do not respect the user's privacy, and that includes Bitcoin. Every Bitcoin transaction is published." But when Cointelegraph asks about various Bitcoin modifications designed for privacy, Stallman answers "I am not convinced about them." Richard Stallman: In any case, the GNU project has developed something much better, which is GNU Taler. GNU Taler is not a cryptocurrency. It is not a currency at all. It is a payment system designed to be used for anonymous payments to businesses to buy something. It is anonymous through a blind signature for the payer. However, the payee has to identify itself for every purchase in order to get money out of the system. So the idea is you can use your bank account to get Taler Tokens, and you can spend them and the payee won't be able to tell who you are.

It won't be able to tell that you got the token from a particular bank account at a particular time, even though you did so. To convert your payment into money in its own bank, the store (the payee) will have to identify itself. So this gives privacy in a much more reliable way than cryptocurrencies do, and it blocks the idea of using this system to enable tax evasion.

GNU Taler recently had an exciting milestone. A few months ago the eurozone banking system became interested in supporting Taler payments, and just recently they succeeded using a test setup in obtaining Taler tokens with one bank account and paying them to another bank account through the Taler system. Now, it's not something that anybody can use but it will be, and that will be really exciting.
And in response to a question about Facebook's "Libra" digital currency project, Stallman says he hasn't study the details "because the most important thing about it I already know. It's connected with Facebook, and Facebook means surveillance.

"I urge people to join me in absolutely refusing to use Facebook or rather be used by Facebook. Because Facebook doesn't have users. Facebook has used. So don't be a sucker, don't be used by Facebook."

Bloomberg looks at some interesting local currency programs that have been implemented around the world. And in at least one case money "is literally being made from trees" — the wooden dollars being printed in a small city in the northwest U.S. and distributed to the needy in monthly stipends.

"We preach localism and investing in our local community," says mayor Wayne Fournier, "and the idea with this scheme is that we'll stand together as a community and provide relief to individuals that need it while fueling consumption." Since the launch in May, cities from Arizona to Montana and California have been in contact with Tenino for advice about starting their own local currencies. "We have no idea what is going to happen next in 2020," adds Fournier. "But cities like ours need to come up with niche ways to be sustainable without relying on the larger world..."

As in Tenino, the Brazilian city of Maric, in Rio de Janeiro state, combines a local currency with a basic income program. Around 80,000 residents, nearly half of the population, receive 130 reais ($35) each per month, without any conditions about how they can spend the money. Launched in 2014, the money is distributed in "Mumbuca," the city's local currency, which is not accepted in the rest of Brazil. "This can become a model on how a city can efficiently disburse social benefits during the pandemic, supporting poor families while they stay at home and also small business during the crisis," says Eduardo Diniz, professor of banking and technology at the São Paulo School of Business Administration, who has been researching public policies using community currencies since 2014...

Inspired by blockchain technology, England's northern city of Hull created the world's first digital-only local currency in 2018, providing discounts of up to 50% on goods and services for those that did voluntary work with local organizations.

A similar Dutch project, Samen Doen, rewards those who carry out socially beneficial activities such as caring for the elderly.

"The Wall Street Journal said it had obtained a Qualcomm presentation lobbying the U.S. government to remove restrictions and let it sell Snapdragon processors to Huawei," reports Engadget: The ban won't prevent Huawei from obtaining necessary parts and could just drive "billions of dollars" of U.S. sales to foreign chip makers like MediaTek and Samsung, Qualcomm reportedly said — lifting the chip ban would theoretically help American companies stay competitive.

There could be a "rapid shift in 5G chipset market share" if Qualcomm is restricted while its foreign rivals aren't, Qualcomm said.

An anonymous reader quotes long-time technology pundit Robert Cringely: Forty-five days from now, we're told, President Trump will shut down TikTok and WeChat. TikTok, maybe, but WeChat? Impossible...

Trump has a chance of taking down TikTok, the short form video sharing site, because that service is dependent on advertising. He can force the app out of U.S. app stores (though not out of foreign ones) and he can cut off the flow of ad dollars... at least those dollars that flow through American pockets. But there are workarounds, I'm sure, even for TikTok and 45 days is a lot of time to come up with them. So maybe the service will be sold to Microsoft or maybe not. In either case I'm sure TikTok will survive in some form.

WeChat, on the other hand, will thrive.

WeChat, if you haven't used it, is the mobile operating system for China. It's an app platform in its own right that is used for communication, entertainment, and commerce. Imagine Facebook, LinkedIn, PayPal, Venmo, Skype, Uber, Gmail and eBay all in a single application. That's WeChat. It's even a third-party application platform, so while U.S. banks operate on the Internet, Chinese banks operate on WeChat. Shutting WeChat down in the U.S. would be a huge blow to WeChat's parent company, TenCent, and a huge blow to the Chinese diaspora. Except it won't work.

To defeat President Trump, all WeChat users need is a Virtual Private Network and any WeChat users already in the U.S. already have a VPN to defeat the much more formidable Great Firewall of China.

"Anyone in the United States who held a Google Plus account between January 1, 2015 and April 2, 2019, and believes they were impacted by a security flaw that Google disclosed in 2018 can now register for a payout from a class action settlement..." reports the Verge.

"Each class action member is eligible for a payout of up to $12 after attorney fees and other costs are accounted for, although this could vary depending on the number of people who submit a claim." Although it's reached a settlement, Google denies the allegations made in the lawsuit. It denies any wrongdoing, and believes that no users "sustained any damages or injuries due to the software bugs."

If you're interested in making a claim, then you can do so over on the settlement's website, where you'll need to provide the email address associated with your Google Plus account. As well as holding an account between the dates listed, your data must have been exposed as part of the security lapse (Google has previously said that as many as 500,000 users were affected). A final fairness hearing is scheduled for November 19.
Google has set aside $7.5 million to handle all costs associated with the settlement, according to the claims page at GooglePlusDataLitigation.com.

"If you submit a Valid Claim by October 8, 2020, you may receive a payment. You will also give up your rights to sue Google and/or any other released entities regarding the legal claims in this case."

Axios reports: New Zealand has now gone 100 days with no detected community spread of COVID-19, the Ministry of Health confirmed in an emailed statement Sunday afternoon local time... Prime Minister Jacinda Ardern has been widely praised for her leadership that saw New Zealand lock down hard for several weeks before all domestic restrictions were lifted in June...

New Zealand has 23 active coronavirus cases. All are NZ residents newly returned from abroad, who are staying in managed isolation facilities. The border remains closed to non-residents and all newly-returned Kiwis must undergo a two-week isolation program managed by the country's defense force... Police are stationed outside hotels where travelers are in quarantine.

China's Great Firewall "is now blocking HTTPS connections set up via the new TLS 1.3 encryption protocol and which use ESNI (Encrypted Server Name Indication)," reports ZDNet: The block has been in place for more than a week, according to a joint report authored by three organizations tracking Chinese censorship — iYouPort, the University of Maryland, and the Great Firewall Report. ZDNet also confirmed the report's findings with two additional sources — namely members of a U.S. telecommunications provider and an internet exchange point (IXP) — using instructions provided in a mailing list...

The reason for the ban is obvious for experts. HTTPS connections negotiated via TLS 1.3 and ESNI prevent third-party observers from detecting what website a user is attempting to access. This effectively blinds the Chinese government's Great Firewall surveillance tool from seeing what users are doing online.

There is a myth surrounding HTTPS connections that network observers (such as internet service providers) cannot see what users are doing. This is technically incorrect. While HTTPS connections are encrypted and prevent network observers from viewing/reading the contents of an HTTPS connection, there is a short period before HTTPS connections are established when third-parties can detect to what server the user is connecting. This is done by looking at the HTTPS connection's SNI (Server Name Indication) field.

In HTTPS connections negotiated via older versions of the TLS protocol (such as TLS 1.1 and TLS 1.2), the SNI field is visible in plaintext.