Government

FTC Approves Amazon's Acquisition of Whole Foods (cnbc.com) 54

An anonymous reader quotes a report from CNBC: The Federal Trade Commission will allow Amazon to continue its $13.7 billion deal to acquire Whole Foods. The FTC conducted an investigation to gauge whether the merger would decrease competition under federal regulations, Bruce Hoffman, acting director of the Federal Trade Commission's Bureau of Competition, said in a statement Wednesday. It ultimately decided not to pursue the matter further. Whole Foods shareholders approved Amazon's acquisition deal hours before the FTC's announcement.The two companies expect to finalize the agreement during the second half of the year. However, source familiar with the matter told CNBC the deal could happen sooner rather than later.
Privacy

Wading Through AccuWeather's Response (daringfireball.net) 81

On Tuesday, ZDNet reported that popular weather app AccuWeather was sending location-identifying information to a monetization firm, even when a person had disabled location data from the app. In a response, AccuWeather said today "if a user opts out of location tracking on AccuWeather, no GPS coordinates are collected or passed without further opt-in permission from the user." But it is misleading people. John Gruber of DaringFireball writes: The accusation has nothing to do with "GPS coordinates." The accusation is that their iOS app is collecting Wi-Fi router names and MAC addresses and sending them to servers that belong to Reveal Mobile, which in turn can easily be used to locate the user. Claiming this is about GPS coordinates is like if they were caught stealing debit cards and they issued a denial that they never stole anyone's cash. The accusation comes from Will Strafech, a respected security researcher who discovered the "actual information" by observing network traffic. He saw the AccuWeather iOS app sending his router's name and MAC address to Reveal Mobile. This isn't speculation. They were caught red-handed. GPS information is more precise, and if you grant the AccuWeather app permission to access your location (under the guise of showing you local weather wherever you are, as well as localized weather alerts), that more precise data is passed along to Reveal Mobile as well. But Wi-Fi router information can be used to locate you within a few meters using publicly available databases. Seriously, go ahead and try it yourself: plug your Wi-Fi router's BSSID MAC address into this website, and there's good chance it'll pinpoint your location on the map. "Other data, such as Wi-Fi network information that is not user information, was for a short period available on the Reveal SDK, but was unused by AccuWeather," the company writes. In what way is the name and MAC address of your router not "user information"? And saying the information was "unused by AccuWeather" is again sleight of hand. The accusation is not that AccuWeather itself was using the location of the Wi-Fi router, but that Reveal Mobile was. Here are Reveal Mobile's own words about how they use location data.
Firefox

Mozilla Testing an Opt-Out System For Firefox Telemetry Collection (bleepingcomputer.com) 227

An anonymous reader writes: "Mozilla engineers are discussing plans to change the way Firefox collects usage data (telemetry), and the organization is currently preparing to test an opt-out clause so they could collect more data relevant to the browser's usage," reports Bleeping Computer. "In a Google Groups discussion that's been taking place since Monday, Mozilla engineers cite the lack of usable data the Foundation is currently receiving via its data collection program. The problem is that Firefox collects data from a very small fraction of its userbase, and this data may not be representative of the browser's real usage." Mozilla would like to fix this by flipping everyone's telemetry setting to enabled and adding an opt-out clause. Engineers also plan to embed Google's RAPPAR project [1, 2] for anonymous data collection.
Android

Sony Loses Class Action Lawsuit In Waterproof Claims For Original Xperia Z Line (xda-developers.com) 23

Sony has lost a class action lawsuit for claiming its Xperia phones were "waterproof," when in reality they were only "water resistant." If you happen to own one of the original Xperia Z smartphones, you may be owed up to $300. XDA Developers reports: Arguably, one of the pioneers in the consumer sector for more "rugged" devices (or at the very least IP certification) has to be Sony. Back in 2012, they introduced the Xperia Z line of the devices, which marked a turning point for Sony in most of its philosophy as well as its design language. They completely overhauled the look and feel of the devices they had in favor of the glass slab that they offer even in today's phones and tablets. Despite its fragile appearance, most of their offerings were drop-tested and were able to withstand a substantial amount of mistreatment. On top of all that, the Sony Xperia Z was the first commercially available phone from Sony to me, marketed as "water resistant" with an IP56 rating for water and dust ingress (which isn't really much, but at least it would keep your phone going in spite of an accidental drop in the beach or in the pool). However, the phone was advertised in such a way that it it looked as if the device was waterproof and not water resistant (there is a big difference). This led to a lot of water-damaged devices, which Sony did nothing about and eventually, a class action lawsuit was filed (and won) against Sony.

According to the settlement, there were 24 models affected (ironically, the original Z is not listed as being one of them) starting from the ZR, which was a close cousin of the original Z and going all the way to the Xperia Z5, along with a few tablets as well. The settlement goes on to state that there are a few things that, if you were affected, you can opt for: Warranty extension for up to a year if the device is within warranty period; Warranty extension for up to 6 months if the device is no longer under warranty; Up to 50% of MSRP as refund for compensation if the device is listed among the ones on the Sony lawsuit. If you are going for the cash alternative, you do have a deadline to meet, which is January 30, 2018. Whichever course of action you do decide to take, please make sure that you understand the entire lawsuit document before doing anything!

Crime

Iowa Computer Programmer Gets 25 Years For Lottery Scam (desmoinesregister.com) 131

An anonymous reader quotes a report from The Des Moines Register: Eddie Tipton, the Iowa brainpower behind a case of multi-state lottery fraud, will spend up to 25 years in prison for rigging "random" drawing jackpots. It's unknown how many years Tipton will actually spend in prison. He could be paroled within three or four years, his attorneys noted. Tipton, 54, was a longtime computer programmer in the Iowa offices of the Multi-State Lottery Association who installed software that allowed him to pick winning numbers in some of the nation's most popular lottery drawings. His scam began to unravel following unsuccessful attempts to anonymously collect a $16.5 million Hot Lotto ticket that was purchased at a Des Moines convenience store in 2010. "I certainly regret," Tipton said. "It's difficult even saying that. With all the people I know behind me that I hurt and I regret it. I'm sorry."
The Courts

Justice Department Walks Back Demand For Information On Anti-Trump Website (theverge.com) 130

After issuing a warrant to DreamHost for "all files" related to an anti-trump website, the Justice Department says it's scaling back a demand for information from hosting service DreamHost. The Verge reports: In a legal filing today, the Justice Department argues that the warrant was proper, but also says DreamHost has since brought up information that was previously "unknown." In light of that, it has offered to carve out information demanded in the warrant, specifically pledging to not request information like HTTP logs tied to IP addresses. The department says it is only looking for information related to criminal activity on the site, and says that "the government is focused on the use of the Website to organize, to plan, and to effect a criminal act -- that is, a riot." Peaceful protestors, the government argues, are not the targets of the warrant. The filing asks the court to proceed with the new, less burdensome request, which, apart from the carved-out sections, still requests "all records or other information, pertaining to the Account, including all files, databases, and database records stored by DreamHost in relation to that Account." It's unclear if DreamHost will continue to fight the new demand.
Security

Fourth US Navy Collision This Year Raises Suspicion of Cyber-Attacks (thenextweb.com) 397

An anonymous reader quotes a report from The Next Web: Early Monday morning a U.S. Navy Destroyer collided with a merchant vessel off the coast of Singapore. The U.S. Navy initially reported that 10 sailors were missing, and today found "some of the remains" in flooded compartments. While Americans mourn the loss of our brave warriors, top brass is looking for answers. Monday's crash involving the USS John McCain is the fourth in the area, and possibly the most difficult to understand. So far this year 17 U.S. sailors have died in the Pacific southeast due to seemingly accidental collisions with civilian vessels.

