Piracy

Paramount+ Documentary: an Origin Story For Music Piracy - and Its Human Side (forbes.com) 68

Re-visiting the Napster era, Stephen Witt's book How Music Got Free has been adapted into a two-part documentary on Paramount+. But the documentary's director believes "The real innovative minds here were a bunch of rogue teenagers and a guy working a blue-collar factory job in the tiny town of Shelby, North Carolina," according to this article in the Guardian: By day, [Glover] worked at Universal Music's CD manufacturing plant in North Carolina, from which he smuggled out hot albums by stars like Mary J Blige and 50 Cent before they were even released. For the documentary, Glover spoke openly, and largely without regret, as did others who worked at that plant who did their own share of stealing. Part of their incentive was class revenge: while they were paid piddling wages by the hour, the industry used the products they manufactured to mint millions. To maximize profits on his end, Glover set up a subscription service to let those in his circle know what CDs and movies were coming. "He was doing what Netflix would later do," Stapleton said...

In the meantime, the record companies and their lobbying arm, the RIAA, focused their wrath on the most public face of file-sharing: Napster. In truth, all Fanning's company did was make more accessible the work the pirates innovated and first distributed... For its part, the music industry reacted in the worst way possible, PR-wise. They sued the kids who made up their strongest fanbase. "One of the key lessons we learned from this era is that you can't sue your way out of a situation like this," Witt said. "You have to build a new technology that supersedes what the pirates did."

Eventually, that's what happened, though the first attempts in that direction made things worse than ever for the labels and stars. When Apple first created the iPod in 2001, there wasn't yet an Apple store where listeners could purchase music legally. "It was just a place to put your stolen MP3s," said Witt. Labels couldn't sue Apple because of a ruling dictating that the manufacturer of a device couldn't be held responsible for piracy enacted by its users. While Steve Jobs later modified his approach, creating a way for fans to buy individual songs for the iPod, "that did more damage to the industry than anything", Witt said. "Whereas, before they could sell a $15 CD to fans who really just wanted one song, now those fans could get that song for just a dollar...."

Eventually, the collective efforts of the streaming companies returned the music industry to massive profitability, though often at the expense of its artists, who often receive a meager slice of the proceeds.... Things ended less favorably for the pirates, some of whom now have criminal records. Likewise, Glover served a short prison sentence though, today, he is chief maintenance technician at the Ryder Truck manufacturing plant in his home town.

A Forbes senior contributor (and director Alexandria Stapleton) believe that for the younger generation it may be "their first introduction to why the music industry is the way that they're used to."

And Stapleton says their sympathies are with those factory workers. Stapleton: They were completely underpaid. They were making literally nothing. It's important for people to understand that while the industry was charging $20 for a CD, it cost like 20 cents to make. That's a big profit margin. And to have a factory that was paying barely enough for people to put food on the table, I think there's something wrong with that...

Witt: It's amazing to think about what they were really doing, which was essentially filling the technological vacuum that the record industry was refusing to fill, right? The record industry was not building out the successor technology to the compact disc because the compact disc was just too profitable for them. Instead, a bunch of random teenagers built the next generation of technology for them, and yeah, it caused a lot of damage. But I don't think that teenagers were necessarily trying to hurt anyone... They weren't malicious. They just were fascinated by how this stuff worked. And of course, they were also completely entranced by the celebrity of the musicians themselves.

In the interview Witt adds that a lot of those teenagers "were really kind of traumatized by their experience with the FBI I would say, and they wanted to get that story out there."

The documentary was produced by LeBron James and Eminem, "who rode the tail end of the CD boom to stratospheric heights," remembers a Fast Company opinion columnist. (And 25 years later, that columnist has gone back to listening to vinyl records, which "reignited for me a long-missing air of full engagement... Technology marches forward, except when it occasionally lurches backward...")
Crime

Ransomware Attack Takes Down Computer System for America's Largest Trial Court (apnews.com) 33

A ransomware attack has taken down the computer system of America's largest trial court, reports the Associated Press: The cybersecurity attack began early Friday and is not believed to be related to the faulty CrowdStrike software update that has disrupted airlines, hospitals and governments around the world, officials said in a statement Friday. The court disabled its computer network systems upon discovery of the attack, and it will remain down through at least the weekend.
Friday's statement called it "a serious security event," adding that the court is receiving help from local, state, and federal law enforcement agencies. "At this time, the preliminary investigation shows no evidence of court users' data being compromised." Over the past few years, the Court has invested heavily in its cybersecurity operations, modernizing its cybersecurity infrastructure and making strategic staff investments in the Cybersecurity Division within Court Technology Services. As a result of this investment, the Court was able to quickly detect an intrusion and address it immediately.

