AmiMoJo shares a report: NBC (and the other broadcasters) provides copies of its shows to YouTube's Content ID filter, which is supposed to protect copyright by blocking uploads of videos that match ones in its database of claimed videos. That means that if you own the copyright to something that is aired on NBC, any subsequent attempts by you or your fans to upload your work will be blocked as copyright infringements, and could cost you your YouTube account. The latest casualty of this is the video game Beat Saber. Jimmy Fallon played part of one of Beat Saber's levels, and so no one else cold upload their own gameplay of that level to YouTube without being accused of copyright infringement and blocked. After a lot of fast work by Beat Saber, they managed to get the ban lifted.

The addresses and demographic details of more than 80 million US households were exposed on an unsecured database stored on the cloud, independent security researchers have found. From a report: The details listed included names, ages and genders as well as income levels and marital status. The researchers, led by Noam Rotem and Ran Locar, were unable to identify the owner of the database, which until Monday was online and required no password to access. Some of the information was coded, like gender, marital status and income level. Names, ages and addresses were not coded. The data didn't include payment information or Social Security numbers. The 80 million households affected make up well over half of the households in the US, according to Statista. "I wouldn't like my data to be exposed like this," Rotem said in an interview with CNET. "It should not be there." Rotem and his team verified the accuracy of some data in the cache but didn't download the data in order to minimize the invasion of privacy of those listed, he said.

An anonymous reader shares a report: A boarding technology for travelers using JetBlue is causing controversy due to a social media thread on the airline's use of facial recognition. Last week, traveler MacKenzie Fegan described her experience with the biometric technology in a social media post that got the attention of JetBlue's official account. She began: "I just boarded an international @JetBlue flight. Instead of scanning my boarding pass or handing over my passport, I looked into a camera before being allowed down the jet bridge. Did facial recognition replace boarding passes, unbeknownst to me? Did I consent to this?" JetBlue was ready to offer Twitterized sympathy: "You're able to opt out of this procedure, MacKenzie. Sorry if this made you feel uncomfortable."

But once you start thinking about these things, your thoughts become darker. Fegan wanted to know how JetBlue knew what she looked like. JetBlue explained: "The information is provided by the United States Department of Homeland Security from existing holdings." Fegan wondered by what right a private company suddenly had her bioemtric data. JetBlue insisted it doesn't have access to the data. It's "securely transmitted to the Customs and Border Protection database." Fegan wanted to know how this could have possibly happened so quickly. Could it be that in just a few seconds her biometric data was whipped "securely" around government departments so that she would be allowed on the plane? JetBlue referred her to an article on the subject, which was a touch on the happy-PR side. Fegan was moved, but not positively, by the phrase "there is no pre-registration required."

A popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks. From a report: The app, downloaded by thousands of users, allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use. That database of more than two million network passwords, however, was left exposed and unprotected, allowing anyone to access and download the contents in bulk. Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch. We spent more than two weeks trying to contact the developer, believed to be based in China, to no avail. Eventually we contacted the host, DigitalOcean, which took down the database within a day of reaching out. "We notified the user and have taken the [server] hosting the exposed database offline," a spokesperson told TechCrunch.

The European Parliament voted last week to interconnect a series of border-control, migration, and law enforcement systems into a gigantic, biometrics-tracking, searchable database of EU and non-EU citizens. From a report: This new database will be known as the Common Identity Repository (CIR) and is set to unify records on over 350 million people. Per its design, CIR will aggregate both identity records (names, dates of birth, passport numbers, and other identification details) and biometrics (fingerprints and facial scans), and make its data available to all border and law enforcement authorities.

Its primary role will be to simplify the jobs of EU border and law enforcement officers who will be able to search a unified system much faster, rather than search through separate databases individually. "The systems covered by the new rules would include the Schengen Information System, Eurodac, the Visa Information System (VIS) and three new systems: the European Criminal Records System for Third Country Nationals (ECRIS-TCN), the Entry/Exit System (EES) and the European Travel Information and Authorisation System (ETIAS)," EU officials said last week.

