A 2021 eruption in Iceland gave researchers rare and illuminating access to the mantle, one of the Earth's layers. From a report: What do you do when a volcano erupts for the first time in centuries? For many people on the southern peninsula in Iceland, when the Fagradalsfjall volcano went off in 2021 after 781 years of dormancy, the answer was to take pictures. As the eruption continued over the course of six months, tourists and locals traveled closer to the volcano to take even more. Red bursts flying out of a black pyramid; the viscous creep of flame. But this documentation only went so far. Some scientists wanted to know what was going on underneath the surface, miles deep, where light does not reach. There, the flowing rock works in ways that experts still cannot describe. So on the first day of the eruption, a helicopter flew out to the site and scooped up a bit of lava. Some samples were distributed to labs, which, after testing, sent back unexpected results: The lava was full of crystals.

Recently, with the help of similar samples gathered throughout the Fagradalsfjall eruption, steps have been taken toward characterizing the dynamics under the surface of the oceanic volcano. In a paper published in June in the journal Nature Communications, researchers who observed the chemical composition of the lava crystal samples collected over a six-month period found that they contained a wide range of material from different parts of the mantle, the amalgamate layer between the Earth's crust and core. This kind of variation was unexpected, and it painted a more vivid picture of what contributes to volcanic eruptions. "We have a really detailed record of the different types of composition that we can find in the mantle now, and it must be very heterogeneous, very variable," said Frances Deegan, a volcanologist at Uppsala University in Sweden, and a co-author of the paper. Compositionally, the Fagradalsfjall lava was primitive, meaning it came from a deep reservoir of magma, or underground lava, not a shallow reservoir in the Earth's crust. Noticing this, researchers, including Ed Marshall, a geochemist at the University of Iceland, sprinted to gather more samples as the lava continued to spew out of vents. "We were working all hours -- you're asleep and the volcano's still erupting and you're like, 'I got to get back out there,'" said Dr. Marshall. "But it's hard to describe how rare this kind of thing is."

Fagradalsfjall exists at a confluence of fault lines along a boundary between the Eurasian and North American tectonic plates, a point where they are both pulling apart and rubbing against each other. Geological records show that there has been periodic volcanic activity in the region about every thousand years, and this most recent fissure was preceded by more than a year of earthquakes. Olafur Flovenz, director of the Iceland GeoSurvey, recently published a paper with colleagues that suggests this activity was not caused by a body of magma accumulating in the crust, but from carbon dioxide released by deeper magma pooling between the mantle and the crust, in a region called the Mohorovicic discontinuity, or moho. Usually, volcanic eruptions occur when lots of small magma flows mix together. "This mixing process is an essential geologic process, but it's never been directly observed," said Dr. Marshall. It occurs so deep under the surface and many of the chemical signatures of individual flows are lost as the magma moves up through the crust. But when Fagradalsfjall erupted in 2021, the molten rock and crystals that shot up to the surface came directly from the moho.

An anonymous reader quotes a report from Ars Technica: Federal Communications Commission Chairwoman Jessica Rosenworcel has ordered mobile carriers to explain what geolocation data they collect from customers and how they use it. Rosenworcel's probe could be the first step toward stronger action -- but the agency's authority in this area is in peril because Congress is debating a data privacy law that could preempt the FCC from regulating carriers' privacy practices.

Rosenworcel sent letters of inquiry Tuesday "to the top 15 mobile providers," the FCC announced. The chairwoman's letters asked carriers "about their policies around geolocation data, such as how long geolocation data is retained and why and what the current safeguards are to protect this sensitive information," the FCC said. The letters also "probe carriers about their processes for sharing subscriber geolocation data with law enforcement and other third parties' data-sharing agreements. Finally, the letters ask whether and how consumers are notified when their geolocation information is shared with third parties," the FCC said. "Mobile Internet service providers are uniquely situated to capture a trove of data about their own subscribers, including the subscriber's actual identity and personal characteristics, geolocation data, app usage, and web browsing data and habits," the letters say. Under US communications law, carriers are prohibited from using or sharing private information except under specific circumstances. Rosenworcel told carriers to answer the questions by August 3.

