Agent verification is activity to gain assurances that purposeful artificial constructs act in accordance with their specifications. While primitive forms of inorganic agents have been used in manufacturing for centuries, the study of artificial agents did not begin until the mid 20th century. Foundational work on such agents was closely bound with the emergence of artificial intelligence as an academic discipline. Early agents deployed for industrial control systems and in computing were often controlled by quite simple logic however, not involving artificial intelligence as such. When deployed as part of a multi-agent system, even such simple agents could require special agent orientated testing methods, as their collective behaviour was challenging to verify with traditional testing techniques. Difficulties in providing assurances that agents will not behave in dangerous ways became more prevalent after the introduction of LLM agents, especially after the rapid acceleration of their deployment in 2025. The verification of agent behaviour can be conducted by formal or informal methods. Informal verification requires less mathematical skill. But when agents are part of systems where errors have significant risks — such as danger to human life, environmental damage or major financial loss — formal verification is preferred. Both regulators and system designers themselves like formal verification as it provides a high degree of mathematical certainty. It is not however always possible to formally test all aspects of an agent based system's behaviour, especially where newer LLM based agents are concerned, due in part to their high degree of autonomy. Accordingly, agent verification for low impact deployments might be carried out only with informal methods, while for high impact deployments, it may be performed with a mix of formal and informal techniques. == Terminology == In academia, the term agent verification is often defined to mean activity concerned with gaining assurance that the agent behaves in accordance with its specification - whether by processes such as testing or simulation. 'Verification' is typically contrasted with 'validation', the latter meaning activity concerned with checking that the specification itself meets user or real world needs. Such definitions are not universally adhered to however - for example, in some workplaces and documents, the words 'verification' and 'validation' can be used synonymously. Efforts to gain confidence in Agents have intensified sharply since 2025 due to the rapid roll out of LLM agents; different terms are sometimes used in the commercial sector. Here the term 'agent verification' can be used in the same sense as it is in academia, but sometimes the same activity can be covered by more ambiguous and wider ranging terms such as 'Agent governance' , 'Agent observability' or 'AI agent policing'. == History == === Classical agents === The theoretical underpinnings for artificial (inorganic) agents emerged in the mid 20th century, with establishment of cybernetics and artificial intelligence. Oliver Selfridge's 1958 Pandemonium - A Paradigm for Learning paper was an important early theoretical contribution in establishing agent oriented architecture. Practical implementations of agents for real world applications began to become widespread in the 1990s, after the introduction of the belief–desire–intention software model (BDI), and agent-oriented programming. Pure digital agents were deployed in computer infrastructure for purposes such as monitoring, while agents connected to real-world sensors and actuators were increasingly used in industrial control systems. While the concept of artificial agents was interwoven with early artificial intelligence studies right from the start, early agents lacked general purpose reasoning capabilities, often only having simple if then logic. Even a device as simple as a thermostat, which has a sensor and a means of acting, can be considered a proto agent in this sense. Verifying the behaviours of a simple single agent system is not generally especially difficult, but it can be a different matter when several simple agents coexist in the same system. Craig Reynolds's work on boids showed that relatively complex, "intelligent" behaviour can emerge from a number of such simple agents working together in a Multi-agent system (MAS). By the 1990s, even the behaviour of a single agent system could sometimes be quite complex; in accordance with the Belief–desire–intention software model, agents could have believes that might evolve over time. Agents were increasingly introduced that were controlled by quite large decision tree models, which had new vulnerabilities to adversarial attack. It was becoming increasingly apparent that traditional software verification methods had limitations for testing such agents, or even for the more primitive type of agents when they were deployed as part of a MAS. It was the use of agents for industrial control systems, sometimes associated with robotics, that lent urgency to the practice of agent verification. Informal testing might be acceptable for digital agents used say to monitor whether each of an organisation's computers are properly licensed. But with an increasing potential for faulty agents to result in a failure that might cause a large fire to break out at a chemical manufacturing plant, a botched medical operation, or even a crashed aircraft, the need to develop reliable means of verifying behaviour of such agents was considered urgent. The Foundation for Intelligent Physical Agents was