Should four collisions in the same geographical area be chalked up to coincidence? Could a military vessel be hacked? In essence, what if GPS spoofing or administrative lockout caused personnel to be unaware of any imminent danger or unable to respond? The Chief of Naval Operations (CNO) says there's no reason to think it was a cyber-attack, but they're looking into it: "2 clarify Re: possibility of cyber intrusion or sabotage, no indications right now...but review will consider all possibilities," tweeted Adm. John Richardson. The obvious suspects -- if a sovereign nation is behind any alleged attacks -- would be Russia, China, and North Korea, all of whom have reasonable access to the location of all four incidents. It may be chilling to imagine such a bold risk, but it's not outlandish to think a government might be testing cyber-attack capabilities in the field.

NASA

Getting NASA To Comply With Simple FOIA Requests Is a Nightmare (vice.com) 103

From a report on Motherboard: Freedom of Information Act requests are used by journalists, private citizens, and government watchdogs to acquire public documents from government agencies. FOIAing NASA, however, can be an exercise in futility. In one recent case, Motherboard requested all emails from a specific NASA email address with a specific subject line. Other government agencies have completed similar requests with no problems. NASA, however, said it was "unclear what specific NASA records you are requesting." Possibly the only way to be more specific is to knock on NASA's door and show them a printout of what an email is. JPat Brown, executive editor of public records platform MuckRock, explained similarly frustrating experiences with NASA. "Even in cases where we've requested specific contracts by name and number, NASA has claimed that our request was too broad, and added insult to injury with a form letter rejection that includes the sentence 'we are not required to hunt for needles in bureaucratic haystacks,'" Brown told Motherboard in an email. Brown added that NASA has refused to process records unless presented with a requester's home address, something that is not included in the relevant code; and makes it more difficult for requests to obtain 'media' status.
The Courts

Let Consumers Sue Companies (nytimes.com) 110

Richard Cordray, the director of the Consumer Financial Protection Bureau, writes: When a data breach at Home Depot in 2014 led to losses for banks nationwide, a group of banks filed a class-action lawsuit seeking compensation. Companies have the choice of taking legal action together. Yet consumers are frequently blocked from exercising the same legal right when they believe that companies have wronged them. That's because many contracts for products like credit cards and bank accounts have mandatory arbitration clauses that prevent consumers from joining group lawsuits, forcing them to go it alone. For example, a group lawsuit against Wells Fargo for secretly opening phony bank accounts was blocked by arbitration clauses that pushed individual consumers into closed-door proceedings. In 2010, the Consumer Financial Protection Bureau was authorized to study mandatory arbitration and write rules consistent with the study. After five years of work, we recently finalized a rule to stop companies from denying groups of consumers the option of going to court when they are treated unfairly. Opponents have unleashed attacks to overturn the rule, and the House just passed legislation to that end. Before the Senate decides whether to protect companies or consumers, it's worth correcting the record. First, opponents claim that plaintiffs are better served by acting individually than by joining a group lawsuit. This claim is not supported by facts or common sense. Our study contained revealing data on the results of group lawsuits and individual actions. We found that group lawsuits get more money back to more people. In five years of group lawsuits, we tallied an average of $220 million paid to 6.8 million consumers per year. Yet in the arbitration cases we studied, on average, 16 people per year recovered less than $100,000 total. It is true that the average payouts are higher in individual suits. But that is because very few people go through arbitration, and they generally do so only when thousands of dollars are at stake, whereas the typical group lawsuit seeks to recover small amounts for many people. Almost nobody spends time or money fighting a small fee on their own. As one judge noted, "only a lunatic or a fanatic sues for $30."
Bitcoin

Estonia Proposes Estcoin, a Government Backed Cryptocurrency, Issued Via an Initial Coin Offering After e-Residency Success (cityam.com) 51

Estonia is living up to its digital reputation and setting tongues wagging with its latest idea: its very own digital currency issued via an initial coin offering (ICO). From a report: The buzz word of the moment in the heady world of cyptocurrencies, ICOs, are being used to raise cash via a digital token that's issued to investors. What investors get back in return depends what the company offers, much like crowdfunding, but can be some sort of stake in the company or merely being able to use the blockchain-based software it's building. But what's on offer in a potential ICO of a nation state? That's exactly what Estonia wants to work out. The head of its innovative e-residency programme has said the country is considering what the issuance of "estcoin", the country's very own digital currency, would look like. In a blog post, Kaspar Korjus said: "Estcoins could be managed by the Republic of Estonia, but accessed by anyone in the world through its e-Residency programme and launched through an Initial Coin Offering (ICO)."
IOS

Popular Weather App AccuWeather Caught Sending User Location Data, Even When Location Sharing is Off (zdnet.com) 124

Zack Whittaker, reporting for ZDNet: Popular weather app AccuWeather has been caught sending geolocation data to a third-party data monetization firm, even when the user has switched off location sharing. AccuWeather is one of the most popular weather apps in Apple's app store, with a near perfect four-star rating and millions of downloads to its name. But what the app doesn't say is that it sends sensitive data to a firm designed to monetize user locations without users' explicit permission. Security researcher Will Strafach intercepted the traffic from an iPhone running the latest version of AccuWeather and its servers and found that even when the app didn't have permission to access the device's precise location, the app would send the Wi-Fi router name and its unique MAC address to the servers of data monetization firm Reveal Mobile every few hours. That data can be correlated with public data to reveal an approximate location of a user's device. We independently verified the findings, and were able to geolocate an AccuWeather-running iPhone in our New York office within just a few meters, using nothing more than the Wi-Fi router's MAC address and public data.
Privacy

Sonos Says Users Must Accept New Privacy Policy Or Devices May Cease To Function (zdnet.com) 346