[...] Among other things, Rosenworcel's letters ask carriers to describe in detail the geolocation data they collect and retain from customers, to explain why such data is retained for current and former subscribers, how long the data is retained for, a description of safeguards used to protect the data, and what country or countries the geolocation data is stored in. The letters also ask for details regarding how data retention policies are disclosed to subscribers, data deletion policies, and whether subscribers can opt out of data retention. A second list of questions focused on data sharing asks for each carrier's "process and policies for sharing subscriber geolocation data with law enforcement;" for descriptions of "the arrangements, agreements, and circumstances in which [the carrier] shares subscriber geolocation data with third parties that are not law enforcement;" and whether subscribers are "notified of the sharing of their geolocation information with third parties that are not law enforcement." The data-sharing section also probes whether the carriers let customers opt out of programs that share data with third parties. Because geolocation data is highly sensitive and can be combined with other types of data, "the ways in which this data is stored and shared with third parties is of utmost importance to consumer safety and privacy," Rosenworcel told carriers in the letters. Further reading: Homeland Security Records Show 'Shocking' Use of Phone Data, ACLU Says

An anonymous reader quotes a report from Ars Technica: A security firm and the US government are advising the public to immediately stop using a popular GPS tracking device or to at least minimize exposure to it, citing a host of vulnerabilities that make it possible for hackers to remotely disable cars while they're moving, track location histories, disarm alarms, and cut off fuel. An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720, a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other Micodus tracker models. The China-based manufacturer says 1.5 million of its tracking devices are deployed across 420,000 customers. BitSight found the device in use in 169 countries, with customers including governments, militaries, law enforcement agencies, and aerospace, shipping, and manufacturing companies.

BitSight discovered (PDF) what it said were six "severe" vulnerabilities in the device that allow for a host of possible attacks. One flaw is the use of unencrypted HTTP communications that makes it possible for remote hackers to conduct adversary-in-the-middle attacks that intercept or change requests sent between the mobile application and supporting servers. Other vulnerabilities include a flawed authentication mechanism in the mobile app that can allow attackers to access the hardcoded key for locking down the trackers and the ability to use a custom IP address that makes it possible for hackers to monitor and control all communications to and from the device.

The vulnerabilities include one tracked as CVE-2022-2107, a hardcoded password that carries a severity rating of 9.8 out of a possible 10. Micodus trackers use it as a master password. Hackers who obtain this passcode can use it to log in to the web server, impersonate the legitimate user, and send commands to the tracker through SMS communications that appear to come from the GPS user's mobile number. With this control, hackers can: Gain complete control of any GPS tracker; Access location information, routes, geofences, and track locations in real time; Cut off fuel to vehicles; and Disarm alarms and other features. A separate vulnerability, CVE-2022-2141, leads to a broken authentication state in the protocol the Micodus server and the GPS tracker use to communicate. Other vulnerabilities include a hardcoded password used by the Micodus server, a reflected cross-site scripting error in the Web server, and an insecure direct object reference in the Web server. The other tracking designations include CVE-2022-2199, CVE-2022-34150, CVE-2022-33944. The U.S. Cybersecurity and Infrastructure Security Administration is also warning about the risks posed by the critical security bugs. "Successful exploitation of these vulnerabilities could allow an attacker control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff commands, and the disarming of various features (e.g., alarms)," agency officials wrote.

According to a new report from The Washington Post, congressional Democrats are expected to introduce a new bill codifying net neutrality in the coming weeks. The Verge reports: The Net Neutrality and Broadband Justice Act -- spearheaded by longtime Senate internet advocates Ed Markey (D-MA) and Ron Wyden (D-OR) -- would reclassify broadband as a telecommunications service under Title II. This would give the Federal Communications Commission new enforcement powers over the internet, including the power to set rules against throttling, blocking, or paid prioritization. [...] The lawmakers could introduce the bill as early as August, a source familiar told The Verge on Monday. The measure would restore the FCC's authority over broadband and allow the agency to investigate consumer complaints and roll out new rules to promote broadband competition and close the digital divide, the source said.

In 2017, the Trump FCC, led by former chair Ajit Pai, rolled back the net neutrality provisions put in place under the former administration. The rules banned broadband providers from throttling and blocking certain lanes of traffic and offering paid fast lanes for specific services. Since the Trump reversal, congressional Democrats have vowed to codify net neutrality permanently. [...] Without an FCC Democratic majority, Markey's net neutrality bill may be the Biden administration's only means of reinstating the open internet regulations.