established in 1996. From the late 90s, a growing number of industry and university based scientists began working on the problem, with researchers publishing papers on the verification of both single and multi agent systems. Much of this work showed how formal verification techniques like model checking could be used to gain a high level of assurance that agent based systems would conform with their specification. A 2018 systematic review covering 231 studies found that model checking was the most common technique for agent verification, with theorem proving the second most commonly used formal verification method. In the first two decades of the 20th century, agents run by AI became more common, with Siri and Alexa being well known examples. But such agents still lacked general reasoning capabilities and did not pose new pressing problems for agent verification. === General purpose reasoning agents === The advent of LLMs created huge potential for further use of artificial agents, as agents based on them could have general purpose cognitive abilities. Agents run by LLMs (and occasionally non-LLM foundation models) have similar vulnerability to adversarial attack as those run by decision tree models. The wider scope of actions for LLM agents has created new challenges for their verification, over and above those present for classical agents. For example, the LLM's neural network endows it with infinite domains, an especial challenge for traditional formal verification techniques. Academics began to study the problems involved in verifying LLM agents from 2018. Deployment of such agents began to accelerate in late 2023 after OpenAI's "function-calling" API was made available, and especially after Anthropic's late 2024 introduction of Model Context Protocol (MCP), a standardised way for LLM agents to gain contextual awareness, and to act on the world by calling various external tools. The rapid rollout of LLM agents following MCP's release has seen the task of agent verification receive increased attention within academia, and also from the private sector. In 2024 and 2025 several startups focusing on LLM agent verification have been founded in both Europe and the US to meet growing demand. == Approaches == === Formal verification === Formal verification involves proving the correctness of some or all aspects of a system using mathematical methods. Such methods can range from manual formal proof, to verification assisted with automated theorem provers like Isabelle. For agent verification, model checking is by far the most frequently used formal verification method; for pre-LLM models it was often complemented with techniques using computation tree logic. Another common method is theorem proving. Formal verification provides a higher degree of confidence than informal methods, but it is not always used, even when it is possible. Sometimes a person or organisation developing software agents won't have the necessary skills, or may not see it as worth the effort if the agent(s) will not have the ability to cause much harm even if they malfunction. When agents are deployed in systems where errors could have serious consequences, the ability of formal verification methods to provide mathematical certainty tends to be strongly preferred by both regulators and designers themselves. But even for high impact systems, formal verificatio
Association for Computational Linguistics
The Association for Computational Linguistics (ACL) is a scientific and professional organization for people working on natural language processing. Its namesake conference is one of the primary high impact conferences for natural language processing research, along with EMNLP. The conference is held each summer in locations where significant computational linguistics research is carried out. It was founded in 1962, originally named the Association for Machine Translation and Computational Linguistics (AMTCL). It became the ACL in 1968. The ACL has a European (EACL), a North American (NAACL), and an Asian (AACL) chapter. == History == The ACL was founded in 1962 as the Association for Machine Translation and Computational Linguistics (AMTCL). The initial membership was about 100. In 1965, the AMTCL took over the journal Mechanical Translation and Computational Linguistics. This journal was succeeded by many other journals: the American Journal of Computational Linguistics (1974–1978, 1980–1983), and then Computational Linguistics (1984–present). Since 1988, the journal has been published for the ACL by MIT Press. The annual meeting was first held in 1963 in conjunction with the Association for Computing Machinery National Conference. The annual meeting was, for a long time, relatively informal and did not publish anything longer than abstracts. By 1968, the society took on its current name, the Association for Computational Linguistics (ACL). The publication of the annual meeting's Proceedings of the ACL began in 1979 and gradually matured into its modern form. Many of the meetings were held in conjunction with the Linguistic Society of America, and a few with the American Society for Information Science and the Cognitive Science Society. The United States government sponsored much research from 1989 to 1994, characterized by an increase in author retention rates and an increase in research in some key topics, such as speech recognition, in ACL. By the 21st century, it was able to maintain authors at a high rate who coalesced in a more stable arrangement around individual research topics. In 1991, the group published a prototype for a text generator based