An anonymous reader writes: Sonos has confirmed that existing customers will not be given an option to opt out of its new privacy policy, leaving customers with sound systems that may eventually "cease to function". It comes as the home sound system maker prepares to begin collecting audio settings, error data, and other account data before the launch of its smart speaker integration in the near future. A spokesperson for the home sound system maker told ZDNet that, "if a customer chooses not to acknowledge the privacy statement, the customer will not be able to update the software on their Sonos system, and over time the functionality of the product will decrease. The customer can choose to acknowledge the policy, or can accept that over time their product may cease to function."
Bitcoin

Two-Factor Authentication Fail: Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency (nytimes.com) 76

Reader Cludge shares an NYT report: Hackers have discovered that one of the most central elements of online security -- the mobile phone number -- is also one of the easiest to steal. In a growing number of online attacks, hackers have been calling up Verizon, T-Mobile U.S., Sprint and AT&T and asking them to transfer control of a victim's phone number to a device under the control of the hackers. Once they get control of the phone number, they can reset the passwords on every account that uses the phone number as a security backup -- as services like Google, Twitter and Facebook suggest. "My iPad restarted, my phone restarted and my computer restarted, and that's when I got the cold sweat and was like, 'O.K., this is really serious,'" said Chris Burniske, a virtual currency investor who lost control of his phone number late last year. A wide array of people have complained about being successfully targeted by this sort of attack, including a Black Lives Matter activist and the chief technologist of the Federal Trade Commission. The commission's own data shows that the number of so-called phone hijackings has been rising. In January 2013, there were 1,038 such incidents reported; by January 2016, that number had increased to 2,658. But a particularly concentrated wave of attacks has hit those with the most obviously valuable online accounts: virtual currency fanatics like Mr. Burniske. Within minutes of getting control of Mr. Burniske's phone, his attackers had changed the password on his virtual currency wallet and drained the contents -- some $150,000 at today's values. Most victims of these attacks in the virtual currency community have not wanted to acknowledge it publicly for fear of provoking their adversaries. But in interviews, dozens of prominent people in the industry acknowledged that they had been victimized in recent months.
China

China Relaunches World's Fastest Train (fortune.com) 118

China has decided to relaunch the world's fastest train service following a fatal crash in 2011, where the high speed train service reduced its upper limit from its then-record holding 350 km/h (217 miles/hour) to 250-300 km/h (155-186 miles/hour). Fortune reports: Government-controlled website Thepaper.cn reported that seven pairs of bullet trains will be operating under the name "Fuxing," meaning rejuvenation, according to the South China Morning Post. The trains will once again run at 350 km/h, with a maximum speed of 400 km/h (248 mph). It is reported that the train service will boast a monitoring system that will automatically slow the trains in case of emergency. The Beijing-Shanghai line will begin operating on 21 September and will shorten the nearly 820 mile journey by an hour, to four hours thirty minutes. Nearly 600 million people use this route each year, providing a reported $1 billion in profits . Other routes include Beijing-Tianjin-Hebei, which will begin operation today.
Iphone

iPhone 8's 3D Face Scanner Will Work In 'Millionths of a Second' (phonearena.com) 154

According to a report by the Korea Herald, Apple's upcoming iPhone 8 will ditch the fingerprint identification in favor of 3D face recognition, which will work "in the millionths of a second." PhoneArena reports: The Samsung Galaxy series were among the first mainstream devices to feature iris recognition, but the speed and accuracy of the current technology leave a lot to be desired, and maybe that is why current phones ship with an eye scanner AND a fingerprint reader. The iPhone 8, on the other hand, is expected to make a full dive into 3D scanning. Both Samsung and Apple are rumored to have tried to implement a fingerprint scanner under the display glass, but failed as the technology was not sufficiently advanced. The new iPhone will also introduce 3D sensors on both its front and back for Apple's new augmented reality (AR) platform. This latest report also reveals that Apple will not use curved edges for its iPhone 8 screen, but will instead use a flat AMOLED panel. The big benefit of using AMOLED for Apple thus is not the curve, but its thinner profile compared to an LCD screen.
Bitcoin

Third Party Trackers On Web Shops Can Identify Users Behind Bitcoin Transactions (helpnetsecurity.com) 63

An anonymous reader quotes a report from Help Net Security: More and more shopping websites accept cryptocurrencies as a method of payment, but users should be aware that these transactions can be used to deanonymize them -- even if they are using blockchain anonymity techniques such as CoinJoin. Independent researcher Dillon Reisman and Steven Goldfeder, Harry Kalodner and Arvind Narayanan from Princeton University have demonstrated that third-party online tracking provides enough information to identify a transaction on the blockchain, link it to the user's cookie and, ultimately, to the user's real identity. "Based on tracking cookies, the transaction can be linked to the user's activities across the web. And based on well-known Bitcoin address clustering techniques, it can be linked to their other Bitcoin transactions," they noted. "We show that a small amount of additional information, namely that two (or more) transactions were made by the same entity, is sufficient to undo the effect of mixing. While such auxiliary information is available to many potential entities -- merchants, other counterparties such as websites that accept donations, intermediaries such as payment processors, and potentially network eavesdroppers -- web trackers are in the ideal position to carry out this attack," they pointed out.
Privacy

Meeting and Hotel Booking Provider's Data Found in Public Amazon S3 Bucket (threatpost.com) 37

Leaks of personal and business information from unsecured Amazon S3 buckets are piling up. From a report: The latest belongs to Groupize, a Boston-area business that sells tools to manage small group meetings as well as a booking engine that handles hotel room-block reservations. Researchers at Kromtech Security found a publicly accessible bucket containing business and personal data, including contracts and agreements between hotels, customers and Groupize, Kromtech said. The data included some credit card payment authorization forms that contained full payment card information including expiration data and CVV code. The researchers said the database stored in S3 contained numerous folders, below; one called "documents" held close to 3,000 scanned contracts and agreements, while another called all_leads had more than 3,100 spreadsheets containing critical Groupize business data including earnings. There were 37 other folders in the bucket containing tens of thousands of files, most of them storing much more benign data.
Google

Supreme Court Asked To Nullify the Google Trademark (arstechnica.com) 196

Is the term "google" too generic and therefore unworthy of its trademark protection? That's the question before the US Supreme Court. From a report: What's before the Supreme Court is a trademark lawsuit that Google already defeated in a lower court. The lawsuit claims that Google should no longer be trademarked because the word "google" is synonymous to the public with the term "search the Internet." "There is no single word other than google that conveys the action of searching the Internet using any search engine," according to the petition to the Supreme Court. It's perhaps one of the most consequential trademark case before the justices since they ruled in June that offensive trademarks must be allowed. The Google trademark dispute dates to 2012 when a man named Chris Gillespie registered 763 domain names that combined "google" with other words and phrase, including "googledonaldtrump.com."
Security

UK.gov To Treat Online Abuse as Seriously as Hate Crime in Real Life (theregister.co.uk) 307