Russia has hit Google with a $373 million fine for failing to restrict access to "prohibited" material about the war in Ukraine and other content. The BBC reports: Roskomnadzor, the country's communications regulator, said the information included "fake" reports that discredited Russia's military and posts urging people to protest. It called the US tech giant a "systematic" violator of its laws. Google did not comment immediately.

The company's local subsidiary declared bankruptcy last month. The move came after Russian authorities seized its local bank account, allowing them to recover 7.2bn roubles that the firm had been ordered to pay for similar reasons last year. [...] The fine announced on Monday, which was calculated as a share of the firm's local revenue, marks the biggest penalty ever imposed on a tech company in Russia, according to state media.

The Washington Post reports: In the frantic first weeks of Russia's invasion of Ukraine, the U.S. tech companies that control the world's largest information hubs sprang into action. Responding to pressure from Western governments, social media apps such as Facebook, Instagram and YouTube banned or throttled Russian state media accounts, beefed up their fact-checking operations, curtailed ad sales in Russia and opened direct lines to Ukrainian officials, inviting them to flag Russian disinformation and propaganda to be taken down.

As the war grinds toward its sixth month, however, Russian propaganda techniques have evolved — and the tech firms haven't kept up.

Ukrainian officials who have flagged thousands of tweets, YouTube videos and other social media posts as Russian propaganda or anti-Ukrainian hate speech say the companies have grown less responsive to their requests to remove such content. New research shared with The Washington Post by a Europe-based nonprofit initiative confirms that many of those requests seem to be going unheeded, with accounts parroting Kremlin talking points, spewing anti-Ukrainian slurs or even impersonating Ukrainian officials remaining active on major social networks. As a result, researchers say, Kremlin-backed narratives are once again propagating across Europe, threatening to undermine popular support for Ukraine in countries that it views as critical to its defense....

With big state media accounts suspended or muffled, researchers say Russian leaders and influencers have shifted to the semiprivate messaging app Telegram to direct information campaigns via swarms of smaller accounts.
The Post reports that Google-owned YouTube hasn't returned emails for almost two months, according to the deputy head of the Ukrainian government's Strategic Communications and Information Security center. And the Post notes that researchers found LinkedIn "removed fewer than half of the posts that Ukrainian officials flagged as examples of Russian propaganda justifying the war....

"On the positive side, the researchers found that Facebook had removed all 98 of the posts the Ukrainian government and its partners flagged as containing anti-Ukrainian hate speech, though many of the accounts responsible remained active."

"NASA astronauts will go back to riding Russian rockets under an agreement announced Friday," reports the Associated Press, "and Russian cosmonauts will catch lifts to the International Space Station with SpaceX beginning this fall." The agreement ensures that the space station will always have at least one American and Russian on board to keep both sides of the orbiting outpost running smoothly, according to NASA and Russian officials. The swap had long been in the works and was finalized despite tensions over Moscow's war in Ukraine, a sign of continuing Russia-U.S. cooperation in space....

No money will exchange hands under the agreement, according to NASA....

Friday's news came just hours after the blustery chief of the Russian space agency, Dmitry Rogozin, was replaced by President Vladimir Putin, although the move did not appear to have any connection to the crew swap. Rogozin was expected to be given a new post.
CBS News explains the NASA-Roscosmos agreement: "The station was designed to be interdependent and relies on contributions from each space agency to function," the NASA statement said. "No one agency has the capability to function independent of the others..."

Russia provides the propellant and thrusters, either on the station or visiting Progress cargo ships, to change the station's orbit and offset the effects of atmospheric drag. NASA provides the bulk of the lab's electrical power, the massive gyroscopes that help maintain the station's orientation and a station-wide computer and communications network.

Russian cosmonauts are not trained to operate U.S. systems and vice versa, meaning at least one astronaut and one cosmonaut must be aboard at all times. If either side pulled out, the other likely would have to depart as well, or quickly come up with alternative systems.
"NASA wants to operate the space station through 2030," adds CBS, "but Russian cooperation is required. And it's not yet known whether Russia will go along."

Chat service Omegle is on the hook for a lawsuit after its matching system paired an 11-year-old girl with a man who then sexually abused her. A district judge in Portland, Oregon, said the company's system wasn't protected by the legal shield that covers much user-generated content. From a report: The case isn't concluded, but it opens the door to more prosecutions based on how a platform designs its services. The legal complaint, filed late last year, alleges that Omegle's service was defective and falsely represented. It's a common strategy that's often failed in court before, including with Grindr in a harassment case, typically due to the legal protections of Section 230 of the Communications Decency Act. This time, however, Judge Michael Mosman determined that the lawsuit targeted functions specifically designed by Omegle rather than speech by other users on the platform.