on the universal grammar theory of Noam Chomsky. The system, nicknamed Parrot, relied on a finite set of syntactic transformations and a hand-curated lexicon. Despite some initial success, including experimentation with morpheme syntactics, funding halted after the research team encountered intractable difficulties with inflection and abstract locutions. == Annual Meeting of the ACL == Every year, the ACL holds the Annual Meeting of the ACL. The location lies in Europe in years zero modulo three, North America in years one modulo three, and Asia–Australia in years two modulo three. In 2020, the Annual Meeting received for the first time more submissions from China than the United States. == Activities == The ACL organizes several of the top conferences and workshops in the field of computational linguistics and natural language processing. These include: Annual Meeting of the Association for Computational Linguistics (ACL), the flagship conference of the organization Empirical Methods in Natural Language Processing (EMNLP) International Joint Conference on Natural Language Processing (IJCNLP), held jointly one of the other conferences on a rotating basis Conference on Computational Natural Language Learning (CoNLL) Lexical and Computational Semantics and Semantic Evaluation (SemEval) Joint Conference on Lexical and Computational Semantics (SEM) Workshop on Statistical Machine Translation (WMT) Besides conferences, the ACL also sponsors the journals Computational Linguistics and Transactions of the Association for Computational Linguistics (TACL). Papers and other presentations at ACL and ACL-affiliated venues are archived online in the open-access ACL Anthology. == Special Interest Groups == ACL has a large number of Special Interest Groups (SIGs), focusing on specific areas of natural language processing. Some current SIGs within ACL are: == Presidents == Each year, the ACL elects a distinguished computational linguist who becomes vice-president of the organization in the next calendar year and president one year later. Recent ACL presidents are:
Convergent encryption
Convergent encryption, also known as content hash keying, is a cryptosystem that produces identical ciphertext from identical plaintext files. This has applications in cloud computing to remove duplicate files from storage without the provider having access to the encryption keys. The combination of deduplication and convergent encryption was described in a backup system patent filed by Stac Electronics in 1995. This combination has been used by Farsite, Permabit, Freenet, MojoNation, GNUnet, flud, and the Tahoe Least-Authority File Store. The system gained additional visibility in 2011 when cloud storage provider Bitcasa announced they were using convergent encryption to enable de-duplication of data in their cloud storage service. == Overview == The system computes a cryptographic hash of the plaintext in question. The system then encrypts the plaintext by using the hash as a key. Finally, the hash itself is stored, encrypted with a key chosen by the user. == Known Attacks == Convergent encryption is open to a "confirmation of a file attack" in which an attacker can effectively confirm whether a target possesses a certain file by encrypting an unencrypted, or plain-text, version and then simply comparing the output with files possessed by the target. This attack poses a problem for a user storing information that is non-unique, i.e. also either publicly available or already held by the adversary - for example: banned books or files that cause copyright infringement. An argument could be made that a confirmation of a file attack is rendered less effective by adding a unique piece of data such as a few random characters to the plain text before encryption; this causes the uploaded file to be unique and therefore results in a unique encrypted file. However, some implementations of convergent encryption where the plain-text is broken down into blocks based on file content, and each block then independently convergently encrypted may inadvertently defeat attempts at making the file unique by adding bytes at the beginning or end. Even more alarming than the confirmation attack is the "learn the remaining information attack" described by Drew Perttula in 2008. This type of attack applies to the encryption of files that are only slight variations of a public document. For example, if the defender encrypts a bank form including a ten digit bank account number, an attacker that is aware of generic bank form format may extract defender's bank account number by producing bank forms for all possible bank account numbers, encrypt them and then by comparing those encryptions with defender's encrypted file deduce the bank account number. Note that this attack can be extended to attack a large number of targets at once (all spelling variations of a target bank customer in the example above, or even all potential bank customers), and the presence of this problem extends to any type of form document: tax returns, financial documents, healthcare forms, employment forms, etc. Also note that there is no known method for decreasing the severity of this attack -- adding a few random bytes to files as they are stored does not help, since those bytes can likewise be attacked with the "learn the remaining information" approach. The only effective approach to mitigating this attack is to encrypt the contents of files with a non-convergent secret before storing (negating any benefit from convergent encryption), or to simply not use convergent encryption in the first place.