Due to the ongoing nature of the investigation, remediation, and recovery, the Court will not comment further until additional information is available for public release.

Sunday the Court posted on X.com that they're "working diligently to get the Court's network systems back up and running...

"When we have a better understanding of the extent to which the Court will be operational tomorrow, July 22, we will provide information and direction to court users and jurors, likely later this evening."
Crime

Former Anonymous Spokesperson's Memoir Called 'Deranged, Hyperbolic, and True' (nytimes.com) 33

Slashdot covered Barrett Brown back in 2011 and 2012. The New York Times calls him "an activist associated with the hacker group Anonymous, and a political prisoner recently denied asylum in Britain, all of which sounds a bit dreary until we hear tell of it through Brown's unhinged self-regard."

They're reviewing Brown's "extraordinary" new memoir, My Glorious Defeats: Hacktivist, Narcissist, Anonymous," a book they call "deranged, hyperbolic, and true." A "machine" that focuses attention on little-known social issues, Anonymous has gone after the Church of Scientology, Koch Industries, websites hosting child pornography and the Westboro Baptist Church. The public tends to be confused by nebulous digital activities, so it was, in the collective's heyday, helpful to have Brown act as a translator between the hackers and mainstream journalists. "The year 2011 ended as it began," he writes, "with a sophisticated hack on a state-affiliated corporation that ostensibly dealt in straightforward security and analysis while secretly engaging in black ops campaigns against activists who'd proven troublesome to powerful clients."

This particular corporation was Stratfor, a company that spied on activists for the government... Brown waited for the feds to come back and drag him to jail. He also says he tried to get off suboxone in order to avoid the painful possibility of prison withdrawal, and stopped taking Paxil, inducing a manic state, all of which is given as explanation for his regrettable next move, which was to set up a camera and start talking. The feds had threatened his mother, he told the internet, and in response he was threatening Robert Smith, the lead agent on his case. He found himself in custody the same night.

Brown was then subjected to the kind of nonsense the Department of Justice is prone to inflicting on those involved in shadowy internet activities that, in fact, almost no one in the legal process understands. He was charged with participating in the hack of Stratfor, though he was not really involved and cannot code, and although the whole thing was organized by an F.B.I. informant. Brown had also retweeted a Fox News host's call to murder Julian Assange; the prosecution presented this as if he were himself calling for the murder of Assange. But generally, Brown's primary victim is himself. "My thirst for glory and hatred for the state," he writes, "were incompatible with an orthodox criminal defense, in which the limiting of one's sentence is the sole objective."

In his cell, with an eraser-less pencil he needs a compliant guard to repeatedly sharpen, he writes "The Barrett Brown Review of Arts and Letters and Jail." His mother types it up; The Intercept publishes. He develops the character he will play in his memoir: a self-aware narcissist and addict. He wins a National Magazine Award, and is especially pleased that his column "Please Stop Sending Me Jonathan Franzen Novels," wins while Franzen is in attendance.

"The state is an afterthought here — a litany of absurdist horrors too stupid to appall..." the review concludes.

"We're left with a man who refuses to look away from the deep structure of the world, an unstable position from which there is no sanctuary. My Glorious Defeats is deranged, hyperbolic and as true a work as I have read in a very long time."
Privacy

CNN Investigates 'Airbnb's Hidden Camera Problem' (cnn.com) 76

2017 Slashdot headline: "People Keep Finding Hidden Cameras in Their Airbnbs."

Nearly seven years later, CNN launched their own investigation of "Airbnb's hidden camera problem". CNN: "Across North America, police have seized thousands of images from hidden cameras at Airbnb rentals, including people's most intimate moments... It's more than just a few reported cases. And Airbnb knows it's a problem. In this deposition reviewed by CNN, an Airbnb rep said 35,000 customer support tickets about security cameras or recording devices had been documented over a decade. [The deposition estimates "about" 35,000 tickets "within the scope of the security camera and recording devices policy."]

Airbnb told CNN a single complaint can involve multiple tickets.

CNN actually obtained the audio recording of an Airbnb host in Maine admitting to police that he'd photographed a couple having sex using a camera hidden in a clock — and also photographed other couples. And one Airbnb guest told CNN he'd only learned he'd been recorded "because police called him, months later, after another guest found the camera" — with police discovering cameras in every single room in the house, concealed inside smoke detectors. "Part of the challenge is that the technology has gotten so advanced, with these cameras so small that you can't even see them," CNN says.