The Washington Post shares details from "a trove of more than 124,000 previously undisclosed Uber records." For example, in 2015 Uber CEO Travis Kalanick often pulled an emergency kill switch on its data — that is, "ordered the computer systems in Amsterdam cut off from Uber's internal network, making data inaccessible to authorities as they raided its European headquarters, documents show." "Please hit the kill switch ASAP," Kalanick had emailed, ordering a subordinate to block the office laptops and other devices from Uber's internal systems. "Access must be shut down in AMS," referring to Amsterdam. Uber's use of what insiders called the "kill switch" was a brazen example of how the company employed technological tools to prevent authorities from successfully investigating the company's business practices as it disrupted the global taxi industry, according to the documents.

During this era, as Uber's valuation was surging past $50 billion, government raids occurred with such frequency that the company distributed a Dawn Raid Manual to employees on how to respond. It ran more than 2,600 words with 66 bullet points. They included "Move the Regulators into a meeting room that does not contain any files" and "Never leave the Regulators alone."

That document, like the text and email exchanges related to the Amsterdam raid, are part of the Uber Files, an 18.7-gigabyte trove of data obtained by the Guardian and shared with the International Consortium of Investigative Journalists, a nonprofit newsroom in Washington that helped lead the project, and dozens of other news organizations, including The Washington Post. The files, spanning 2013 to 2017, include 83,000 emails and other communications, presentations and direct messages. They show that Uber developed extensive systems to confound official inquiries, going well past what has been known about its efforts to trip up regulators, government inspectors and police. Far from simply developing software to connect drivers and customers seeking rides, Uber leveraged its technological capabilities in many cases to gain a covert edge over authorities....

According to the documents and interviews with former employees, the company used a program called Greyball to keep authorities from hailing cars — and potentially impounding them and arresting their drivers. It used a technology called "geofencing" that, based on location data, blocked ordinary use of the app near police stations and other places where authorities might be working. And it used corporate networking management software to remotely cut computers' access to network files after they had been seized by authorities.... Greyball was created as a fraud-fighting tool to limit scammers' access to the app, a former executive said, and was at times used to frustrate violent Uber opponents hunting drivers. But Uber operations executives took control of the program and redeployed it against the government, former employees said.
The International Consortium of Investigative Journalists describes their trove of documents as "the secret story of how the tech giant won access to world leaders, cozied up to oligarchs and dodged taxes amid chaotic global expansion."

Earlier this week, long-time Slashdot reader ThinkPad760 wrote: How is this not news everywhere?

KDDI, Japan's 2nd largest mobile phone provider and carrier to multiple critical government agencies — including the weather service — failed for 86 hours. After failing to inform users and the government about the problems, questions are starting to be asked.
Japan's government "will set up an expert panel to compile measures to prevent a recurrence," reports Japan Today, citing Japan's Internal Affairs and Communications Minister. The network failure occurred when a router for voice calls was replaced during regular maintenance, with repair work triggering a concentration of traffic that led the company to reduce user access. During that time, the carrier experienced a cascade of technical problems that further prolonged the connection difficultie
40 million users were affected by the outage, Reuters reports — adding that it's not the first time for something like this: Japan's three big telcos have all had widespread network failures in recent years. NTT Docomo's [29-hour] outage last October affected 12.9 customers, while disruption to SoftBank Corp's network in late 2018 cast a shadow over its bumper public listing.

An anonymous reader quotes a report from Axios: The Federal Communications Commission on Thursday told carriers to stop delivering those annoying auto warranty robocalls and said it has launched a formal investigation. The scam has resulted in more than 8 billion unwanted and possibly illegal phone calls. It has been the top consumer robocall complaint for the past two years.

The FCC said it is working with a number of other agencies, including the Ohio attorney general, which is suing Roy Cox, Jr., Aaron Michael Jones, their Sumco Panama companies and other international associates said to be a part of the scam. The agency's enforcement bureau said it sent cease-and-desist letters to Call Pipe, Fugle Telecom, Geist Telecom, Global Lynks, Mobi Telecom, South Dakota Telecom, SipKonnect and Virtual Telecom to warn them to stop carrying this suspicious robocall traffic within 48 hours. The FCC said that its inquiry shows that the operation is still generating millions of apparently unlawful calls to consumers on a daily basis.