The UK's Crown Prosecution Service has pledged to tackle online abuse with the same seriousness as it does hate crimes committed in the flesh. From a report: Following public concern about the increasing amount of racist, anti-religious, homophobic and transphobic attacks on social media, the CPS has today published a new set of policy documents on hate crime. This includes revised legal guidance for prosecutors on how they should make decisions on criminal charges and handle cases in court. The rules officially put online abuse on the same level as offline hate crimes -- defined as an action motivated by hostility or prejudice -- like shouting abuse at someone face-to-face. They commit the CPS to prosecuting complaints about online material "with the same robust and proactive approach used with online offending." Prosecutors are told to consider the effect on the wider community and whether to identify both the originators and the "amplifiers or disseminators."
Businesses

The Windows App Store is Full of Pirate Streaming Apps (torrentfreak.com) 98

Ernesto Van der Sar, reporting for TorrentFreak: When we were browsing through the "top free" apps in the Windows Store, our attention was drawn to several applications that promoted "free movies" including various Hollywood blockbusters such as "Wonder Woman," "Spider-Man: Homecoming," and "The Mummy." Initially, we assumed that a pirate app may have slipped past Microsoft's screening process. However, the 'problem' doesn't appear to be isolated. There are dozens of similar apps in the official store that promise potential users free movies, most with rave reviews. Most of the applications work on multiple platforms including PC, mobile, and the Xbox. They are pretty easy to use and rely on the familiar grid-based streaming interface most sites and services use. Pick a movie or TV-show, click the play button, and off you go. The sheer number of piracy apps in the Windows Store, using names such as "Free Movies HD," "Free Movies Online 2020," and "FreeFlix HQ," came as a surprise to us. In particular, because the developers make no attempt to hide their activities, quite the opposite.
Television

Plex Responds, Will Allow Users To Opt Out Of Data Collection (www.plex.tv) 91

stikves writes: This weekend Plex had announced they were implementing a new privacy policy, including removing the ability for opting out of data collection and sharing. Fortunately the backlash here, on their forums, Reddit, and other placed allowed them to offer a more sensible state, including bringing back opt-out, and anonymity of some of the data.
Plex CEO Keith Valory wrote Saturday that some information must be transferred just to provide the service -- for example, servers still check for updates, they have to determine whether a user has a premium Plex Pass, and "we have to provide accurate reporting to licensors for things like trailers and extras, photo tagging, lyrics, licensed codecs and so on... [W]e came to the conclusion that providing an 'opt out' in the set-up gives a false sense of privacy and feels disingenuous on our part. That is, even if you opted out, there is still a bunch of data we are collecting that we tried to call out as exceptions." But to address concerns about data collection, Plex will make new changes to their privacy policy: [I]n addition to providing the ability to opt out of crash reporting and marketing communications, we will provide you the ability to opt out of playback statistics for personal content on your Plex Media Server, like duration, bit rate, and resolution in a new privacy setting... we are going to "generalize" playback stats in order to make it impossible to create any sort of "fingerprint" that would allow anyone to identify a file in a library... Finally, in the new privacy tab in the server settings we will provide a full list of all product events data that we collect... Our intention here is to provide full transparency. Users will have one place where they can see what data is being collected and where they can opt out of playback data that they are not comfortable with."
And he emphasized that "we will never sell or share data related to YOUR content libraries."
Yahoo!

Alleged Yahoo Hacker Will Be Extradited To The US (tucson.com) 45

An anonymous reader quotes the AP: A Canadian man accused in a massive hack of Yahoo emails agreed Friday to forgo his extradition hearing and go face the charges in the United States. Karim Baratov was arrested in Hamilton, Ontario, in March under the Extradition Act after U.S. authorities indicted him and three others, including two alleged officers of Russia's Federal Security Service. They are accused of computer hacking, economic espionage and other crimes.

An extradition hearing for the 22-year-old Baratov had been scheduled for early September, but he signed documents before a Canadian judge Friday agreeing to waive it. His lawyer, Amedeo DiCarlo, said that does not amount to an admission of guilt... U.S. law enforcement officials call Baratov a "hacker-for-hire" paid by members of the Federal Security Service, or FSB, considered the successor to the KGB of the former Soviet Union.

Yahoo also believes that attack -- which breached at least 500 million Yahoo accounts in 2014 -- was perpetrated by "a state-sponsored actor." The CBC reports that Baratov lives alone in a large, new house in an expensive subdivision. "His parents either bought him the house," one neighbor told the CBC, "or he's getting money somewhere else, because he doesn't seem to work all day; he just drives up and down the street."

The CBC also reports that Baratov's Facebook page links to a Russian-language site "which claims to offer a number of services, including servers for rent in Russia, protection from distributed denial of service (DDoS) attacks, and domain names in China."
Censorship

50,000 Users Test New Anti-Censorship Tool TapDance (www.cbc.ca) 198

The CBC reports: What if circumventing censorship didn't rely on some app or service provider that would eventually get blocked but was built into the very core of the internet itself? What if the routers and servers that underpin the internet -- infrastructure so important that it would be impractical to block -- could also double as one big anti-censorship tool...? After six years in development, three research groups have joined forces to conduct real-world tests.
An anonymous reader writes: Earlier this week, Professor Eric Wustrow, from the University of Colorado at Boulder, presented An ISP-Scale Deployment of TapDance at the USENIX Workshop on Free and Open Communications on the Internet. TapDance is an anti-censorship, circumvention application based on "refraction networking" (formerly known as "decoy routing") that has been the subject of academic research for several years. Now, with integration with Psiphon, 50,000 users, a deployment that spans two ISPs, and an open source release, it seems to have graduated to the real world.
"In the long run, we absolutely do want to see refraction networking deployed at as many ISPs that are as deep in the network as possible," one of the paper's authors told the CBC. "We would love to be so deeply embedded in the core of the network that to block this tool of free communication would be cost-prohibitive for censors."
Bug

Bug In Lowe's Site Sold Goods For Free. Couple Arrested For Exploiting It (bleepingcomputer.com) 239

An anonymous reader writes: A couple from the Brick Township in New Jersey stands accused of using a flaw in the Lowes online portal to receive goods for free at their home. According to the Ocean County Prosecutor's Office, the couple tried to steal goods worth $258,068.01, but only managed to receive approximately $12,971.23 worth of merchandise. Officers executing a search warrant said the residence resembled "more of a warehouse than a home." Investigators said they recovered enough merchandise to fill an 18-foot trailer. Most items were in their original packaging and still had their price tags. Police say one of the suspects posted ads for some of the stolen goods on a Facebook group used to buy and sell used objects. The suspect was selling most of the items at half the price offered on the Lowes website. Authorities did not provide in-depth technical details but revealed the flaw resided in the site's gift card module.
One of the suspects' lawyer argued that his client didn't have the skills to penetrate the security on the web site of a Fortune 500 company -- and insisted instead that his client just had a really special knack for finding good deals.
Crime

FBI Accepts New Evidence in 46-Year-Old D.B. Cooper Case (dailymail.co.uk) 123

An anonymous reader quotes the Daily Mail: The FBI is looking at an 'odd bit of buried foam' as possible evidence in the cold case investigation into criminal mastermind D.B. Cooper, according to private investigators. The potential evidence was handed over to authorities last week by the team of sleuths who believe the foam made up a part of Cooper's parachute backpack, the New York Daily News reports. Cooper, one of the 20th century's most compelling masterminds, hijacked a Boeing 727 at Seattle-Tacoma airport in 1971 and held its crew and passengers hostage with a bomb. Once his demand of $200,000 cash -- the equivalent of $1,213,226 today -- was reached and transferred onto the plane, Cooper had the crew take off before he parachuted out over the dense Pacific Northwest woods and disappeared.