But even though recording someone without consent is illegal in every state, CNN also found that in this case and others, Airbnb "does not contact law enforcement once hidden cameras are discovered — even if children are involved." Their reporter argues that Airbnb "not only fails to protect its guests — it works to keep complaints out of the courts and away from the public."

They spoke to two Florida attorneys who said trying to sue Airbnb if something goes wrong is extremely difficult — since its Terms of Service require users to assume every risk themselves. "The person going to rent the property agrees that if something happens while they're staying at this accommodation, they're actually prohibited from suing Airbnb," says one of the attorneys. "They must go a different route, which is a binding arbitration." (When CNN asked if this was about controlling publicity, the two lawyers answered "absolutely" and "100%".) And when claims are settled, CNN adds, "Airbnb has required guests to sign confidentiality agreements — which CNN obtained — that keep some details of legal cases private."

Responding to the story, Airbnb seemed to acknowledge guests have been secretly recorded by hosts, by calling such occurrences "exceptionally rare... When we do receive an allegation, we take appropriate, swift action, which can include removing hosts and listings that violate the policy.

"Airbnb's trust and safety policies lead the vacation rental industry..."
The Courts

In SolarWinds Case, US Judge Rejects SEC Oversight of Cybersecurity Controls (msn.com) 18

SolarWinds still faces some legal action over its infamous 2020 breach, reports NextGov.com. But a U.S. federal judge has dismissed most of the claims from America's Securities and Exchange Commission, which "alleged the company defrauded investors because it deliberately hid knowledge of cyber vulnerabilities in its systems ahead of a major security breach discovered in 2020."

Slashdot reader krakman shares this report from the Washington Post: "The SEC's rationale, under which the statute must be construed to broadly cover all systems public companies use to safeguard their valuable assets, would have sweeping ramifications," [judge] Engelmayer wrote in a 107-page decision. "It could empower the agency to regulate background checks used in hiring nighttime security guards, the selection of padlocks for storage sheds, safety measures at water parks on whose reliability the asset of customer goodwill depended, and the lengths and configurations of passwords required to access company computers," he wrote. The federal judge also dismissed SEC claims that SolarWinds' disclosures after it learned its customers had been affected improperly covered up the gravity of the breach...

In an era when deeply damaging hacking campaigns have become commonplace, the suit alarmed business leaders, some security executives and even former government officials, as expressed in friend-of-the-court briefs asking that it be thrown out. They argued that adding liability for misstatements would discourage hacking victims from sharing what they know with customers, investors and safety authorities. Austin-based SolarWinds said it was pleased that the judge "largely granted our motion to dismiss the SEC's claims," adding in a statement that it was "grateful for the support we have received thus far across the industry, from our customers, from cybersecurity professionals, and from veteran government officials who echoed our concerns."

The article notes that as far back as 2018, "an engineer warned in an internal presentation that a hacker could use the company's virtual private network from an unauthorized device and upload malicious code. Brown did not pass that information along to top executives, the judge wrote, and hackers later used that exact technique." Engelmayer did not dismiss the case entirely, allowing the SEC to try to show that SolarWinds and top security executive Timothy Brown committed securities fraud by not warning in a public "security statement" before the hack that it knew it was highly vulnerable to attacks.

The SEC "plausibly alleges that SolarWinds and Brown made sustained public misrepresentations, indeed many amounting to flat falsehoods, in the Security Statement about the adequacy of its access controls," Engelmayer wrote. "Given the centrality of cybersecurity to SolarWinds' business model as a company pitching sophisticated software products to customers for whom computer security was paramount, these misrepresentations were undeniably material."

Firefox

Firefox 128 Criticized for Including Small Test of 'Privacy-Preserving' Ad Tech by Default (itsfoss.com) 57

"Many people over the past few days have been lashing out at Mozilla," writes the blog Its FOSS, "for enabling Privacy-Preserving Attribution by default on Firefox 128, and the lack of publicity surrounding its introduction."

Mozilla responded that the feature will only run "on a few sites in the U.S. under strict supervision" — adding that users can disable it at any time ("because this is a test"), and that it's only even enabled if telemetry is also enabled.

And they also emphasize that it's "not tracking." The way it works is there's an "aggregation service" that can periodically send advertisers a summary of ad-related actions — again, aggregated data, from a mass of many other users. (And Mozilla says that aggregated summary even includes "noise that provides differential privacy.") This Privacy-Preserving Attribution concept "does not involve sending information about your browsing activities to anyone... Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising."

More from It's FOSS: Even though Mozilla mentioned that PPA would be enabled by default on Firefox 128 in a few of its past blog posts, they failed to communicate this decision clearly, to a wider audience... In response to the public outcry, Firefox CTO, Bobby Holley, had to step in to clarify what was going on.