An anonymous reader quotes a report from Ars Technica: An Ohio man created a fake broadband provider in order to scam low-income consumers who thought they were getting government-funded discounts on Internet service and devices, according to the Federal Communications Commission. In a Notice of Apparent Liability for Forfeiture released Friday, the FCC proposed a fine of $220,210 against alleged scammer Kyle Traxler. Traxler created an entity called Cleo Communications that sought authorization to be a provider in the FCC's Emergency Broadband Benefit (EBB) program, which provided $50 monthly discounts on Internet service and discounts for devices. "Cleo apparently existed for the sole purpose of taking financial advantage of customers under the disguise of being a legitimate EBB Program provider," the FCC notice said. "Cleo Communications has had no business activity outside of the EBB Program and no other business purpose."

The FCC began investigating after receiving complaints from consumers in at least eight states who ordered devices and/or "hotspot service." In some cases, consumers said that Cleo threatened to sue them after they asked for refunds for items and service they didn't receive. Cleo's terms of service stated that it never issues refunds and that attempting to get refunds via bank chargebacks is a "breach of contract," according to the FCC. The FCC said it got no response to a subpoena it issued to Traxler and Cleo in December 2021. The now-discontinued EBB program and its replacement, the $30-per-month Affordable Connectivity Program, have provided money directly to participating broadband providers that offer monthly discounts. Some forms of telecom fraud involve the use of fictitious, ineligible, or duplicate customers to obtain payments from FCC programs, but the FCC said Traxler instead scammed consumers directly...

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission has received more than 90,000 comments from Starlink users urging the agency to side with SpaceX in a spectrum battle against Dish Network. The comments were all submitted since last week when SpaceX asked Starlink customers to weigh in on an FCC proceeding that seeks public input on the "feasibility of allowing mobile services in the 12.2-12.7 GHz band while protecting incumbents from harmful interference." Dish wants to use the 12 GHz band for mobile service and says that sharing the spectrum wouldn't significantly degrade satellite broadband. SpaceX says the plan would cause "harmful interference [to Starlink users] more than 77 percent of the time and total outage of service 74 percent of the time, rendering Starlink unusable for most Americans." The satellite downlink band used by Starlink extends from 10.7 GHz to 12.7 GHz. SpaceX says it uses most of that but not the 10.7-10.95 GHz portion because it's adjacent to radio astronomy systems.

The Starlink email was sent to users on June 28. There were a little more than 200 comments in the 18-month-old proceeding's docket at that time, mostly from satellite or telecom companies and lobbyist or advocacy groups. Since then, the comments appear to come almost entirely from people submitting SpaceX's pre-written message, in some cases unaltered and in others with the commenter's opinions or personal experiences using Starlink added in. Many Starlink users told the FCC they live in rural parts of the US and have no other viable broadband options. It's possible a single person can file multiple comments under different names, but it's clear that the SpaceX plea resulted in an outpouring of support from people who use Starlink.

The pace of commenting hasn't slowed down in recent days. PCMag reported on Tuesday that the "SpaceX petition protesting Dish Network has resulted in 70,000 Starlink users bombarding the FCC with messages urging the US regulator to protect the satellite Internet system." There are now more than 95,700 comments in the docket. The official comment period on the 12 GHz question came and went last year, but the agency hasn't ruled on the proceeding yet. Starlink users can send comments to the FCC via this webpage set up by SpaceX.

The FBI operation in which the agency intercepted messages from thousands of encrypted phones around the world was powered by cobbled together code. From a report: Motherboard has obtained that code and is now publishing sections of it that show how the FBI was able to create its honeypot. The code shows that the messages were secretly duplicated and sent to a "ghost" contact that was hidden from the users' contact lists. This ghost user, in a way, was the FBI and its law enforcement partners, reading over the shoulder of organized criminals as they talked to each other.