Records for potentially tens of thousands of patients seeking treatment at several addiction rehabilitation centers were exposed in an unsecured online database, an independent researcher revealed Friday. From a report: The 4.91 million documents included patients' names, as well as details of the treatments they received, according to Justin Paine, the researcher. Each patient had multiple records in the database, and Paine estimates that the records may cover about 145,000 patients. Paine notified the main treatment center, as well as the website hosting company, when he discovered the database. The data has since been made unavailable to the public. Paine found the data by typing keywords into the Shodan search engine that indexes servers and other devices that connect to the internet.

"Given the stigma that surrounds addiction this is almost certainly not information the patients want easily accessible," Paine said in a blog post that he shared with CNET ahead of publication. Paine hunts for unsecured databases in his free time. His day job is head of trust and safety at web security company Cloudflare. The find is the latest example of a widespread problem: Any organization can easily store customer data on cloud-based services now, but few have the expertise to set them up securely. As a result, countless unsecured databases sit online and can be found by anyone with a few search skills. Many of those databases are full of sensitive personal data.

Canonical today announced the release of Ubuntu 19.04 "Disco Dingo." With Linux 5.0 and GNOME 3.32, Disco Dingo features performance improvements and visual tweaks. Whether or not you upgrade, Disco Dingo lays the groundwork for future long term support releases of Ubuntu. From a report: Keep in mind, version 19.04 is not LTS (Long Term Support), meaning it is only supported until January 2020. "Ubuntu 19.04 introduces GNOME 3.32 with higher frame rates, smoother startup animations, quicker icon load times and reduced CPU+GPU load. Fractional scaling for HiDPI screens is now available in X-org and Wayland. Installing Ubuntu on VMWare will automatically install open-vm-tools for bi-directional clipboard, easy sharing of files and graceful power state management," says Canonical. The Ubuntu-maker further says, "In Ubuntu 19.04, multiple instances of the same snap can be installed for CI/CD, testing or phased rollouts. For example, two versions of a database or two versions of the golang compiler can be installed at the same time. Snap epochs control when and how data migration happens between major version upgrades."

"When law enforcement investigations get cold, there's a source authorities can turn to for location data that could produce new leads: Google."

An anonymous reader quotes CNET: Police have used information from the search giant's Sensorvault database to aid in criminal cases across the country, according to a report Saturday by The New York Times. The database has detailed location records from hundreds of millions of phones around the world, the report said. It's meant to collect information on the users of Google's products so the company can better target them with ads, and see how effective those ads are. But police have been tapping into the database to help find missing pieces in investigations.

Law enforcement can get "geofence" warrants seeking location data. Those kinds of requests have spiked in the last six months, and the company has received as many as 180 requests in one week, according to the report.... For geofence warrants, police carve out a specific area and time period, and Google can gather information from Sensorvault about the devices that were present during that window, according to the report. The information is anonymous, but police can analyze it and narrow it down to a few devices they think might be relevant to the investigation. Then Google reveals those users' names and other data, according to the Times...

[T]he AP reported last year that Google tracked people's location even after they'd turned off location-sharing on their phones.
Google's data dates back "nearly a decade," the Times reports -- though in a statement, Google's director of law enforcement and information security insisted "We vigorously protect the privacy of our users while supporting the important work of law enforcement." (The Times also interviewed a man who was arrested and jailed for a week last year based partly on Google's data -- before eventually being released after the police found a more likely suspect.)

"According to the Times, Google is the primary company that appears to be fulfilling the warrants," reports Gizmodo, adding that Apple "says it can't provide this information to authorities..."

"A thriving black market in location data has persisted despite promises from carriers to stop selling it to middlemen, who divert it from intended uses in marketing and other services."

New submitter nichogenius writes: The latest observation run of LIGO and VIRGO only started April 1st, but has already observed another black hole merger. The LIGO detectors have been offline since the 25th of August, 2017 for a series of upgrades. The latest observational run is the first run where gravitational wave events are being publicly announced as they happen rather than being announced weeks or months later. Few details of the merger are available at this time, but there is some information available on LIGO's twitter and raw details can be obtained from LIGO's event database page.