The discovery of the foam comes just weeks after the FBI uncovered what is believed to be part of Cooper's parachute strap, which private investigators claim could lead authorities to his stolen fortune. In addition, the FBI also received three 'unknown' pieces of fabric that were found close to where the alleged parachute strap was located.

The 40-member cold case team is being overseen by a former FBI supervisor. At one point they essentially crowdsourced the investigation by requesting help from the general public, and the team now says they've found a credible source -- providing information substantiated by FBI field notes -- which has led them to this new evidence.
The Military

A Global Fish War is Coming, Warns US Coast Guard (usni.org) 192

schwit1 shares an article from the U.S. Naval Institute's Proceedings magazine. It includes this warning from the Coast Guard's chief of fisheries law enforcement: Nearly two decades into the 21st Century, it has become clear the world has limited resources and the last area of expansion is the oceans. Battles over politics and ideologies may be supplanted by fights over resources as nations struggle for economic and food security. These new conflicts already have begun -- over fish... In 1996, Canada and Spain almost went to war over the Greenland turbot. Canada seized Spanish vessels it felt were fishing illegally, but Spain did not have the same interpretation of the law and sent gunboats to escort its ships. In 1999, a U.S. Coast Guard cutter intercepted a Russian trawler fishing in the U.S. exclusive economic zone. The lone cutter was promptly surrounded by 19 Russian trawlers. Fortunately, the Russian Border Guard and the Coast Guard drew on an existing relationship and were able to defuse the situation...

Japan protested 230 fishing vessels escorted by seven China Coast Guard ships entering the waters of the disputed Senkaku Islands. Incidents in the South China Sea between the Indonesian Navy and Chinese fishing vessels and China Coast Guard have escalated to arrests, ramming, and warning shots leading experts to suggest only navies and use of force can stop the IUU fishing... The United States needs to show it is serious about protecting sustainable fisheries and international rule of law. It needs a fleet that not only will provide a multilateral cooperation platform, but also take action against vessels and fleets that are unwilling to cooperate... If cooperation cannot be achieved, the United States should prepare for a global fish war.

When I read "fish war," I was imagining it more like this.
Crime

FBI Warns US Private Sector To Cut Ties With Kaspersky (cyberscoop.com) 173

An anonymous reader quotes CyberScoop: The FBI has been briefing private sector companies on intelligence claiming to show that the Moscow-based cybersecurity company Kaspersky Lab is an unacceptable threat to national security, current and former senior U.S. officials familiar with the matter tell CyberScoop... The FBI's goal is to have U.S. firms push Kaspersky out of their systems as soon as possible or refrain from using them in new products or other efforts, the current and former officials say.

The FBI's counterintelligence section has been giving briefings since beginning of the year on a priority basis, prioritizing companies in the energy sector and those that use industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. In light of successive cyberattacks against the electric grid in Ukraine, the FBI has focused on this sector due to the critical infrastructure designation assigned to it by the Department of Homeland Security... The U.S. government's actions come as Russia is engaged in its own push to stamp American tech giants like Microsoft out of that country's systems.

Meanwhile Bloomberg Businessweek claims to have seen emails which "show that Kaspersky Lab has maintained a much closer working relationship with Russia's main intelligence agency, the FSB, than it has publicly admitted" -- and that Kaspersky Lab "confirmed the emails are authentic."

Kaspersky Lab told ZDNet they have not confirmed the emails' authenticity. A representative for Kaspersky Lab says that the company does not have "inappropriate" ties with any government, adding that "the company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime."
Encryption

Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) 94

In April Chrome began marking HTTP pages as "not secure" in its address bar if the pages had password or credit card fields. They're about to take the next step. An anonymous reader quotes SearchEngineLand: Last night, Google sent email notifications via Google Search Console to site owners that have forms on web pages over HTTP... Google said, "Beginning in October 2017, Chrome will show the 'Not secure' warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode."
Google warned in April that "Our plan to label HTTP sites as non-secure is taking place in gradual steps, based on increasingly broad criteria. Since the change in Chrome 56, there has been a 23% reduction in the fraction of navigations to HTTP pages with password or credit card forms on desktop, and we're ready to take the next steps..."

"Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the 'Not secure' warning when users type data into HTTP sites."
Government

Microsoft Avoids Washington State Taxes, Gives Nevada Schoolkid A Surface Laptop (seattletimes.com) 72

theodp writes: The Official Microsoft Blog hopes a letter from a Nevada middle schooler advising Microsoft President Brad Smith to "keep up the good work running that company" will "inspire you like it did us." Penned as part of a math teacher's assignment to write letters to the businesses that they like, Microsoft says the letter prompted Smith to visit the Nevada school to meet 7th-grader Sky Yi in person as part of the company's effort to draw attention to the importance of math and encourage students and teachers who are passionate about STEM (science, technology, engineering and math) education. In an accompanying video of the surprise meeting, Smith presents Yi with a new Surface Laptop that comes with Windows 10 S, a version of the OS that has been streamlined with schools in mind. "Not bad for a little letter," the Microsoft exec says.

Speaking of Microsoft, Nevada, and education, Bing Maps coincidentally shows the school Smith visited is just a 43-minute drive from the software giant's Reno-based Americas Operations Center. According to the Seattle Times, routing sales through the Reno software-licensing office helps Microsoft minimize its tax bills (NV doesn't tax business income) to the detriment, some say, of Washington State public schools.

Microsoft's state and local taxes will drop to just $30 million for the last year (from an average of $214 milion over the previous 14 years) according to the Seattle Times. "A Microsoft spokesman said the decline in 2017 was caused by the company's deferring taxes on some income to future years and the winding down of the company's smartphone business."
Television

Should Plex Stop Allowing Users To Opt Out of Data Collection? (www.plex.tv) 158

UPDATE: Plex has now made more changes to their privacy policy to address concerns about data collection, including "the ability to opt out of playback statistics for personal content on your Plex Media Server" and a promise "to 'generalize' playback stats in order to make it impossible to create any sort of 'fingerprint' that would allow anyone to identify a file in a library."