Last year, the FBI and its international partners announced Operation Trojan Shield, in which the FBI secretly ran an encrypted phone company called Anom for years and used it to hoover up tens of millions of messages from Anom users. Anom was marketed to criminals, and ended up in the hands of over 300 criminal syndicates worldwide. The landmark operation has led to more than 1,000 arrests including alleged top tier drug traffickers and massive seizures of weapons, cash, narcotics, and luxury cars. Motherboard has obtained this underlying code of the Anom app and is now publishing sections of it due to the public interest in understanding how law enforcement agencies are tackling the so-called Going Dark problem, where criminals use encryption to keep their communications out of the hands of the authorities. The code provides greater insight into the hurried nature of its development, the freely available online tools that Anom's developers copied for their own purposes, and how the relevant section of code copied the messages as part of one of the largest law enforcement operations ever.

An anonymous reader quotes a report from The Guardian: Researchers have created cloned mice from freeze dried skin cells in a world first that aims to help conservationists revive populations of endangered species. The breakthrough paves the way for countries to store skin cells from animals as an insurance policy, as the cells can be used to create clones that boost the species' genetic diversity if they become threatened with extinction in the future. While scientists have used frozen cells to produce clones for conservation projects, the cells are kept in liquid nitrogen which is expensive and risky: if there are power outages or the liquid nitrogen is not regularly topped up, the cells melt and become unusable. Freeze dried sperm can also be used to create clones, but cannot be obtained from all animals.

In the latest work, researchers froze dried skin cells from mouse tails and stored them for up to nine months before trying to create clones from them. The freeze-drying processes killed the cells, but the scientists found they could still create early stage cloned embryos by inserting the dead cells into mouse eggs that had their own nuclei removed. These early stage mouse embryos, known as blastocysts, were used to create stocks of stem cells that were put through another round of cloning. The stem cells were inserted into mouse eggs emptied of their own nuclei, leading to embryos that surrogate mice carried to term. The first cloned mouse, named Dorami after a melon bread-loving robot in the Doraemon Manga series, was followed by 74 more. To check whether the clones had healthy fertility, nine females and three males were bred with normal mice. All the females went on to have litters.

Despite the achievement, the process is inefficient -- freeze drying damaged DNA in the skin cells -- and the success rate for creating healthy female and male mouse pups was only 0.2 to 5.4%. In some of the cells, the Y chromosome was lost, leading to female mice being born from cells obtained from male animals. "If the same treatment could be performed in endangered species where only males survived, it would be possible to produce females and naturally preserve the species, the authors write in Nature Communications.

On Tuesday Brendan Carr, a commissioner on America's Federal Communications Commission,warned on Twitter that TikTok, owned by China-based company ByteDance, "doesn't just see its users dance videos: It collects search and browsing histories, keystroke patterns, biometric identifiers, draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device's clipboard. Tiktok's pattern of misrepresentations coupled with its ownership by an entity beholden to the Chinese Community Party has resulted in U.S. military branches and national security agencies banning it from government devices.... The CCP has a track record longer than a CVS receipt of conducting business & industrial espionage as well as other actions contrary to U.S. national security, which is what makes it so troubling that personnel in Beijing are accessing this sensitive and personnel data.
Today CNN interviewed Carr, while also bringing viewers an update. TikTok's China-based employees accessed data on U.S. TikTok users, BuzzFeed had reported — after which TikTok announced it intends to move backup data to servers in the U.S., allowing them to eventually delete U.S. data from their servers. But days later Republican Senator Blackburn was still arguing to Bloomberg that "Americans need to know if they are on TikTok, communist China has their information."

And FCC commissioner Carr told CNN he remains suspicious too: Carr: For years TikTok has been asked directly by U.S. lawmakers, 'Is any information, any data, being accessed by personnel back in Beijing?' And rather than being forthright and saying 'Yes, and here's the extent of it and here's why we don't think it's a problem,' they've repeatedly said 'All U.S. user data is stored in the U.S.," leaving people with the impression that there's no access.... This recent bombshell reporting from BuzzFeed shows at least some of the extent to which massive amounts of data has allegedy been going back to Beijing.