Stegomalware
Stegomalware is a form of malicious software that leverages steganography techniques to conceal its code, configuration data, or command-and-control (C&C) communications within seemingly benign digital media such as images, audio files, videos, documents, or network traffic. It typically embeds encrypted or obfuscated payloads into digital media and only extracts and executes them at runtime, which makes traditional signature-based and sandbox-based detection significantly more difficult. Stegomalware has been observed in attacks ranging from advanced persistent threats (APTs) to financially motivated cybercrime, and is now the subject of dedicated academic surveys, research projects, and international law-enforcement initiatives. The key distinction between stegomalware and traditional obfuscated malware lies in the encoding location. After obfuscation, malicious code remains present within the executable and can theoretically be discovered through static analysis. In contrast, stegomalware hides the payload entirely within a cover medium (image, audio, etc.), remaining invisible until the malware dynamically extracts and executes it at runtime. == History == The term stegomalware was formally introduced by researchers Águila, Laskov, and others in the context of mobile malware and presented at the Inscrypt (Information Security and Cryptology) conference in 2014. This marked the first academic formalization of the concept, though earlier work had already identified that botnets and mobile malware could use steganography and covert channels for command-and-control communication over probabilistically unobservable channels. Since its introduction, stegomalware has evolved from a theoretical concern to a documented threat. In 2011, the APT operation known as "Operation Shady RAT" became one of the first documented cases of stegomalware in the wild, using digital images to hide Internet Protocol addresses and command-and-control server addresses. The same year, the Duqu malware (targeting industrial manufacturers) embedded victim data into JPEG image files before exfiltration, making the data transfer virtually undetectable to network-level security tools. From 2014 onwards, stegomalware became more prevalent in organized cybercrime and advanced persistent threat campaigns. Notable examples include Zeus/Zbot, which masked configuration data in images; Gatak/Stegoloader, which hid shellcode in PNG files; TeslaCrypt, which embedded C&C commands in JPEGs; and Cerber, which concealed ransomware payloads within images. By the 2010s, stegomalware had become established as a preferred evasion technique for espionage, financial theft, and ransomware distribution campaigns. Recent surveys (2020–2025) document that stegomalware has increasingly been exploited by adversaries targeting banks, enterprises, government agencies, educational institutions, and internet users via malvertising campaigns. The technique is now considered a sophisticated method of attack worthy of dedicated international law-enforcement attention. == Technical Characteristics and Definitions == Stegomalware operates through a three-component architecture: Stegotext (R): An innocent-looking digital asset (image, audio file, etc.) into which the malicious payload is embedded. Secret key (sk): A key used by the embedding and extraction algorithms, typically hardcoded into the malware. Payload (p): The actual malicious code, configuration data, or C&C commands hidden within the stegotext. The malware extracts the payload at runtime using the secret key and either executes it directly or uses it to download additional stages of the attack. Stegomalware can be classified into several types based on deployment method: Type 0 (Autonomous): Both the stegotext and extraction algorithm are embedded within the malware application itself. The malicious payload is extracted and executed locally without external communication. Type I (Update): The stegotext and secret key are downloaded from a remote server at runtime; only the extraction algorithm is included in the malware. This variant is more flexible, allowing attackers to push updated payloads. Type II (External Algorithm): Neither the stegotext nor the extraction algorithm are distributed with the malware; both are fetched from an attacker-controlled infrastructure, providing maximum flexibility and evasion. == Steganography techniques == === Spatial domain methods === Stegomalware predominantly uses steganographic methods designed for images, as images are the most common cover medium in the wild. The most basic spatial domain technique is Least Significant Bit (LSB) substitution, which replaces the least significant bits of pixel color values with payload bits. While simple and easy to implement, LSB is also relatively easy to detect through statistical analysis. More sophisticated spatial domain techniques include: HUGO (High Undetectable steGO) (2010): Minimizes detectable distortion by distributing the payload across multiple pixels, achieving embedding capacity with reduced statistical footprint. WOW (Wavelet Obtained Weights) (2012): Embeds data preferentially in textured regions of images where modifications are less perceptually noticeable. UNIWARD (Universal Wavelet Relative Distortion) (2014): Uses a universal distortion function applicable to multiple image formats, balancing payload capacity with undetectability. HILL (2014): Applies high-pass and low-pass filters to identify robust embedding regions. MiPOD (Minimizing the Power of Optimal Detector) (2016): Designed to minimize the power of theoretical