He started with how the internet has become a massive cesspool of surveillance, and doing something about it was the primary reason many people are part of Mozilla. He then expanded on their approach with Firefox, which, historically speaking, has been to ship a browser with anti-tracking features baked in to tackle the most common surveillance techniques. But, there were two limitations with this approach. One was that advertisers would try to bypass these countermeasures. The second, most users just accept the default options that they are shown...

Bas Schouten, Principal Software Engineer at Mozilla, made it clear at the end of a heated Mastodon thread that "[opt-in features are] making privacy a privilege for the people that work to inform and educate themselves on the topic. People shouldn't need to do that, everyone deserves a more private browser. Privacy features, in Firefox, are not meant to be opt-in. They need to be the default.

"If you are 'completely anti-ads' (i.e. even if their implementation is private), you probably use an ad blocker. So are unaffected by this."

This has already provoked a discussion among Slashdot readers. "It doesn't seem that evil to me," argues Slashdot reader geekprime. "Seems like the elimination of cross site cookies is a privacy enhancing idea." (They cite Mozilla's statement that their goal is "to inform an emerging Web standard designed to help sites understand how their ads perform without collecting data about individual people. By offering sites a non-invasive alternative to cross-site tracking, we hope to achieve a significant reduction in this harmful practice across the web.")

But Slashdot reader TheNameOfNick disagrees. "How realistic is the part where advertisers stop tracking you because they get less information from the browser maker...?"

Mozilla has provided simple instructions for disabling the feature:
  • Click the menu button and select Settings.
  • In the Privacy & Security panel, find the Website Advertising Preferences section.
  • Uncheck the box labeled Allow websites to perform privacy-preserving ad measurement.

Facebook

Nigeria Fines Meta $220 Million For Violating Consumer, Data Laws (reuters.com) 15

Nigeria fined Meta for $220 million on Friday, alleging the tech giant violated the country's local consumer, data protection and privacy laws. Reuters reports: Nigeria's Federal Competition and Consumer Protection Commission (FCCPC) said Meta appropriated the data of Nigerian users on its platforms without their consent, abused its market dominance by forcing exploitative privacy policies on users, and meted out discriminatory and disparate treatment on Nigerians, compared with other jurisdictions with similar regulations. FCCPC chief Adamu Abdullahi said the investigations were jointly held with Nigeria's Data Protection Commission and spanned over 38 months. The investigations found Meta policies don't allow users the option or opportunity to self-determine or withhold consent to the gathering, use, and sharing of personal data, Abdullahi said.

"The totality of the investigation has concluded that Meta over the protracted period of time has engaged in conduct that constituted multiple and repeated, as well as continuing infringements... particularly, but not limited to abusive, and invasive practices against data subjects in Nigeria," Abdullahi said. "Being satisfied with the significant evidence on the record, and that Meta has been provided every opportunity to articulate any position, representations, refutations, explanations or defences of their conduct, the Commission have now entered a final order and issued a penalty against Meta," Abdullahi said. The final order mandates steps and actions Meta must take to comply with local laws, Abdullahi said.

Cellphones

FCC Blasts T-Mobile's 365-Day Phone Locking, Proposes 60-Day Unlock Rule (arstechnica.com) 39

An anonymous reader quotes a report from Ars Technica: Citing frustration with mobile carriers enforcing different phone-unlocking policies that are bad for consumers, the Federal Communications Commission is proposing a 60-day unlocking requirement that would apply to all wireless providers. The industry's "confusing and disparate cell phone unlocking policies" mean that "some consumers can unlock their phones with relative ease, while others face significant barriers," Commissioner Geoffrey Starks said at yesterday's FCC meeting. "It also means certain carriers are subject to mandatory unlocking requirements while others are free to dictate their own. This asymmetry is bad for both consumers and competition."

The FCC is "proposing a uniform 60-day unlocking policy" so that "consumers can choose the carrier that offers them the best value," Starks said. Unlocking a phone allows it to be used on a different carrier's network as long as the phone is compatible. The FCC approved the Notice of Proposed Rulemaking (NPRM) in a 5-0 vote. That begins a public comment period that could lead to a final rulemaking. A draft of the NPRM said the FCC "propose[s] to require all mobile wireless service providers to unlock handsets 60 days after a consumer's handset is activated with the provider, unless within the 60-day period the service provider determines the handset was purchased through fraud."