Gravitational detection events are being publicly broadcast using NASA's VOEvent system. If you know a bit of python, you can setup your own VOEvent client using the pygcn module with example code available in this tutorial.

schwit1 quotes Tom's Hardware: The Electronic Privacy Information Center ("EPIC"), a civil liberties group based in Washington D.C., filed an amicus brief in the United States vs. Wilson case concerning Google scanning billions of users' files for unlawful content and then sending that information to law enforcement agencies.

EPIC alleges that law enforcement is using Google, a private entity, to bypass the Fourth Amendment, which requires due process and probable cause before "searching or seizing" someone's property.

As a private entity, Google doesn't have to abide by the Fourth Amendment as the government has to, so it can do those mass searches on its behalf and then give the government the results. The U.S. government has been increasingly using this strategy to bypass Fourth Amendment protections of U.S. citizens and to expand its warrantless surveillance operations further.

Google and a few other companies have "voluntarily" agreed to use a database of image hashes from the National Center for Missing and Exploited Children (NCMEC) to help the agency find exploited children.

More than that, the companies would also give any information they have on the people who owned those images, given they are users of said companies' services and have shared the images through those services.

A new online tool "analyzes publicly disclosed data breaches and gives concrete advice to victims," reported CNET last week. Now the site's creator, data breach expert jimvandyke, is asking Slashdot's readers for feedback: At BreachClarity.com, just enter the name of any data breach you were in (such as 'Anthem', 'Equifax', 'Yahoo', etc.), and click the bright green 'search' button. Every publicly-reported breach since January 2017 (and noteworthy older ones) are in the database, and eventually every publicly-reported breach will be in the database, thanks to my non-profit partner the IDTheftCenter.org (ITRC). Breach Clarity is now available for free in basic form to consumers, as a very simple UI sitting in front of a comprehensive algorithm of my own design.

The goal of Breach Clarity is to help people by demystifying how any new data breach creates identity-holder risk of identity theft, identity fraud, and other harms. My goal in creating Breach Clarity is to move past the myths and victim-blaming (for instance, my research finds that very few people are actually 'apathetic' or 'lazy' when it comes to security, and it's simply not true that 'everyone's data is all already out there' for any cyber-criminal who wants to commit fraud in another person's name).

Breach Clarity uses dynamic research, technology, and design-thinking to protect people in the face of an onslaught of ongoing data breaches (The ITRC recorded 1,244 publicly reported US ones last year, leading to over $10B in annual identity crimes as reported by my former company Javelin Strategy & Research!)... If you like what you see, please use it and spread the word.
The original submission says the site's creator is currently "a one-person pre-funded operation, aiming to create an advanced and more full-featured version of Breach Clarity that will be licensed for financial institutions and employers." But if this is beta testing, there's some great technical support. "If you're confused by what you see, you can actually call the phone number in the upper right of BreachClarity and talk to a real person for free. You'll reach my partner, the ITRC, who gets grant funding from law enforcement and foundations."

CNET notes that "You can already find out if you've lost login credentials and other sensitive information by visiting Have I Been Pwned or Firefox Monitor. Breach Clarity takes things a step further by helping you decide what to do afterward."

An anonymous reader quotes a report from ZDNet: This week, the Apache Software Foundation has patched a severe vulnerability in the Apache (httpd) web server project that could --under certain circumstances-- allow rogue server scripts to execute code with root privileges and take over the underlying server. The vulnerability, tracked as CVE-2019-0211, affects Apache web server releases for Unix systems only, from 2.4.17 to 2.4.38, and was fixed this week with the release of version 2.4.39. According to the Apache team, less-privileged Apache child processes (such as CGI scripts) can execute malicious code with the privileges of the parent process. Because on most Unix systems Apache httpd runs under the root user, any threat actor who has planted a malicious CGI script on an Apache server can use CVE-2019-0211 to take over the underlying system running the Apache httpd process, and inherently control the entire machine.

"First of all, it is a LOCAL vulnerability, which means you need to have some kind of access to the server," Charles Fol, the security researcher who discovered this vulnerability told ZDNet in an interview yesterday. This means that attackers either have to register accounts with shared hosting providers or compromise existing accounts. Once this happens, the attacker only needs to upload a malicious CGI script through their rented/compromised server's control panel to take control of the hosting provider's server to plant malware or steal data from other customers who have data stored on the same machine. "The web hoster has total access to the server through the 'root' account. If one of the users successfully exploits the vulnerability I reported, he/she will get full access to the server, just like the web hoster," Fol said. "This implies read/write/delete any file/database of the other clients."