optimal steganalysis detectors. === Transform domain methods === Transform domain techniques convert images into the frequency domain (e.g., using DCT or DWT) before embedding, allowing for more robust hiding in JPEG and other compressed formats: Embedding in DCT coefficients (used in JPEG compression) Embedding in DWT coefficients (used in lossless formats) Spread spectrum techniques, which distribute the payload across many frequency components Transform domain methods are generally more resistant to noise, compression, and image transformations than spatial methods. === Generative adversarial network (GAN) methods === Recent advances in machine learning have introduced GAN-based steganography, where a generative model produces stego images that minimize detectable artifacts: SGAN (Steganographic GAN) (2017): First GAN applied to steganography, using a generator, discriminator, and steganalysis network. ASDL-GAN (2017): Performs automatic steganographic distortion learning at the pixel level. SteganoGAN (2019): Improves upon earlier GAN models, achieving higher embedding capacity and robustness. HiGAN (Hiding Images GAN) (2020): Enables hiding one image within another while maintaining visual plausibility. GAN-based approaches are more resilient to standard steganalysis attacks but remain an emerging threat requiring further research. == Notable malware campaigns == Stegomalware has been documented in numerous high-profile cyber attacks and campaigns. Notable examples include: Operation Shady RAT (2011): Used digital images to hide command-and-control server addresses in targeted espionage. Duqu (2011): Embedded victim data into JPEG files to exfiltrate industrial control system information. Zeus/Zbot (2014): Masked banking configuration data inside JPEG files exploited via malvertising. Gatak/Stegoloader (2015): Hid shellcode in PNG files for software licensing attacks and bot command execution. TeslaCrypt (2015): Embedded C&C commands and ransomware keys in JPEG images. Cerber (2016): Concealed executable ransomware code in JPEG files distributed via phishing. DNSChanger (2016): Embedded malicious code in PNG files for DNS hijacking campaigns. Sundown Exploit Kit (2017): Distributed exploit code in PNG files via malvertising. AdGholas (2017): Used JPEG steganography to distribute ransomware via malvertising. Synccrypt (2017): Hidden ransomware components in JPEG-steganographic encrypted archives. ZeroT/PlugX (2017): Hid Remote Access Trojan payloads in BMP files for espionage. Loki Bot (2018): Concealed malware installers in JPEG and video files. Waterbug (APT28) (2019): Injected malicious DLLs into WAV audio files. Shlayer (macOS adware) (2019): Hid malicious URLs in JPEG files via malvertising. === Attack vectors === The most common attack vectors for stegomalware include: Phishing emails with malicious attachments or links Malvertising campaigns using malicious banner advertisements Exploit kits through compromised or malicious websites Legitimate application vulnerabilities (e.g., watering-hole attacks) Fake software distribution (cracked software, keygen tools) === Exploitation stages === Stegomalware typically serves one or more roles in attack lifecycles: Payload delivery: Stego images contain full executable code or shellcode. C&C communication: Hidden data contains server addresses or command instructio
Viber
Rakuten Viber, commonly known as Viber, is a cross-platform voice over IP (VoIP) and instant messaging (IM) software application owned by the Japanese technology company Rakuten Group. The service is available as freeware for Android, iOS, Microsoft Windows, macOS and Linux. Users are registered and identified through a mobile phone number, although the service can also be accessed on desktop platforms without mobile connectivity. In addition to instant messaging, the platform allows users to exchange media such as images, videos and files, and provides a paid international calling service called Viber Out. The software was launched in 2010 by the company Viber Media, founded by Talmon Marco and Igor Magazinnik. Rakuten acquired Viber Media in 2014 and later renamed the company Rakuten Viber. The company is headquartered in Cyprus and maintains offices in London, Manila, Paris, San Francisco, Singapore, Tokyo and Beijing. == History == === Founding (2010) === Viber Media was founded in Tel Aviv, Israel, in 2010 by Talmon Marco and Igor Magazinnik. Marco and Magazinnik are also co-founders of the peer-to-peer media and file-sharing client iMesh. The company was run from Israel and was registered in Cyprus. Sani Maroli and Ofer Smocha soon joined the company as well. Marco said Viber allows instant calling and synchronization with contacts because the ID is the user's cell number. In its early days, Viber relied on a patchwork of outsourcing partners from different countries, commissioning specific solutions from external vendors — including teams based in Cyprus and Belarus. According to the company's statements, development of Viber's core functionality historically originated from its Tel Aviv office — a testament to its roots — even though the legal entity was registered elsewhere. === Early monetisation (2011) === In its first two years of availability, Viber did not generate revenues. It began doing so in 2013, via user payments for Viber Out voice calling and the Viber graphical messaging "sticker market". The company was originally funded by individual investors, described by Marco as "friends and family". They invested $20 million in the company, which had 120 employees as of May 2013. On 24 July 2013, Viber's