"You bought your phone, you should be able to take it to any provider you want," Rosenworcel said. "Some providers already operate this way. Others do not. In fact, some have recently increased the time their customers must wait until they can unlock their device by as much as 100 percent." Rosenworcel apparently was referring to a prepaid brand offered by T-Mobile. The NPRM draft said that "T-Mobile recently increased its locking period for one of its brands, Metro by T-Mobile, from 180 days to 365 days." The 365-day rule brought Metro into line with other T-Mobile prepaid phones that already came with the year-long lock. We reached out to T-Mobile and will update this article if it provides a comment. A merger condition imposed on T-Mobile's purchase of Sprint merely requires that it unlock prepaid phones within one year. T-Mobile imposes different unlocking policies on prepaid and postpaid phones. For postpaid devices, T-Mobile says it will unlock phones that have been active for at least 40 days, but only if any associated financing or leasing agreement has been paid in full.

The Courts

OpenAI Dropped From First Ever AI Programming Copyright Lawsuit 8

OpenAI escaped a copyright lawsuit from a group of open-source programmers after they voluntarily dismissed their case against the company in federal court. From a report: The programmers, who allege the generative AI programming tool Copilot was trained on their code without proper attribution, filed their notice of voluntary dismissal Thursday, but will still have their case against GitHub and parent company Microsoft, which collaborated with OpenAI in developing the tool. The proposed class action filed in 2022 in the US District Court for the Northern District of California was the first major copyright case against OpenAI, which has since been hit with numerous lawsuits from authors and news organizations including the New York Times.
Oracle

Oracle Reaches $115 Million Consumer Privacy Settlement (aol.com) 15

Oracle agreed to pay $115 million to settle a lawsuit accusing the database software and cloud computing company of invading people's privacy by collecting their personal information and selling it to third parties. Reuters: The plaintiffs, who otherwise have no connection to Oracle, said the company violated federal and state privacy laws and California's constitution by creating unauthorized "digital dossiers" for hundreds of millions of people. They said the dossiers contained data including where people browsed online, and where they did their banking, bought gas, dined out, shopped and used their credit cards. Oracle then allegedly sold the information directly to marketers or through products such as ID Graph, which according to the company helps marketers "orchestrate a relevant, personalized experience for each individual."
Privacy

Little-Known Tool Is Giving Instant Access To Vast Amounts of Homebuyer Data (therecord.media) 98

An anonymous reader quotes a report from The Record: When Florida real estate professional Susan Hicks discovered the app Forewarn over a year ago, she was shocked to learn that for a service costing about $20 a month she could instantly retrieve detailed data on prospective clients with only their phone number. "For anybody who's had exposure to this, usually the first time they see it, it blows their mind," Hicks told Recorded Future News, adding that she enthusiastically recommends the tool to the brokers she manages. "It's incredible that there's that amount of information out there that you can just access with one click." "It can be real creepy and you have to swear that you're not going to use it in a wrong manner," Hicks added, referring to Forewarn rules which say real estate agents can't share data from the app publicly or with third parties, or use the app to pull information on non-professional contacts.

Forewarn is primarily marketed to and used by the real estate industry, and it has been penetrating that market at a rapid clip. Although some real estate agents say the financial information it returns saves time when finding clients most likely to have the budget for the houses they're looking at, most agents and associations tout it primarily as a safety tool because it also supplies criminal records. In addition to those records, the product -- owned by the data broker red violet -- also supplies a given individual's address history; phone, vehicle and property records; bankruptcies; and liens and judgements, including foreclosure histories. Although such data could generally be gleaned from public records, Forewarn delivers it at the press of a button -- a function real estate agents say allows them to gather publicly available information without having to visit courthouses and municipal offices, a process which would normally take days.

The power of Forewarn's technology has led to rapid adoption, but the company is still largely unknown outside the real estate industry. Several fair housing and civil rights advocates interviewed by Recorded Future News weren't aware of its existence. The individuals whose data it sells also have no idea their information is being shared with real estate agents, who potentially might choose not to work with them because of what they discover on the app. Forewarn did not respond to multiple requests for comment, however, statements made by one of its executives suggest that the company intentionally keeps a low profile. "Do not tell the prospect that they are not permitted or unqualified to purchase or sell property because of information you obtained from Forewarn," a company executive said at a recent training webinar with Illinois real estate agents. She emphasized that potential buyers "do not get notified" when they are screened with the app, a question she said many real estate agents ask. Real estate agents who, for example, discover a client has a lien filed against them, should consider telling the prospect they "obtained this information from a confidential service that bases their information on available public record information," the executive added.