Researchers at UpGuard, a cybersecurity firm, found troves of Facebook user information hiding in plain sight, inadvertently posted publicly on Amazon.com's cloud computing servers. From a report: The discovery shows that a year after the Cambridge Analytica scandal exposed how unsecure and widely disseminated Facebook users' information is online, companies that control that information at every step still haven't done enough to seal up private data, Bloomberg News reports. In one instance, Mexico City-based media company Cultura Colectiva openly stored 540 million records on Facebook users, including identification numbers, comments, reactions and account names. That database was closed on Wednesday after Bloomberg alerted Facebook to the problem and Facebook contacted Amazon. Facebook shares pared their gains after the Bloomberg News report. UpGuard adds: The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each. What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers. As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak.

A Fairfax County judge on Monday ordered the Fairfax County police to stop maintaining a database of photos of vehicle license plates, with the time and location where they were snapped, ruling that "passive use" of data from automated license plate readers on the back of patrol cars violates Virginia privacy law. From a report: The ruling followed a related finding by the Virginia Supreme Court last year, meaning the case could affect how long -- if at all -- Virginia police can keep license plate data. The ruling by Fairfax Circuit Court Judge Robert J. Smith is a victory for privacy rights advocates who argued that the police could track a person's movements by compiling the times and exact locations of a car anytime its plate was captured by a license plate reader. Fairfax County Police Chief Edwin C. Roessler Jr. said Monday night that he would ask the county attorney to appeal the ruling.

The issue represents another front in the ongoing conflict over the use of emerging technologies by law enforcement. Police say they can, and have, used license plate location data to find dangerous criminals and missing persons. Privacy advocates don't oppose the use of the technology during an active investigation, but they say that maintaining a database of license plate locations for months or years provides too much opportunity for abuse by the police. Last month, the ACLU disclosed that the federal Immigration and Customs Enforcement agency was tapping into a vast, national database of police and private license plate readers. Such private databases remain unregulated.

Russian authorities have ordered ten major VPN providers to begin blocking sites on the country's blacklist. "NordVPN, ExpressVPN, IPVanish and HideMyAss are among those affected," reports TorrentFreak. "TorGuard also received a notification and has pulled its services out of Russia with immediate effect." From the report: During the past few days, telecoms watch Roscomnadzor says it sent compliance notifications to 10 major VPN services with servers inside Russia -- NordVPN, ExpressVPN, TorGuard, IPVanish, VPN Unlimited, VyprVPN, Kaspersky Secure Connection, HideMyAss!, Hola VPN, and OpenVPN. The government agency is demanding that the affected services begin interfacing with the FGIS database, blocking the sites listed within. Several other local companies -- search giant Yandex, Sputnik, Mail.ru, and Rambler -- are already connected to the database and filtering as required.

"In accordance with paragraph 5 of Article 15.8 of the Federal Law No. 149-FZ of 27.07.2006 'On Information, Information Technology and on Protection of Information' hereby we are informing you about the necessity to get connected to the Federal state informational system of the blocked information sources and networks [FGIS] within thirty working days from the receipt [of this notice]," the notice reads. A notice received by TorGuard reveals that the provider was indeed given just under a month to comply. The notice also details the consequences for not doing so, i.e being placed on the blacklist with the rest of the banned sites so it cannot operate in Russia. The demand from Roscomnadzor sent to TorGuard and the other companies also requires that they hand over information to the authorities, including details of their operators and places of business. The notice itself states that for foreign entities, Russian authorities require the full entity name, country of residence, tax number and/or trade register number, postal and email address details, plus other information.

Bank of America tech and operations chief Cathy Bessant said she is bearish on blockchain, the technology underpinning cryptocurrencies. "I will be curious to see what the actual volume of usage is on the JPM Coin in a year," she said. Slashdot reader technocrattobe shares a report from CNBC: "What I am is open-minded," Bessant said recently in an interview at the bank's New York tower. "In my private scoreboard, in the closet, I am bearish." Bessant is wading into the debate about the blockchain, whose proponents have claimed will be as significant as the internet. A blockchain is an encrypted database that runs on multiple computers, potentially cutting out the need for centralized authorities like banks or governments to settle transactions between parties.

The technology got a boost from rival J.P. Morgan Chase, which revealed last month that it created the first cryptocurrency backed by a major U.S. bank to facilitate blockchain-related payments. But Bessant, who oversees 95,000 technology workers and was named the most powerful woman in banking last year, is a pragmatist. She started out at Bank of America in 1982 as a commercial banker, eventually rising to a series of top roles, including head of corporate banking and chief marketing officer. She has run the bank's global technology and operations division since 2010. Most of what she sees doesn't make sense for finance or significantly improve upon existing methods. She said it's a technology in search of a use case, rather than something designed specifically to solve existing problems. "I haven't seen one [use case] that even scales beyond an individual or a small set of transactions," Bessant said. "All of the big tech companies will come and say 'blockchain, blockchain, blockchain.' I say, 'Show me the use case. You bring me the use case and I'll try it.'" She added: "I want it to work. Spiritually, I want it to make us better, faster, cheaper, more transparent, more, you know, all of those things."

The report notes that Bank of America "has applied for or received 82 blockchain-related patents, more than any other financial firm, including payment companies Mastercard and PayPal."

A new report from the open source security company WhiteSource asks the question, "Is one programming language more secure than the rest?"

An anonymous reader quotes TechRepublic: To answer this question, the report compiled information from WhiteSource's database, which aggregates information on open source vulnerabilities from sources including the National Vulnerability Database, security advisories, GitHub issue trackers, and popular open source projects issue trackers. Researchers focused in on open source security vulnerabilities in the seven most widely-used languages of the past 10 years to learn which are most secure, and which vulnerability types are most common in each...

The most common vulnerabilities across most of these languages are Cross-SiteScripting (XSS); Input Validation; Permissions, Privileges, and Access Control; and Information Leak / Disclosure, according to the report.
Across the seven most widely-used programming languages, here's how the vulnerabilities were distributed:

• C (47%)
• PHP (17%)
• Java (11%)
• JavaScript (10%)
• Python (5%)
• C++ (5%)
• Ruby (4%)

But the results are full of disclaimers -- for example, that C tops the list because it's the oldest language with "the highest volume of written code" and "is also one of the languages behind major infrastructure like Open SSL and the Linux kernel."

The report also notes a "substantial rise" across all languages for known open source security vulnerabilities over the last two years, attributing this to more awareness about vulnerable components -- thanks to more research, automated security tools, and "the growing investment in bug bounty programs" -- as well as the increasing popularity of open source software. And it also reports a drop in the percentage of critical vulnerabilities for most languages -- except JavaScript and PHP.

The report then concludes that "the Winner Of Most Secure Programming Language is...no one and everyone...! It is not about the language itself that makes it any more or less secure, but how you use it. If you are mitigating your vulnerabilities throughout the software development lifecycle with the proper management approach, then you are far more likely to stay secure."

Coincidentally, WhiteSource sells software which monitors open source components throughout the software development lifecycle to provide alerts about security (and licensing) issues.

"More than 3 million people have signed a petition to cancel Brexit on the U.K. government's official petitions website -- so many that the website crashed multiple times," reports Time: The petition had received some 600,000 signatures at a rate of 1,500 every 60 seconds before the site crashed at about 9 a.m. U.K. time on Thursday, the Guardian reported. By mid afternoon, the site was back online but suffering intermittent outages. There were 2 million signatures by Thursday evening and 3 million by midday Friday...

The U.K. government must now allow a debate on the petition's contents in parliament.
The Guardian notes that the CTO of company that built the petition site had bragged in a tweet Wednesday that the 1,000 signatures per minute was "Not too bad, but nowhere near crashing the site --you all need to try harder tomorrow."

By the next morning he had tweeted âoeWell done everyone -- the site crashed because calculating the trending count became too much of a load on the database."

Medium's technology publication ran a 3,600-word investigation into a mystery that began when a 66-year-old New York woman Googled directions to her neighborhood, "and found that the app had changed the name of her community..." It's just as well no one contacted Google, because Google wasn't the company that renamed the Fruit Belt to Medical Park. When residents investigated, they found the misnomer repeated on several major apps and websites including HERE, Bing, Uber, Zillow, Grubhub, TripAdvisor, and Redfin... Monica Stephens, a geographer at the University at Buffalo who studies digital maps and misinformation, immediately suspected the geographic clearinghouse Pitney Bowes. Founded in 1920 as a maker of postage meters -- the machines that stamp mail with proof it's been sent -- Pitney Bowes expanded into neighborhood data in 2016 when it bought the leading U.S. provider, Maponics. In its 15-year run, Maponics had supplied neighborhood data to companies from Airbnb to Twitter to the Houston Chronicle. And it had also just acquired a longtime competitor, Urban Mapping, which has previously supplied Facebook, Microsoft, MapQuest, Yahoo, and Apple. Though Pitney Bowes is far from a household name, the $3.4 billion data broker is "a huge company at this point," says Stephens, with enough influence to inadvertently rename a neighborhood across hundreds of sites...

In the early 2000s, Urban Mapping offered new college grads $15 to $25 per hour to comb local blogs, home listings, city plans, and brochures for possible neighborhood names and locations. Maponics, meanwhile, used nascent technologies such as computer vision and natural language processing to pull neighborhoods from images and blocks of text, one former executive with the company said... I visited the Buffalo Central Library to find the source of the error... Sure enough, one of the librarians located a single planning office map that used the "Medical Park" label. It was a 1999 report on poverty and housing conditions -- long since relegated to a dusty shelf stacked with old binders and file folders... Somehow, likely in the early 2000s, this map made its way into what is now the Pitney Bowes data set -- and from there, was hoovered into Google Maps and out onto the wider internet. Buffalo published another map in 2017, with the Fruit Belt clearly marked, and broadcast on the city's open data portal. For whatever reason, Pitney Bowes and its customers never picked that map up.
This is not the first time Google Maps has seemed to spontaneously rename a neighborhood. But for Fruit Belt the reporter's query eventually prompted corrections to the maps on Redfin, TripAdvisor, Zillow, Grubhub, and Google Maps. But the article argues that when it comes to how city names are represented online, "the process is too opaque to scrutinize in public. And that ambiguity foments a sense of powerlessness."

Pitney Bowes doesn't even have a method for submitting corrections. Yet, "In an emailed statement, a spokesperson for Google defended its use of third-party neighborhood sources. 'Overall, this provides a comprehensive and up-to-date map,' the spokesperson said, 'but when we're made aware of errors, we work quickly to fix them.'"

IBM and some other firms are using at least a million of images they have gleaned from Flickr to help train a facial recognition system. Although the photos in question were shared under a Creative Commons license, many users say they never imagined their images would be used in this way. Furthermore, the people shown in the images didn't consent to anything. From a report: "This is the dirty little secret of AI training sets. Researchers often just grab whatever images are available in the wild," said NYU School of Law professor Jason Schultz. The latest company to enter this territory was IBM, which in January released a collection of nearly a million photos that were taken from the photo hosting site Flickr and coded to describe the subjects' appearance. IBM promoted the collection to researchers as a progressive step toward reducing bias in facial recognition. But some of the photographers whose images were included in IBM's dataset were surprised and disconcerted when NBC News told them that their photographs had been annotated with details including facial geometry and skin tone and may be used to develop facial recognition algorithms. (NBC News obtained IBM's dataset from a source after the company declined to share it, saying it could be used only by academic or corporate research groups.)

"None of the people I photographed had any idea their images were being used in this way," said Greg Peverill-Conti, a Boston-based public relations executive who has more than 700 photos in IBM's collection, known as a "training dataset." "It seems a little sketchy that IBM can use these pictures without saying anything to anybody," he said. John Smith, who oversees AI research at IBM, said that the company was committed to "protecting the privacy of individuals" and "will work with anyone who requests a URL to be removed from the dataset." Despite IBM's assurances that Flickr users can opt out of the database, NBC News discovered that it's almost impossible to get photos removed. IBM requires photographers to email links to photos they want removed, but the company has not publicly shared the list of Flickr users and photos included in the dataset, so there is no easy way of finding out whose photos are included. IBM did not respond to questions about this process.