support system was defaced by the Syrian Electronic Army. According to Viber, no sensitive user information was accessed. By the time Rakuten came forward with its acquisition deal in 2014, Viber had already stopped working with external vendors, choosing instead to consolidate development under its own offices. === Rakuten acquires Viber (2014) === On 13 February 2014, Rakuten announced they had acquired Viber Media for $900 million, and since then Viber has been owned by Rakuten, Inc., an e-commerce conglomerate headquartered in Tokyo. The sale of Viber earned the Shabtai family (Benny, his brother Gilad, and Gilad's son Ofer) some $500 million from their 55.2% stake in the company. At that sale price, the founders each realized over 30 times return on their investments. Later that year, the company established a UK presence with the incorporation of Viber UK Limited in London. Djamel Agaoua became Viber Media CEO in February 2017, replacing co-founder Marco who left in 2015. In July 2017 the corporate name of Viber Media was changed to Rakuten Viber and a new wordmark logo was introduced. Its legal name remains Viber Media, S.à r.l. based in Luxembourg. === Post-acquisition === In August 2015 Viber opened a regional office for Central and Eastern Europe in Sofia to support growth in the region. In 2017, Rakuten Viber and the World Wildlife Fund engaged in a commercial transaction aimed at raising awareness and protecting wildlife. After first using Viber to spread its message in June 2020, the International Federation of the Red Cross launched an official chatbot and community on the messaging app to combat the spread of false information, which they termed an infodemic, about COVID-19. The chatbot is still active as of June 2022, with over 1.4 million subscribers. In 2020, Rakuten Viber and the World Health Organization (the WHO) engaged in a commercial transaction for a chatbot to inform users of issues such as women's health. and an anti-smoking campaign. In the wake of the July–August 2020 Belarusian election protests, to avoid sanctions and harassment from monopolies the company closed its office in Minsk. In 2022, Ofir Eyal became Viber CEO, replacing Djamel Agaoua. Eyal is a Viber veteran; he worked as Vice President of Product in 2014 before his promotion to Chief Operating Officer in 2019. Shortly after the appointment of a new CEO, Viber continued its international expansion. In March 2022, Rakuten announced the opening of a development center in Tbilisi, Georgia, intended to support work on mobile applications and technology projects in the region. In July 2022, Rakuten Viber partnered with Rapyd to launch instant cross-border P2P payments. The company launched payments on the Viber app first in Greece and Germany, and then in other countries. In August, Mineski teamed up with Viber to develop a social minigame platform that can play off Viber's application. In May 2022, Rakuten Viber launched the premium chat service Viber Plus that offers exclusive features, including sticker market privileges, ad-free use, priority Viber support, exclusive badge, unique Viber icon, large file sharing, and more. In 2022, Viber joined the European Union’s Code of Conduct on countering illegal hate speech online. As part of this framework, the company undertook to review reported content and remove material identified as hate speech in accordance with the Code and its platform rules. In January 2024 Rakuten (the company behind Viber) established an office in Kyiv to bring together engineering and marketing departments. Alongside launching its Kyiv office the company joined Diia.City as a resident. Subsequently in October 2024 Rakuten Viber inaugurated an office in Manila to broaden its operations, in the Philippines. The company’s legal entity remains Viber Media S.à r.l., registered in Luxembourg. Viber’s engineering work has been carried out across multiple countries and through external partners, including outsourcing and near-shore vendors. As a result, its development operations are distributed internationally rather than concentrated in a single location. In December 2024, Viber was blocked in Russia. Roskomnadzor announced the nationwide blocking of the messaging app due to non-compliance with local legal requirements. == Security audit == On 4 November 2014, Viber scored 1 out of 7 points on the Electronic Frontier Foundation's "Secure Messaging Scorecard". Viber received a point for encryption during transit but lost points because communications were not encrypted with keys that the provider did not have access to (i.e. the communications were not end-to-end encrypted), users could not verify contacts' identities, past messages were not secure if the encryption keys were stolen (i.e. the service did not provide forward secrecy), the code was not open to independent review (i.e. the code was not open-source), the security design was not properly documented, and there had not been a recent independent security audit. On 14 November 2014, the EFF changed Viber's score to 2 out of 7 after it had received an external security audit from Ernst & Young's Advanced Security Centre. On 19 April 2016, with the announcement of Viber version 6.0, Rakuten added end-to-end encryption to their service. The company said that the encryption protocol had only been audited internally, and promised to commission external audits "in the coming weeks". In May 2016, Viber published an overview of their encryption protocol, saying that it is a custom implementation that "uses the same concepts" as the Signal Protocol. In 2022, Rakuten Viber won a Security