Cellphones

FCC Closes 'Final Loopholes' That Keep Prison Phone Prices Exorbitantly High 72

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission today voted to lower price caps on prison phone calls and closed a loophole that allowed prison telecoms to charge high rates for intrastate calls. Today's vote will cut the price of interstate calls in half and set price caps on intrastate calls for the first time. The FCC said it "voted to end exorbitant phone and video call rates that have burdened incarcerated people and their families for decades. Under the new rules, the cost of a 15-minute phone call will drop to $0.90 from as much as $11.35 in large jails and, in small jails, to $1.35 from $12.10."

The new rules are expected to take effect in January 2025 for all prisons and for jails with at least 1,000 incarcerated people. The rate caps would take effect in smaller jails in April 2025. Worth Rises, a nonprofit group advocating for prison reform, said it "estimates that the new rules will impact 83 percent of incarcerated people (about 1.4 million) and save impacted families at least $500 million annually."
The nonprofit Prison Policy Institute said that prison phone companies charge ancillary fees for things "like making a deposit to fund an account." The ban on those fees "also effectively blocks a practice that we have been campaigning against for years: companies charging fees to consumers who choose to make single calls rather than fund a calling account, and deliberately steering new consumers to this higher-cost option in order to increase fee revenue," the group said.

The ancillary fee ban is a "technical-sounding change," but will help "eliminate some of the industry's dirtiest tricks that shortchange both the families and the facilities," the group said.
Privacy

USPS Shared Customers Postal Addresses With Meta, LinkedIn and Snap (techcrunch.com) 25

An anonymous reader quotes a report from TechCrunch: The U.S. Postal Service was sharing the postal addresses of its online customers with advertising and tech giants Meta, LinkedIn and Snap, TechCrunch has found. On Wednesday, the USPS said it addressed the issue and stopped the practice, claiming that it was "unaware" of it. TechCrunch found USPS was sharing customers' information by way of hidden data-collecting code (also known as tracking pixels) used across its website. Tech and advertising companies create this kind of code to collect information about the user -- such as which pages they visit -- every time a webpage containing the code loads in the customer's browser.

In the case of USPS, some of that collected data included the postal addresses of logged-in USPS Informed Delivery customers, who use the service to see photos of their incoming mail before it arrives. It's not clear how many individuals had their information collected or for how long. Informed Delivery had more than 62 million users (PDF) as of March 2024. [...] The code also collected other data, such as information about the user's computer type and browser, which appeared as partly pseudonymized -- essentially scrambled in a way that makes it more difficult for humans to know where data came from, or who it relates to, by using randomized identifiers in place of real customer names. But researchers have long warned that pseudonymous data can still be used to re-identify seemingly anonymous individuals.

TechCrunch also found that tracking numbers entered into the USPS website were also shared with advertisers and tech companies, including Bing, Google, LinkedIn, Pinterest and Snap. Some in-transit tracking data was also shared, such as the real-world location of the mail in the postal system, even if the customer was not logged in to USPS' website.
USPS spokesperson Jim McKean said in a statement: "The Postal Service leverages an analytics platform for our own internal purposes, so that we understand the usage of our products and services and which we use on an aggregated basis to market our products. The Postal Service does not sell or provide any personal information that is collected from this analytics platform to any third party, and we were unaware of any configuration of the platform that collected personal information from the URL and that shared it without our knowledge with social media."

"We have taken immediate action to remediate this issue," the spokesperson added, without saying what action was taken.
Privacy

The Biggest Data Breaches In 2024: 1 Billion Stolen Records and Rising (techcrunch.com) 13

An anonymous reader quotes an excerpt from TechCrunch, written by Zack Whittaker: We're over halfway through 2024, and already this year we have seen some of the biggest, most damaging data breaches in recent history. And just when you think that some of these hacks can't get any worse, they do. From huge stores of customers' personal information getting scraped, stolen and posted online, to reams of medical data covering most people in the United States getting stolen, the worst data breaches of 2024 to date have already surpassed at least 1 billion stolen records and rising. These breaches not only affect the individuals whose data was irretrievably exposed, but also embolden the criminals who profit from their malicious cyberattacks. Travel with us to the not-so-distant past to look at how some of the biggest security incidents of 2024 went down, their impact and. in some cases, how they could have been stopped. These are some of the largest breaches highlighted in the report:

AT&T's Data Breaches: AT&T experienced two data breaches in 2024, affecting nearly all its customers and many non-customers. The breaches exposed phone numbers, call records, and personal information, risking account hijacks for 7.6 million customers.
Change Healthcare Hack: A ransomware attack on Change Healthcare resulted in the theft of sensitive medical data, affecting a substantial proportion of Americans. The breach caused widespread outages in healthcare services across the U.S. and compromised personal, medical, and billing information.
Synnovis Ransomware Attack: The cyberattack on U.K. pathology lab Synnovis disrupted patient services in London hospitals for weeks, leading to thousands of postponed operations and the exposure of data related to 300 million patient interactions.
Snowflake Data Theft (Including Ticketmaster): Cybercriminals stole hundreds of millions of records from Snowflake's corporate customers, including 560 million records from Ticketmaster. The breach affected data from multiple companies and institutions, exposing vast amounts of customer and employee information.
Privacy

Leaked Docs Show What Phones Cellebrite Can and Can't Unlock (404media.co) 41

Cellebrite, the well-known mobile forensics company, was unable to unlock a sizable chunk of modern iPhones available on the market as of April 2024, 404 Media reported Wednesday, citing leaked documents it obtained. From the report: Mobile forensics companies typically do not release details on what specific models their tools can or cannot penetrate, instead using vague terms in marketing materials. The documents obtained by 404 Media, which are given to customers but not published publicly, show how fluid and fast moving the success, or failure, of mobile forensic tools can be, and highlights the constant cat and mouse game between hardware and operating manufacturers like Apple and Google, and the hacking companies looking for vulnerabilities to exploit.

[...] For all locked iPhones able to run 17.4 or newer, the Cellebrite document says "In Research," meaning they cannot necessarily be unlocked with Cellebrite's tools. For previous iterations of iOS 17, stretching from 17.1 to 17.3.1, Cellebrite says it does support the iPhone XR and iPhone 11 series. Specifically, the document says Cellebrite recently added support to those models for its Supersonic BF [brute force] capability, which claims to gain access to phones quickly. But for the iPhone 12 and up running those operating systems, Cellebrite says support is "Coming soon."

The Courts

Puerto Rico Files $1 Billion Suit Against Fossil Fuel Companies (theverge.com) 112

An anonymous reader quotes a report from The Verge: Puerto Rico filed suit against fossil fuel companies this week, alleging that the oil and gas giants have misled the public about climate change and delayed a transition to clean energy. The suit seeks $1 billion in damages to help Puerto Rico defend itself against climate disasters. In a complaint (PDF) filed in San Juan yesterday, Puerto Rico's Department of Justice says that the companies violated trade law by promoting fossil fuels without adequately warning about the dangers. The defendants include ExxonMobil, BP, Chevron, Shell, ConocoPhillips, and other energy companies.

In the complaint, Puerto Rico says it expects to pay billions of dollars in the future to cope with catastrophes made worse by climate change -- including storms like Hurricane Maria, which killed thousands of people in 2017 and triggered monthslong power outages. The suit asks defendants to contribute to a fund that would be used to mitigate the consequences of climate change and pay for measures to strengthen Puerto Rico's infrastructure against future climate-related calamities.
After Hurricane Maria devastated the island in 2017, thirty-seven municipalities in Puerto Rico and the capital city of San Juan filed suit against fossil fuel companies, "seeking to hold them accountable for the devastation," notes The Verge.

Last week, Portland's Multnomah County filed a lawsuit against several fossil fuel companies, blaming their emissions for the 2021 heat dome that resulted in the deaths of 69 people.
Privacy

Rite Aid Says Breach Exposes Sensitive Details of 2.2 Million Customers (arstechnica.com) 9

Rite Aid, the third-largest U.S. drug store chain, reported it a ransomware attack that compromised the personal data of 2.2 million customers. The data exposed includes names, addresses, dates of birth, and driver's license numbers or other forms of government-issued ID from transactions between June 2017 and July 2018.

"On June 6, 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems," the company said in a filing. "We detected the incident within 12 hours and immediately launched an internal investigation to terminate the unauthorized access, remediate affected systems and ascertain if any customer data was impacted." Ars Technica's Dan Goodin reports: RansomHub, the name of a relatively new ransomware group, has taken credit for the attack, which it said yielded more than 10GB of customer data. RansomHub emerged earlier this year as a rebranded version of a group known as Knight. According to security firm Check Point, RansomHub became the most prevalent ransomware group following an international operation by law enforcement in May that took down much of the infrastructure used by rival ransomware group Lockbit.

On its dark web site, RansomHub said it was in advanced stages of negotiation with Rite Aid officials when the company suddenly cut off communications. A Rite Aid official didn't respond to questions sent by email. Rite Aid has also declined to say if the employee account compromised in the breach was protected by multifactor authentication.

Bitcoin

Craig Wright Faces Perjury Investigation Over Claims He Created Bitcoin (wired.com) 17

A judge in the UK High Court has directed prosecutors to consider bringing criminal charges against computer scientist Craig Wright, after ruling that he lied "extensively and repeatedly" and committed forgery "on a grand scale" in service of his quest to prove he is Satoshi Nakamoto, creator of bitcoin. From a report: In a judgment published Tuesday, Justice James Mellor outlined various injunctions to be imposed upon Wright, after finding in May that he had "engaged in the deliberate production of false documents to support false claims [to be Satoshi] and use the Courts as a vehicle for fraud."

By order of the judge, Wright will be prevented from claiming publicly that he is Satoshi and from bringing or threatening legal action in any jurisdiction on that basis. He will be required to pin a notice to the front page of his personal website and X feed detailing the findings against him. The matter, Mellor writes, will also be referred to the Crown Prosecution Service (CPS), the body responsible for prosecuting criminal cases in the UK, "for consideration of whether a prosecution should be commenced against Dr Wright." It will be up to the CPS to decide whether the available evidence is sufficient to bring charges against Wright "for his wholescale perjury and forgery of documents" and "whether a warrant for his arrest should be issued."

AI

Senate Introduces Bill To Setup Legal Framework For Ethical AI Development (techspot.com) 48

Last week, the U.S. Senate introduced a new bill to outlaw the unethical use of AI-generated content and deepfake technology. Called the Content Origin Protection and Integrity from Edited and Deepfaked Media Act (COPIED Act), the bill would "set new federal transparency guidelines for marking, authenticating and detecting AI-generated content, protect journalists, actors and artists against AI-driven theft, and hold violators accountable for abuses." TechSpot reports: Proposed and sponsored by Democrats Maria Cantwell of Washington and Martin Heinrich of New Mexico, along with Republican Marsha Blackburn of Tennessee, the aims to establish enforceable transparency standards in AI development [such a through watermarking]. The legislation also wants to curb unauthorized data use in training models. The senators intend to task the National Institutes of Standards and Technology with developing sensible transparency guidelines should the bill pass. [...] The senators feel that clarifying and defining what is okay and what is not regarding AI development is vital in protecting citizens, artists, and public figures from the harm that misuse of the technology could cause, particularly in creating deepfakes. The text of the bill can be read here.
Piracy

Record Labels Sue Verizon After ISP 'Buried Head In Sand' Over Subscribers' Piracy (torrentfreak.com) 144

An anonymous reader quotes a report from TorrentFreak: Just before the weekend, dozens of record labels including UMG, Warner, and Sony, filed a massive copyright infringement lawsuit against Verizon at a New York federal court. In common with previous lawsuits that accused rivals of similar inaction, Verizon Communications Inc., Verizon Services Corp., and Cellco Partnership (dba Verizon Wireless), stand accused of assisting subscribers to download and share pirated music, by not doing enough to stop them. The labels' complaint introduces Verizon as one of the largest ISPs in the country, one that "knowingly provides its high-speed service to a massive community of online pirates."

Knowledge of infringement, the labels say, was established at Verizon over a period of several years during which it received "hundreds of thousands" of copyright notices, referencing instances of infringement allegedly carried out by its subscribers. The complaint cites Verizon subscribers' persistent use of BitTorrent networks to download and share pirated music, with Verizon allegedly failing to curtail their activity. "While Verizon is famous for its 'Can you hear me now?' advertising campaign, it has intentionally chosen not to listen to complaints from copyright owners. Instead of taking action in response to those infringement notices as the law requires, Verizon ignored Plaintiffs' notices and buried its head in the sand," the labels write.

"Undeterred, infringing subscribers identified in Plaintiffs' notices continued to use Verizon's services to infringe Plaintiffs' copyrights with impunity. Meanwhile, Verizon continued to provide its high-speed service to thousands of known repeat infringers so it could continue to collect millions of dollars from them." Through this lawsuit, which references piracy of songs recorded by artists including The Rolling Stones, Ariana Grande, Bob Dylan, Bruno Mars, Elvis Presley, Dua Lipa, Drake, and others, the labels suggest that Verizon will have no choice but to hear them now. [...]

Attached to the complaint, Exhibit A contains a non-exhaustive list of the plaintiffs' copyright works allegedly infringed by Verizon's subscribers. The document is over 400 pages long, with each track listed representing potential liability for Verizon as a willful, intentional, and purposeful contributory infringer, the complaint notes. This inevitably leads to claims based on maximum statutory damages of $150,000 per copyrighted work infringed on Count I (contributory infringement). The statutory maximum of $150,000 per infringed work is also applied to Count II (vicarious infringement), based on the labels' claim that Verizon derived a direct financial benefit from the direct infringements of its subscribers.
The labels' complaint can be found here (PDF).

Slashdot Top Deals