And that's a problem, and not just a national security problem. But to me it looks like a violation of the terms of the app store, and that's why I wrote a letter to Google and Apple saying that they should remove TikTok and boot them out of the app store... I've left them until July 8th to give me a response, so we'll see what they say. I look forward to hearing from them. But there's precedence for this. Before when applications have taken data surreptitiously and put it in servers in China or otherwise been used for reasons other than servicing the application itself, they have booted them from the app store. And so I would hope that they would just apply the plain terms of their policy here.
When CNN points out the FCC doesn't have jurisdiction over social media, Carr notes "speaking for myself as one member" they've developed "expertise in terms of understanding how the CCP can effectively take data and infiltrate U.S. communications' networks. And he points out that the issue is also being raised by Congressional hearings and by Republican and Democrat Senators signing joint letters together, so "I'm just one piece of a broader federal effort that's looking at the very serious risks that come from TikTok." Carr: At the end of the day, it functions as sophisticated surveillance tool that is harvesting vast amounts of data on U.S. users. And I think TikTok should answer point-blank, has any CCP member obtained non-public user data or viewed it. Not to answer with a dodge, and say they've never been asked for it or never received a request. Can they say no, no CCP member has ever seen non-public U.S. user data.
Carr's appearance was followed by an appearance by TikTok's VP and head of public policy for the Americas. But this afternoon Carr said on Twitter that TikTok's response contradicted its own past statements: Today, a TikTok exec said it was "simply false" for me to say that they collect faceprints, browsing history, & keystroke patterns.

Except, I was quoting directly from TikTok's own disclosures.

TikTok's concerning pattern of misrepresentations about U.S. user data continues.

Long-time Slashdot reader waspleg shares a thought-provoking article from Popular Mechanics: Does reality exist, or does it take shape when an observer measures it? Akin to the age-old conundrum of whether a tree makes a sound if it falls in a forest with no one around to hear it, the above question remains one of the most tantalizing in the field of quantum mechanics, the branch of science dealing with the behavior of subatomic particles on the microscopic level.... Now, scientists from the Federal University of ABC (UFABC) in the São Paulo metropolitan area in Brazil are adding fuel to the suggestion that reality might be "in the eye of the observer."

In their new research, published in the journal Communications Physics in April, the scientists in Brazil attempted to verify the "complementarity principle" the famous Danish physicist Niels Bohr proposed in 1928. It states that objects come with certain pairs of complementary properties, which are impossible to observe or measure at the same time, like energy and duration, or position and momentum. For example, no matter how you set up an experiment involving a pair of electrons, there's no way you can study the position of both quantities at the same time: the test will illustrate the position of the first electron, but obscure the position of the second particle (the complementary particle) at the same time....

"We used nuclear magnetic resonance techniques similar to those used in medical imaging," Roberto M. Serra, a quantum information science and technology researcher at UFABC, who led the experiment, tells Popular Mechanics. Particles like protons, neutrons, and electrons all have a nuclear spin, which is a magnetic property analogous to the orientation of a needle in a compass. "We manipulated these nuclear spins of different atoms in a molecule employing a type of electromagnetic radiation. In this setup, we created a new interference device for a proton nuclear spin to investigate its wave and particle reality in the quantum realm," Serra explains. "This new arrangement produced exactly the same observed statistics as previous quantum delayed-choice experiments," Pedro Ruas Dieguez, now a postdoctoral research fellow at the International Centre for Theory of Quantum Technologies (ICTQT) in Poland, who was part of the study, tells Popular Mechanics. "However, in the new configuration, we were able to connect the result of the experiment with the way waves and particles behave in a way that verifies Bohr's complementarity principle," Dieguez continues.

The main takeaway from the April 2022 study is that physical reality in the quantum world is made of mutually exclusive entities that, nonetheless, do not contradict but complete each other.
Stephen Holler, an associate professor of physics at Fordham University, tells Popular Mechanics that the study underscores a famous observation by Richard Feynman: "If you think you understand quantum mechanics, you don't understand quantum mechanics."

Reuters shares the results of its investigation into what it calls "mercenary hackers": Reuters identified 35 legal cases since 2013 in which Indian hackers attempted to obtain documents from one side or another of a courtroom battle by sending them password-stealing emails. The messages were often camouflaged as innocuous communications from clients, colleagues, friends or family. They were aimed at giving the hackers access to targets' inboxes and, ultimately, private or attorney-client privileged information.

At least 75 U.S. and European companies, three dozen advocacy and media groups and numerous Western business executives were the subjects of these hacking attempts, Reuters found.

The Reuters report is based on interviews with victims, researchers, investigators, former U.S. government officials, lawyers and hackers, plus a review of court records from seven countries. It also draws on a unique database of more than 80,000 emails sent by Indian hackers to 13,000 targets over a seven-year period. The database is effectively the hackers' hit list, and it reveals a down-to-the-second look at who the cyber mercenaries sent phishing emails to between 2013 and 2020.... The targets' lawyers were often hit, too. The Indian hackers tried to break into the inboxes of some 1,000 attorneys at 108 different law firms, Reuters found....