Here's what the original kerfuffle was about. Slashdot reader bigdogpete wrote: Many users of Plex got an email that said they were changing their privacy policy which goes into effect on 20 September 2017. While most of the things are pretty standard, users found it odd that they were now not going to allow users to opt-out of data collection. Here is the part from their website explaining the upcoming changes.

"In order to understand the usage across the Plex ecosystem and how we need to improve, Plex will continue to collect usage statistics, such as device type, duration, bit rate, media format, resolution, and media type (music, photos, videos, etc.). We will no longer allow the option to opt out of this statistics collection, but we do not sell or share your personally identifiable statistics. Again, we will not collect any information that identifies libraries, files, file names, and/or the specific content stored on your privately hosted Plex Media Servers. The only exception to this is when, and only to the extent, you use Plex with third-party services such as Sonos, Alexa, webhooks, and Last.fm."

What do you all think?

Electronic Frontier Foundation

EFF Honors Chelsea Manning, an IFEX Leader, And TechDirt's Editor (eff.org) 108

An anonymous reader quotes the Electronic Frontier Foundation: Whistleblower and activist Chelsea Manning, Techdirt editor and open internet advocate Mike Masnick, and IFEX executive director and global freedom of expression defender Annie Game are the distinguished winners of the 2017 Pioneer Awards, which recognize leaders who are extending freedom and innovation on the electronic frontier. This year's honorees -- a whistleblower, an editor, and an international freedom of expression activist -- all have worked tirelessly to protect the public's right to know.

The award ceremony will be held the evening of September 14 at Delancey Street's Town Hall Room in San Francisco. The keynote speaker is Emmy-nominated comedy writer Ashley Nicole Black, a correspondent on Full Frontal with Samantha Bee who uses her unique comedic style to take on government surveillance, encryption, and freedom of information.

The EFF describes Chelsea Manning as "a network security expert, whistleblower, and former U.S. Army intelligence analyst whose disclosure of classified Iraq war documents exposed human rights abuses and corruption the government kept hidden from the public." Their annoncement also notes that Annie Game has led the IFEX network of 115+ journalism and civil liberties groups around the world for over 10 years, and that Mike Masnick coined the term "The Streisand Effect" -- and is currently being sued by that man who claims he invented email.
Security

Marcus Hutchins' Code Used In Malware May Have Come From GitHub (itwire.com) 52

troublemaker_23 quotes ITWire: A security researcher says code has been discovered that was written by British hacker Marcus Hutchins that was apparently 'borrowed' by the creator of the banking trojan Kronos. The researcher, known as Hasherezade, posted a tweet identifying the code that had been taken from Hutchins' repository on GitHub.
Hasherezade also found a 2015 tweet where a then-20-year-old Hutchins first announces he's discovered the hooking engine he wrote for his own blog -- being used in a malware sample. ("This is why we can't have nice things," Hutchins jokes.) Hasherezade analyzed Kronos's code and concluded "the author has a prior knowledge in implementing malware solutions... The level of precision lead us to the hypothesis, that Kronos is the work of a mature developer, rather than an experimenting youngster."

Monday on Twitter Hutchins posted that "I'm still on trial, still not allowed to go home, still on house arrest; but now I am allowed online. Will get my computers back soon."
Government

US State Department Suffers Worldwide Email Outage (usatoday.com) 69

An anonymous reader quotes USA Today: The U.S. State Department's email system underwent a worldwide outage Friday, affecting all its unclassified communications within and outside of the department. The system was fully restored by Friday afternoon [after 12 hours], said a State Department official briefed on the incident who was not authorized to speak publicly and requested anonymity.

It was not clear what caused the early morning outage, but spokeswoman Heather Nauert told reporters it was not "any external action or interference."

Databases

Google and ProPublica Team Up To Build a National Hate Crime Database (techcrunch.com) 310

In partnership with ProPublica, Google News Lab is launching a new tool to track hate crimes across America. The "Documenting Hate News Index" is being powered by machine learning to track reported hate crimes across all 50 states, collecting data from February 2017 onward. TechCrunch reports: Data visualization studio Pitch Interactive helped craft the index, which collects Google News results and filters them through Google's natural language analysis to extract geographic and contextual information. Because they are not catalogued in any kind of formal national database, a fact that inspired the creation of the index to begin with, Google calls the project a "starting point" for the documentation and study of hate crimes. While the FBI is legally required to document hate crimes at the federal level, state and local authorities often fail to report their own incidents, making the data incomplete at best.

The initiative is a data-rich new arm of the Documenting Hate project which collects and verifies hate incidents reported by both individual contributors and by news organizations. The Hate News Index will keep an eye out for false positives (casual uses of the word "hate" for example), striking a responsible balance between machine learning and human curation on a very sensitive subject. Hate events will be mapped onto a calendar in the user interface, though users can also use a keyword search or browse through algorithmic suggestions. For anyone who'd like to take the data in a new direction, Google will open sourced its data set, making it available through GitHub.

Music

How Hackers Can Use Pop Songs To 'Watch' You (fastcompany.com) 33

An anonymous reader quotes a report from Fast Company: Forget your classic listening device: Researchers at the University of Washington have demonstrated that phones, smart TVs, Amazon Echo-like assistants, and other devices equipped with speakers and microphones could be used by hackers as clandestine sonar "bugs" capable of tracking your location in a room. Their system, called CovertBand, emits high-pitched sonar signals hidden within popular songs -- their examples include songs by Michael Jackson and Justin Timberlake -- then records them with the machine's microphone to detect people's activities. Jumping, walking, and "supine pelvic tilts" all produce distinguishable patterns, they say in a paper. (Of course, someone who hacked the microphone on a smart TV or computer could likely listen to its users, as well.)
Google

Google Explains Why It Banned the App For Gab, a Right-Wing Twitter Rival (arstechnica.com) 530

AmiMoJo shares a report from Ars Technica: When right-wing trolls and outright racists get kicked off of Twitter, they often move to Gab, a right-wing Twitter competitor. Gab was founded by Andrew Torba, who says it's devoted to unfettered free expression online. The site also hosts controversial right-wing figures like Milo Yiannopoulos, Andrew 'weev' Auernheimer and Andrew Anglin, editor of the neo-Nazi site Daily Stormer. On Thursday, Gab said that Google had banned its Android app from the Google Play Store for violating Google's ban on hate speech. The app's main competitor, Twitter, hosts accounts like the American Nazi Party, the Ku Klux Klan, and the virulently anti-gay Westboro Baptist Church, yet the Twitter app is still available on the Google Play store. Apple has long had more restrictive app store policies, and it originally rejected the Gab app for allowing pornographic content to be posted on the service -- despite the fact that hardcore pornography is readily available on Twitter. In an email to Ars, Google explained its decision to remove Gab from the Play Store: "In order to be on the Play Store, social networking apps need to demonstrate a sufficient level of moderation, including for content that encourages violence and advocates hate against groups of people. This is a long-standing rule and clearly stated in our developer policies. Developers always have the opportunity to appeal a suspension and may have their apps reinstated if they've addressed the policy violations and are compliant with our Developer Program Policies."
Privacy

Info on 1.8M Chicago Voters Was Publicly Accessible, But Now Removed From Cloud Service (chicagotribune.com) 27

A file containing the names, addresses, dates of birth and other information about Chicago's 1.8 million registered voters was published online and publicly accessible for an unknown period of time, the Chicago Board of Election Commissioners said this week. From a report: The acknowledgment came days after a data security researcher alerted officials to the existence of the unsecured files. The researcher found the files while conducting a search of items uploaded to Amazon Web Services, a cloud system that allows users to rent storage space and share files with certain people or the general public. The files had been uploaded by Election Systems & Software, a contractor that helps maintain Chicago's electronic poll books. Election Systems said in a statement that the files "did not include any ballot information or vote totals and were not in any way connected to Chicago's voting or tabulation systems." The company said it had "promptly secured" the files on Saturday evening and had launched "a full investigation, with the assistance of a third-party firm, to perform thorough forensic analyses of the AWS server." State and local officials were notified of the existence of the files Saturday by cybersecurity expert Chris Vickery, who works at the Mountain View, Calif. firm UpGuard.
Patents

E-Commerce To Evolve Next Month As Amazon Loses the 1-Click Patent (thirtybees.com) 141

An anonymous reader shares an article: Next month e-commerce will change forever thanks to Amazon. September 12 marks 20 years since Amazon filed for their 1-Click patent. This means that the patent will expire and the technology behind it will be free to be used by any e-commerce site. Starting next month more and more sites will be offering a one click checkout experience. Most major sites have already started development with plans to launch soon after the patent expires. Amazon applied for the 1-Click patent in September of 1997, the actual patent was granted in 1999. The whole idea behind the patent is when you store a user's credit card and address you only need a single click to order a product. For the last 20 years Amazon has kept a tight hold on this technology, they have only licensed it to one company: Apple. No one knows what Apple paid to license the technology, but the value of the patent has been assessed at 2.4 billion dollars by sources. Over the last 20 years Amazon has defended the validity of the patent in several cases, even having to revise the patent at one point. But, now the wait is almost over and this technology is about to make it into the open market.
Businesses

Kit Kat Accused of Copying Atari Game Breakout (bbc.com) 134

An anonymous reader shares a report: Kit Kat's maker Nestle has been accused of copying Breakout, the 1970s computer game, in a marketing campaign. Atari, the company behind some of the most popular early video games, has filed a suit alleging Nestle knowingly exploited the game's look and feel. The advert showed a game similar to Breakout but where the bricks were replaced with single Kit Kat bars. Nestle said it was aware of the lawsuit and would defend itself "strongly" against the allegations. Breakout was created as a successor to "Pong" by Apple founders, Steve Wozniak and Steve Jobs. In the advert, which is titled "Kit Kat: Breakout", a row of people, of varying ages and appearance, share a sofa and play a video game during their work break. In the game depicted, a primitive paddle moves side-to-side to bounce a ball into a collision with the horizontal bars ranged across the top of the screen.
IOS

iOS 11 Has a Feature To Temporarily Disable Touch ID (cultofmac.com) 138

A new feature baked into iOS 11 lets you quickly disable Touch ID, which could come in handy if you're ever in a situation where someone (a cop) might force you to unlock your device. Cult of Mac reports: To temporarily disable Touch ID, you simply press the power button quickly five times. This presents you with the "Emergency SOS" option, which you can swipe to call the emergency services. It also prevents your iPhone from being unlocked without the passcode. Until now, there were other ways to temporarily disable Touch ID, but they weren't quick and simply. You either had to restart your iPhone, let it sit idle for a few days until Touch ID was temporarily disabled by itself, or scan the wrong finger several times. The police, or any government agency, cannot force you to hand over your iPhone's passcode. However, they can force you to unlock your device with your fingerprint. That doesn't work if your fingerprint scanner has been disabled.
Government

Ukraine Hacker Cooperating With FBI In Russia Probe, Says Report (thehill.com) 215

schwit1 shares a report from The Hill: A hacker in Ukraine who goes by the online alias "Profexer" is cooperating with the FBI in its investigation of Russian interference in the U.S. presidential election, The New York Times is reporting. Profexer, whose real identity is unknown, wrote and sold malware on the dark web. The intelligence community publicly identified code he had written as a tool used in the hacking of the Democratic National Committee ahead of last year's presidential election. The hacker's activity on the web came to a halt shortly after the malware was identified. The New York Times, citing Ukrainian police, reported Wednesday that the individual turned himself into the FBI earlier this year and became a witness for the bureau in its investigation. FBI investigators are probing Russian interference efforts and whether there was coordination between associates of President Trump's campaign and Moscow. Special counsel Robert Mueller is heading the investigation.
Patents

Motorola Patents a Display That Can Heal Its Own Cracked Screen With Heat (theverge.com) 41

An anonymous reader quotes a report from The Verge: A patent published today explains how a phone could identify cracks on its touchscreen and then apply heat to the area in an effort to slightly repair the damage. The process relies on something called "shape memory polymer," a material that can apparently become deformed and then recovered through thermal cycling. Thermal cycling involves changing the temperature of the material rapidly. This material could be used over an LCD or LED display with a capacitive touch sensor layered in, as well. Although the phone could heat the polymer in order to restore it, a user's body heat can be used, too.
Encryption

Hacker Claims To Have Decrypted Apple's Secure Enclave Processor Firmware (iclarified.com) 111

According to iClarified, a hacker by name of "xerub" has posted the decryption key for Apple's Secure Enclave Processor (SEP) firmware. "The security coprocessor was introduced alongside the iPhone 5s and Touch ID," reports iClarified. "It performs secure services for the rest of the SOC and prevents the main processor from getting direct access to sensitive data. It runs its own operating system (SEPOS) which includes a kernel, drivers, services, and applications." From the report: The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but can't read it. It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption. Today, xerub announced the decryption key "is fully grown." You can use img4lib to decrypt the firmware and xerub's SEP firmware split tool to process. Decryption of the SEP Firmware will make it easier for hackers and security researchers to comb through the SEP for vulnerabilities.
AT&T

Judge Dismisses AT&T's Attempt To Stall Google Fiber Construction In Louisville (arstechnica.com) 71

An anonymous reader quotes a report from Ars Technica: AT&T has lost a court case in which it tried to stall construction by Google Fiber in Louisville, Kentucky. AT&T sued the local government in Louisville and Jefferson County in February 2016 to stop a One Touch Make Ready Ordinance designed to give Google Fiber and other new ISPs quicker access to utility poles. But yesterday, U.S. District Court Judge David Hale dismissed the lawsuit with prejudice, saying AT&T's claims that the ordinance is invalid are false. "We are currently reviewing the decision and our next steps," AT&T said when contacted by Ars today. One Touch Make Ready rules let ISPs make all of the necessary wire adjustments on utility poles themselves instead of having to wait for other providers like AT&T to send work crews to move their own wires. Without One Touch Make Ready rules, the pole attachment process can cause delays of months before new ISPs can install service to homes. Google Fiber has continued construction in Louisville despite the lawsuit and staff cuts that affected deployments in other cities.
Patents

We Print 50 Trillion Pages a Year, and Xerox Is Betting That Continues (fortune.com) 86

An anonymous reader shares a report: For most of its 111-year history, Xerox has been known as one of the tech industry's most innovative companies. Now the legendary copier company is reinventing itself. In January, Xerox made the bold decision to split itself into two, spinning off its business services operations into a separate company called Conduent. And Jeffrey Jacobson, a Xerox tech executive, was tapped as Xerox's new CEO. Speaking with Fortune's Susie Gharib, Jacobson says Xerox is still "one of the top patent producing companies in the world" and he's counting on that scientific expertise to pivot the company to be a leader in digital print technology. "If I look at the things we're looking at with the Internet of things, artificial intelligence and bridging the digital and physical," he says, "that's what I think we'll be known for."
Social Networks

Thai Activist Jailed For the Crime of Sharing an Article on Facebook (eff.org) 120

An anonymous reader shares a report: Thai activist Jatuphat "Pai" Boonpattaraksa was sentenced this week to two and a half years in prison -- for the crime of sharing a BBC article on Facebook. The Thai-language article profiled Thailand's new king and, while thousands of users shared it, only Jutaphat was found to violate Thailand's strict lese majeste laws against insulting, defaming, or threatening the monarchy. The sentence comes after Jatuphat has already spent eight months in detention without bail. During this time, Jatuphat has fought additional charges for violating the Thai military junta's ban on political gatherings and for other activism with Dao Din, an anti-coup group. While in trial in military court, Jatuphat also accepted the Gwangzu Prize for Human Rights. When he was arrested last December, Jatuphat was the first person to be charged with lese majeste since the former King Bhumibol passed away and his son Vajiralongkorn took the throne. (He was not, however, the first to receive a sentence -- this past June saw one of the harshest rulings to date, with one man waiting over a year in jail to be sentenced to 35 years for Facebook posts critical of the royal family.) The conviction, which appears to have singled Jatuphat out among thousands of other Facebook users who shared the article, sends a strong message to other activists and netizens: overbroad laws like lese majeste can and will be used to target those who oppose military rule in Thailand.
Piracy

Roku Gets Tough On Pirate Channels, Warns Users (torrentfreak.com) 79

An anonymous reader quotes a report from TorrentFreak: Earlier this year Roku was harshly confronted with this new piracy crackdown when a Mexican court ordered local retailers to take its media player off the shelves. While this legal battle isn't over yet, it was clear to Roku that misuse of its platform wasn't without consequences. While Roku never permitted any infringing content, it appears that the company has recently made some adjustments to better deal with the problem, or at least clarify its stance. Pirate content generally doesn't show up in the official Roku Channel Store but is directly loaded onto the device through third-party "private" channels. A few weeks ago, Roku renamed these "private" channels to "non-certified" channels, while making it very clear that copyright infringement is not allowed. A "WARNING!" message that pops up during the installation of these third-party channels stresses that Roku has no control over the content. In addition, the company notes that these channels may be removed if it links to copyright infringing content.

"By continuing, you acknowledge you are accessing a non-certified channel that may include content that is offensive or inappropriate for some audiences," Roku's warning reads. "Moreover, if Roku determines that this channel violates copyright, contains illegal content, or otherwise violates Roku's terms and conditions, then ROKU MAY REMOVE THIS CHANNEL WITHOUT PRIOR NOTICE."

Television

YouTube Has An Illegal TV Streaming Problem (mashable.com) 119

An anonymous reader quotes a report from Mashable: Most people turn to Netflix to binge watch full seasons of a single TV show, but there could be a much cheaper way: YouTube. You might be surprised to learn that you can watch full episodes of popular TV shows on YouTube for free, thanks to a large number of rogue accounts that are hosting illegal live streams of shows. Perhaps the most shocking thing about these free (and very illegal) TV live streams might even make their way into your suggested video queue, if you watch enough "random shit" and Bobby Hill quote compilations on the site, as Mashable business editor Jason Abbruzzese recently experienced. He first noticed the surprisingly high number of illegal TV streaming accounts on his YouTube homepage, which has tailored recommended videos based on his viewing habits. Personalized recommendations aren't exactly new -- but the number of illegal live streams broadcasting copyrighted material on a loop was a shocker. When we looked deeper into the livestreams, the number we found was mindblowing. Many of these accounts appear to exist solely to give watchers an endless loop of their favorite shows and only have a few other posts related to the live streamed content. "YouTube respects the rights of copyright holders and we've invested heavily in copyright and content management tools to give rights holders control of their content on YouTube," a YouTube spokesperson told Mashable in an email. "When copyright holders work with us to provide reference files for their content, we ensure all live broadcasts are scanned for third party content, and we either pause or terminate streams when we find matches to third party content."
Communications

WordPress Bans Fascist Website Linked To Charlottesville Killer (fastcompany.com) 451

tedlistens writes: WordPress has said that it does not censor websites like that of self-proclaimed fascist group Vanguard America. But last night, the group's site was taken offline for violating the company's terms of service. The about-face was likely prompted by Vanguard's participation in last weekend's Unite the Right rallies in Charlottesville, Virginia, during which James Alex Fields drove his car into a crowd, killing one person and injuring 19. Fields has claimed allegiance to Vanguard America; the group denies that Fields was a member. For WordPress to drop a site, even a fascist site, is a very big deal; the same is true of GoDaddy's and Google's decision to drop their registration of neo-Nazi site the Daily Stormer (another site that GoDaddy previously said would be permitted on free speech grounds). WordPress hasn't explained the shift in its approach to the website: the company's user agreement and terms of service have not changed since Charlottesville. That policy, like that of other tech platforms, has long stood by strict neutrality and freedom of expression. That may now be changing.
Patents

Toyota Patents Cloaking Device To Make Car Pillars Appear Transparent (thedrive.com) 105

Toyota has patented a cloaking device that aims to make big, chunky car pillars transparent. The "apparatuses and methods for making an object appear transparent" which Toyota just patented uses cleverly placed mirrors to bend light around an object making it visible from the other side. The Drive reports: So you're not really seeing through the pillars, you're seeing around them. This is a much cheaper option than adding more cameras and screens all over the place and much more realistic than Harry Potter's invisibility cloak. The patent was filed with the U.S. patent office by Toyota North America, so if Toyota does go forward with this technology, we can probably expect to see it in cars in the U.S.

Slashdot Top Deals