Award, by test.de, a tech firm based in Germany where there are over 3 million Viber users. In 2024, Rakuten Viber received SOC certification following an audit conducted by Ernst & Young. The certification relates to the company’s controls for data protection and information security. == Market share == As of December 2016, Viber had 800 million registered users. According to Statista, there are 260 million monthly active users as of January 2019. The Viber messenger is very popular in the Philippines, Greece, Eastern Europe, Russia, the Middle East, and some Asian markets. India was the largest market for Viber as of December 2014 with 33 million registered users, the fifth most popular instant messenger in the country. At the same time there were 30 million users in the United States, 28 million in Russia and 18 million in Brazil. Viber is particularly popular in Eastern Europe, being the most downloaded messaging app on Android in Belarus, Moldova and Ukraine as of 2016. It is also popular in Iraq, Libya and Nepal. Viber is translated in 44 languages and used in more than 190 co
Connection string
In computing, a connection string is a string that specifies information about a data source and the means of connecting to it. It is passed in code to an underlying driver or provider in order to initiate the connection. Whilst commonly used for a database connection, the data source could also be a spreadsheet or text file. The connection string may include attributes such as the name of the driver, server and database, as well as security information such as user name and password. == Examples == This example shows a PostgreSQL connection string for connecting to wikipedia.com with SSL and a connection timeout of 180 seconds: DRIVER={PostgreSQL Unicode};SERVER=www.wikipedia.com;SSL=true;SSLMode=require;DATABASE=wiki;UID=wikiuser;Connect Timeout=180;PWD=ashiknoor Users of Oracle databases can specify connection strings: on the command line (as in: sqlplus scott/tiger@connection_string ) via environment variables ($TWO_TASK in Unix-like environments; %TWO_TASK% in Microsoft Windows environments) in local configuration files (such as the default $ORACLE_HOME/network/admin.tnsnames.ora) in LDAP-capable directory services
Social media marketing
Social media marketing is the use of social media platforms and websites to promote a product or service. Although the terms e-marketing and digital marketing are still dominant in academia, social media marketing is becoming more popular for practitioners and researchers. Social media platforms such as Facebook, LinkedIn, Instagram, and Twitter, among others, have built-in data analytics tools that companies can use to track the progress, success, and engagement of social media marketing campaigns. Companies address a range of stakeholders through social media marketing, including current and potential customers, current and potential employees, journalists, bloggers, and the general public. On a strategic level, social media marketing includes the management of a marketing campaign, governance, setting the scope (e.g. more active or passive use) and the establishment of a firm's desired social media "culture" and "tone". Firms that use social media marketing can allow customers and Internet users to post user-generated content (e.g., online comments, product reviews, etc.), also known as "earned media", rather than use marketer-prepared advertising copy. == Purposes and tactics == Social media may be employed in marketing as a communications tool that makes companies accessible to those who are interested in their product and visible to those who are not familiar with their products. It is used by companies to create buzz, learn from customers, and target them. Of the top 10 factors that correlate with a strong Google organic search, seven are social media-dependent. This means that if brands with little to no social media presence tend to show up less on Google searches. While platforms such as Twitter, Facebook and—in the past—Google+ have a larger number of monthly users, the visual media-sharing-based mobile platforms garner a higher interaction rate in comparison, and have registered the fastest growth, and have changed the ways in which consumers engage with brand content. Instagram has an interaction rate of 1.46% with an average of 130 million users monthly as opposed to Twitter, which has a .03% interaction rate with an average of 210 million monthly users. Unlike traditional media that are often cost-prohibitive to many companies, a social media strategy does not require significant financial investment. To this end, companies make use of platforms such as Facebook, Twitter, YouTube, TikTok and Instagram to reach audiences much wider than through traditional print, television, or radio advertisements alone at a fraction of the cost, as most social networking sites can be used at little or no cost (however, some websites charge companies for premium services). This has changed the ways that companies approach and interact with customers, as a substantial percentage of consumer interactions are now being carried out over online platforms with much higher visibility. Customers can post reviews of products and services, rate customer service, and ask questions or voice concerns directly to companies through social media platforms. According to Measuring Success, over 80% of consumers use the web to research products and services. Thus social media marketing is also used by businesses in order to build relationships of trust with consumers. To this aim, companies may hire personnel to specifically handle these social media interactions, who usually report under the title of online community managers. Handling these interactions in a satisfactory manner can result in an increase of consumer trust. To both this aim and to fix the public's perception of a company, three steps are taken in order to address consumer concerns: Identifying the extent of the social chatter Engaging the influencers to help Developing a proportional response == Strategies == === Passive approach === Social media can be a useful source of market information and a way to hear customers' perspectives. Blogs, content communities, and forums are platforms where individuals share their reviews and recommendations of brands, products, and services. Businesses are able to tap into and analyze customer voices and feedback generated in social media for marketing purposes. In this sense, social media is a relatively inexpensive source of market intelligence which can be used by marketers and managers to track and respond to consumer-identified problems and detect market opportunities. === Active approach === Social media can be used as a public relations tool, a direct marketing tool, and a communication channel to target very specific audiences, with social media influencers and social media personalities as effective customer engagement tools. This tactic is widely known as influencer marketing, which gives brands the opportunity to reach their target audience via a group of selected influencers advertising their product or service. Brands were projected to spend up to $15 billion on influencer marketing by 2022, per Business Insider Intelligence estimates, based on Mediakix data. The use of customer influencers, such as popular bloggers, can be an efficient and cost-effective method to launch new products or services. == Engagement == Engagement with the social web means that customers and stakeholders are active participants rather than passive spectators. An example of these are consumer advocacy groups and groups that criticize companies (e.g., lobby groups or advocacy organizations). The use of Social media in a business or political context allows people to express and share opinions about a company's products, services or business practices, or a government's actions. On social media, each participant becomes part of the marketing department (or a challenge to the marketing effort) as other customers read their comments or reviews. The effectiveness of social media marketing campaigns is dependent on the promotion of online engagement. With the advent of social media marketing, it has become increasingly important to gain customer interest in products and services, which can eventually be translated into buying behavior, or voting and donating behavior in a political context. New online marketing concepts of engagement and loyalty have emerged which aim to build customer participation and brand reputation. Engagement in social media for the purpose of a social media strategy is divided into two parts. The first is proactive, regular posting of new online content, which can be seen through digital photos, digital videos, text, and conversations. It is also represented through sharing of content and information from others via weblinks. The second part is reactive conversations, with social media users responding to those who reach out to others' social media profiles through comments or messages. == Campaigns == === Local businesses === Small businesses use social networking sites as a promotional technique. Businesses can follow individuals' social media usage in their local area and advertise specials and deals, which can be exclusive and in the form of "get a free drink with a copy of this tweet". This type of message encourages other locals to follow the business on their official websites in order to obtain the promotional deal. The business's brand visibility is enhanced in the process. Social networking sites are also used by small businesses to develop their own market research on new products and services. By encouraging their customers to give feedback on new product ideas, businesses can gain insights on whether or not a product may be accepted by their target market enough to merit full production. In addition, customers will feel the company has engaged them in the process of co-creation—the process in which the business uses customer feedback to create or modify a product or service to fill a need of the target market. Such feedback can be presented in various forms, such as surveys, contests, and polls. Social networking sites such as LinkedIn, also provide opportunities for small businesses to find candidates to fill staff positions. Review sites such as Yelp help small businesses build their reputation beyond brand visibility. Positive customer peer reviews help influence new prospects to purchase goods and services more than company advertising. == Benefits == Social Media Marketing allows companies to promote themselves to large, diverse audiences that could not be reached through traditional marketing such as phone and email-based advertising. Marketing on most social media platforms also comes at little to no cost, making it accessible to virtually any size business. Social Media Marketing accommodates personalized and direct marketing that targets specific demographics and markets. Companies can engage with customers directly, allowing them to obtain feedback and resolve issues almost immediately. Another advantage of social media marketing is that it's an ideal environment for a company to conduct market research. It can be used