"It is an open secret that there are some private investigators who use Indian hacker groups to target opposition in litigation battles," said Anthony Upward, managing director of Cognition Intelligence, a UK-based countersurveillance firm.

The legal cases identified by Reuters varied in profile and importance. Some involved obscure personal disputes. Others featured multinational companies with fortunes at stake. From London to Lagos, at least 11 separate groups of victims had their emails leaked publicly or suddenly entered into evidence in the middle of their trials. In several cases, stolen documents shaped the verdict, court records show.
Reuters spoke to email experts including Linkedin, Microsoft and Google to help confirm the authenticity of the data they'd received, and reports that one high-profile victim was WeWork co-founder Adam Neumann. (After Reuters told him he'd been targetted starting in 2017, Neumann hired a law firm.) "Reuters reached out to every person in the database — sending requests for comment to each email address — and spoke to more than 250 individuals. Most of the respondents said the attempted hacks revealed in the email database occurred either ahead of anticipated lawsuits or as litigation was under way."

America's FBI has been investigating the breachers since at least early 2018, Reuters reports, adding that pressure is now increasing on private eyes who acted as go-betweens for interested clients.

Meanwhile, Reuters found former employees of the mercenary firms, who told them that the firms employed dozens of workers — though "a month's salary could be as low as 25,000 rupees (then worth about $370), according to two former workers and company salary records...

"Asked about the hacker-for-hire industry, an official with India's Ministry of Justice referred Reuters to a cybercrime hotline, which did not respond to a request for comment."

The Federal Communications Commission authorized SpaceX to provide Starlink satellite internet to vehicles in motion, a key step for Elon Musk's company to further expand the service. CNBC reports: "Authorizing a new class of [customer] terminals for SpaceX's satellite system will expand the range of broadband capabilities to meet the growing user demands that now require connectivity while on the move, whether driving an RV across the country, moving a freighter from Europe to a U.S. port, or while on a domestic or international flight," FCC international bureau chief Tom Sullivan wrote in the authorization posted Thursday.

The FCC's authorization also includes connecting to ships and vehicles like semitrucks and RVs, with SpaceX having last year requested to expand from servicing stationary customers. SpaceX had already deployed a version of its service called "Starlink for RVs," with an additional "portability" fee. But portability is not the same as mobility, which the FCC's decision now allows. The FCC imposed conditions on in-motion Starlink service. SpaceX is required to "accept any interference received from both current and future services authorized," and further investment in Starlink will "assume the risk that operations may be subject to additional conditions or requirements" from the FCC. The report notes that the ruling "did not resolve a broader SpaceX regulatory dispute with Dish Network and RS Access, an entity backed by billionaire Michael Dell, over the use of 12-gigahertz band -- a range of frequency used for broadband communications." SpaceX is pushing for the regulator to make a ruling, saying the mobile service "would cause harmful interference to SpaceX's Starlink terminals in the 12.2-12.7 GHz band more than 77% of the time."

A leader of the U.S. Federal Communications Commission said he has asked Apple and Google to remove TikTok from their app stores over China-related data security concerns. CNBC reports: The wildly popular short video app is owned by Chinese company ByteDance, which faced U.S. scrutiny under President Donald Trump. Brendan Carr, one of the FCC's commissioners, shared via Twitter a letter to Apple CEO Tim Cook and Alphabet CEO Sundar Pichai. The letter pointed to reports and other developments that made TikTok non-compliant with the two companies' app store policies.

"TikTok is not what it appears to be on the surface. It is not just an app for sharing funny videos or meme. That's the sheep's clothing," he said in the letter. "At its core, TikTok functions as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data." Carr's letter, dated June 24 on FCC letterhead, said if the Apple and Alphabet do not remove TikTok from their app stores, they should provide statements to him by July 8. The statements should explain "the basis for your company's conclusion that the surreptitious access of private and sensitive U.S. user data by persons located in Beijing, coupled with TikTok's pattern of misleading representations and conduct, does not run afoul of any of your app store policies," he said. A TikTok spokesperson told BuzzFeed News in a statement: "We know we're among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data. That's why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses."