Businesses

ISP Disclosures About Data Caps and Fees Eliminated By Net Neutrality Repeal (arstechnica.com) 281

In 2015, the Federal Communications Commission forced ISPs to be more transparent with customers about hidden fees and the consequences of exceeding data caps. Since the requirements were part of the net neutrality rules, they will be eliminated when the FCC votes to repeal the rules next week. Ars Technica reports: While FCC Chairman Ajit Pai is proposing to keep some of the commission's existing disclosure rules and to impose some new disclosure requirements, ISPs won't have to tell consumers exactly what everything will cost when they sign up for service. There have been two major versions of the FCC's transparency requirements: one created in 2010 with the first net neutrality rules, and an expanded version created in 2015. Both sets of transparency rules survived court challenges from the broadband industry. The 2010 requirement had ISPs disclose pricing, including "monthly prices, usage-based fees, and fees for early termination or additional network services." That somewhat vague requirement will survive Pai's net neutrality repeal. But Pai is proposing to eliminate the enhanced disclosure requirements that have been in place since 2015. Here are the disclosures that ISPs currently have to make -- but won't have to after the repeal:

-Price: the full monthly service charge. Any promotional rates should be clearly noted as such, specify the duration of the promotional period and the full monthly service charge the consumer will incur after the expiration of the promotional period.
-Other Fees: all additional one time and/or recurring fees and/or surcharges the consumer may incur either to initiate, maintain, or discontinue service, including the name, definition, and cost of each additional fee. These may include modem rental fees, installation fees, service charges, and early termination fees, among others.
-Data Caps and Allowances: any data caps or allowances that are a part of the plan the consumer is purchasing, as well as the consequences of exceeding the cap or allowance (e.g., additional charges, loss of service for the remainder of the billing cycle).

Pai's proposed net neutrality repeal says those requirements and others adopted in 2015 are too onerous for ISPs.

Bitcoin

Bank of America Wins Patent For Crypto Exchange System (coindesk.com) 52

New submitter psnyder shares a report from CoinDesk: [The patent] outlined a potential cryptocurrency exchange system that would convert one digital currency into another. Further, this system would be automated, establishing the exchange rate between the two currencies based on external data feeds. The patent describes a potential three-part system, where the first part would be a customer's account and the other two would be accounts owned by the business running the system. The user would store their chosen cryptocurrency through the customer account. The second account, referred to as a "float account," would act as a holding area for the cryptocurrency the customer is selling, while the third account, also a float account, would contain the equivalent amount of the cryptocurrency the customer is converting their funds to. That third account would then deposit the converted funds back into the original customer account for withdrawal. The proposed system would collect data from external information sources on cryptocurrency exchange rates, and use this data to establish its own optimal rate. The patent notes this service would be for enterprise-level customers, meaning that if the bank pursues this project, it would be offered to businesses.
Government

Volkswagen Executive Sentenced To Maximum Prison Term For His Role In Dieselgate (arstechnica.com) 101

An anonymous reader quotes a report from Ars Technica: On Wednesday, a U.S. District judge in Detroit sentenced Oliver Schmidt, a former Volkswagen executive, to seven years in prison for his role in the Volkswagen diesel emissions scandal of 2015. Schmidt was also ordered to pay a criminal penalty of $400,000, according to a U.S. Department of Justice (DOJ) press release. The prison term and the fine together represent the maximum sentence that Schmidt could have received under the plea deal he signed in August. Schmidt, a German citizen who lived in Detroit as an emissions compliance executive for VW, was arrested in Miami on vacation last January. In August, he pleaded guilty to conspiracy and to making a false statement under the Clean Air Act. Schmidt's plea deal stated that the former executive could face up to seven years in prison and between $40,000 and $400,000 in fines.

Last week, Schmidt's attorneys made a last-minute bid requesting a lighter sentence for Schmidt: 40 months of supervised release and a $100,000 fine. Schmidt also wrote a letter to the judge, which surfaced over the weekend, in which the executive said he felt "misused" by his own company and claimed that higher-ranked VW executives coached him on a script to help him lie to a California Air Resources Board (CARB) official. Instead, Schmidt was sentenced to the maximum penalties outlined in the plea deal. Only one other VW employee has been sentenced in connection with the emissions scandal: former engineer James Liang, who received 40 months in prison and two years of supervised release as the result of his plea deal. Although six other VW Group executives have been indicted, none is in U.S. custody.

Google

Inside Oracle's Cloak-and-dagger Political War With Google (recode.net) 83

schwit1 shares a Recode report: The story that appeared in Quartz this November seemed shocking enough on its own: Google had quietly tracked the location of its Android users, even those who had turned off such monitoring on their smartphones. But missing from the news site's report was another eyebrow-raising detail: Some of its evidence, while accurate, appears to have been furnished by one of Google's fiercest foes: Oracle. For the past year, the software and cloud computing giant has mounted a cloak-and-dagger, take-no-prisoners lobbying campaign against Google, perhaps hoping to cause the company intense political and financial pain at a time when the two tech giants are also warring in federal court over allegations of stolen computer code. Since 2010, Oracle has accused Google of copying Java and using key portions of it in the making of Android. Google, for its part, has fought those claims vigorously. More recently, though, their standoff has intensified. And as a sign of the worsening rift between them, this summer Oracle tried to sell reporters on a story about the privacy pitfalls of Android, two sources confirmed to Recode.
Privacy

Keylogger Found On Nearly 5,500 WordPress Sites (bleepingcomputer.com) 83

An anonymous reader writes: Nearly 5,500 WordPress sites are infected with a malicious script that logs keystrokes and sometimes loads an in-browser cryptocurrency miner. The malicious script is being loaded from the "cloudflare.solutions" domain, which is not affiliated with Cloudflare in any way, and logs anything that users type inside form fields as soon as the user switches away from an input field. The script is included on both the sites' frontends and backends, meaning it can steal both admin account credentials and credit card data from WP sites running e-commerce stores. According to site source code search engine PublicWWW, there are 5,496 sites running this keylogger. The attacker has been active since April.
Medicine

Victims of Mystery Attacks In Cuba Left With Anomalies In Brain Tissue (arstechnica.com) 231

An anonymous reader quotes a report from Ars Technica: American victims of mysterious attacks in Cuba have abnormalities in their brains' white matter, according to new medical testing reported by the Associated Press. But, so far, it's unclear how or if the white-matter anomalies seen in the victims relate to their symptoms. White matter is made up of dense nerve fibers that connect neurons in different areas of the brain, forming networks. It gets its name from the light-colored electrical insulation, myelin, that coats the fibers. Overall, the tissue is essential for rapidly transmitting brain signals critical for learning and cognitive function.

In August, U.S. authorities first acknowledged that American diplomats and their spouses stationed in Havana, Cuba, had been the targets of puzzling attacks for months. The attacks were carried out by unknown agents and for unknown reasons, using a completely baffling weaponry. The attacks were sometimes marked by bizarrely targeted and piercing noises or vibrations, but other times they were completely imperceptible. Victims complained of a range of symptoms, including dizziness, nausea, headaches, balance problems, ringing in the ears (tinnitus), nosebleeds, difficulty concentrating and recalling words, permanent hearing loss, and speech and vision problems. Doctors have also identified mild brain injuries, including swelling and concussion. U.S. officials now report that 24 Americans were injured in the attacks but wouldn't comment on how many showed abnormalities in their white matter.

Businesses

Judge Dismisses Lawsuit That Claims Google Paid Female Employees Less Than Male Colleagues (cnn.com) 254

A California judge has rejected a class action claim against Google for alleged gender inequity. In September, three female Google employees filed a lawsuit against Google, claiming the search giant "engaged in systemic and pervasive pay and promotion discrimination." They sought class action status on behalf of women who have worked at Google in California for the past four years. CNN reports: This week, a judge rejected their request to make the suit a class action. A judge ruled that the class was "overbroad," stating that it "does not purport to distinguish between female employees who may have valid claims against Google based upon its alleged conduct from those who do not." Jim Finberg, the lawyer representing the plaintiffs, said his clients plan to file an amended complaint seeking class action certification. He said it will address the court's ruling and make "clear that Google violates the California Equal Pay Act throughout California and throughout the class period by paying women less than men for substantially equal work in nearly every job classification."
Government

Warrantless Surveillance Can Continue Even If Law Expires, Officials Say (theverge.com) 68

According to a New York Times report citing American officials, the Trump administration has decided that the National Security Agency and the FBI can lawfully keep operating their warrantless surveillance program even if Congress fails to extend the law authorizing it before an expiration date of New Year's Eve. The Verge reports: The White House believes the Patriot Act's surveillance provisions won't expire until four months into 2018. Lawyers point to a one-year certification that was granted on April 26th of last year. If that certification is taken as a legal authorization for the FISA court overall -- as White House lawyers suggest -- then Congress will have another four months to work out the details of reauthorization. There are already several proposals for Patriot Act reauthorization in the Senate, which focus the Section 702 provisions that authorize certain types of NSA surveillance. Some of the proposals would close the backdoor search loophole that allows for warrantless surveillance of U.S. citizens, although a recent House proposal would leave it in place. But with Congress largely focused on tax cuts and the looming debt ceiling fight, it's unlikely the differences could be reconciled before the end of the year.
Medicine

FCC Chair Ajit Pai Falsely Claims Killing Net Neutrality Will Help Sick and Disabled People (vice.com) 205

An anonymous reader quotes a report from Motherboard: One popular claim by the telecom sector is that net neutrality rules are somehow preventing people who are sick or disabled from gaining access to essential medical services they need to survive. Verizon, for example, has been trying to argue since at least 2014 that the FCC's net neutrality rules' ban on paid prioritization (which prevents ISPs from letting deep-pocketed content companies buy their way to a distinct network performance advantage over smaller competitors) harms the hearing impaired. That's much to the chagrin of groups that actually represent those constituents, who have consistently and repeatedly stated that this claim simply isn't true. Comcast lobbyists have also repeated this patently-false claim in their attempt to lift the FCC ban on unfair paid prioritization deals.

The claim that net neutrality rules hurt the sick also popped up in a recent facts-optional fact sheet the agency has been circulating to try and justify the agency's Orwellian-named "Restoring Internet Freedom" net neutrality repeal. In the FCC's current rules, the FCC was careful to distinguish between "Broadband Internet Access Services (BIAS)," which is general internet traffic like browsing, e-mail or app data and "Non-BIAS data services," which are often given prioritized, isolated capacity to ensure lower latency, better speed, and greater reliability. VoIP services, pacemakers, energy meters and all telemedicine applications fall under this category and are exempt from the rules. Despite the fact that the FCC's net neutrality rules clearly exempt medical services from the ban on uncompetitive paid prioritization, FCC boss Ajit Pai has consistently tried to claim otherwise. He did so again last week during a speech in which he attempted to defend his agency from the massive backlash to its assault on net neutrality.
"By ending the outright ban on paid prioritization, we hope to make it easier for consumers to benefit from services that need prioritization -- such as latency-sensitive telemedicine," Pai said. "By replacing an outright ban with a robust transparency requirement and FTC-led consumer protection, we will enable these services to come into being and help seniors."
The Almighty Buck

Ask Slashdot: How Do I Explain Copyright To My Kids? 326

orgelspieler writes: My son paid for a copy of a novel on his iPad. When his school made it against the rules to bring iPads, he wanted to get the same book on his Kindle. I tried to explain that the format of his eBook was not readily convertible to the Kindle. So he tried to go on his schools online library app. He checked it out just fine, but ironically, the offline reading function only works on the now-disallowed iPads. Rather than paying Amazon $7 for a book I already own, and he has already checked out from the library, I found a bootleg PDF online. I tried to explain that he could just read that, but he freaked out. "That's illegal, Dad!" I tried to explain format shifting, and the injustice of the current copyright framework in America. Even when he did his own research, stumbling across EFF's website on fair use, he still would not believe me.

Have any of you fellow Slashdotters figured out a good way to navigate the moral, legal, and technological issues of copyright law, as it relates to the next generation of nerds? Interestingly, my boy seems OK with playing old video games on the Wayback Machine, so I don't think it's a lost cause.
Security

NiceHash Hacked, $62 Million of Bitcoin May Be Stolen (reddit.com) 79

New submitter Chir breaks the news to us that the NiceHash crypto-mining marketplace has been hacked. The crypto mining pool broke the news on Reddit, where users suggest that as many as 4,736.42 BTC -- an amount worth more than $62 million at current prices -- has been stolen. The NiceHash team is urging users to change their online passwords as a result of the breach and theft.
Facebook

Facebook and YouTube Are Full of Pirated Video Streams of Live NFL Games (cnbc.com) 231

Pirated video streams of televised National Football League games are widespread on Facebook and on Google's YouTube service, CNBC has found. From a report: Using technology from these internet giants, thousands of football fans were able to watch long segments of many contests free of charge during the league's Week 13 schedule of games last Thursday and Sunday. Dozens of these video streams, pirated from CBS and NBC broadcasts, featured ads from well-known national brands interspersed with game action. This online activity comes as the league struggles with declining ratings that have been blamed variously on player protests during the national anthem and revelations about former players suffering from a brain disease caused by concussions. Yet this illegal distribution of NFL content may also be crimping the league's viewer numbers.
Firefox

Yahoo Sues Mozilla For Breach of Contract -- So Mozilla Counter Sues Yahoo (betanews.com) 112

Mark Wilson writes: Mozilla and Yahoo have started a legal spat about the deal that existed between the two companies regarding the use of the Yahoo search engine in the Firefox browser. On December 1, Yahoo fired the first shot filing a complaint that alleges Mozilla breached a contract that existed between the two companies by terminating the arrangement early. In a counter complaint, Mozilla says that it was not only justified in terminating the contract early, but that Yahoo Holdings and Oath still have a bill that needs to be settled.
The Almighty Buck

'We Could Fund a Universal Basic Income With the Data We Give Away To Facebook and Google' (thenextweb.com) 583

Tristan Greene reports via The Next Web: A universal basic income (UBI), wherein government provides a monthly stipend so citizens can afford a home and basic necessities, is something experts believe would directly address the issue of unemployment and poverty, and possibly even eliminate hundreds of other welfare programs. It may also be the only real solution to the impending automation bonanza. According to AI expert Steve Fuller, the problem is, giving people money when they lose jobs won't fix the issue, it's a temporary solution and we need permanent ones. Sounds fair, and he even has some ideas on how to accomplish this end: "We could hold Google and Facebook and all those big multinationals accountable; we could make sure that people, like those who are currently 'voluntarily' contributing their data to pump up companies' profits, are given something that is adequate to support their livelihoods in exchange."

It's an interesting idea, but difficult to imagine it's implementation. If the government isn't assigning a specific stipend value, we'll have to be compensated individually by companies. One way to do this, is by emulating the old coal mining company scrip scams of early last century. Employees working for companies would be paid in currency only redeemable at the company store. This basically created a system where a company could tax its own workers for profit. Google, for example, could use a system like that and say "opt-in for $10 worth of Google Play music for free," if they wanted to. Which doesn't help pay the bills when machines replace you at work, but at least you'll be able to voice search for your favorite songs. Another idea is to charge companies an automation tax, but again there's concerns as to how this would be implemented. A solution that combines government oversight with a tax on AI companies -- a UBI funded by the dividends of our data -- may be the best option. To be blunt: we should make Google, Microsoft, Facebook and other such AI companies pay for it with a simple data tax.

Encryption

US Says It Doesn't Need a Court Order To Ask Tech Companies To Build Encryption Backdoors (gizmodo.com) 248

schwit1 shares a report from Gizmodo: According to statements from July released this weekend, intelligence officials told members of the Senate Intelligence Committee that there's no need for them to approach courts before requesting a tech company help willfully -- though they can always resort to obtaining a Foreign Intelligence Surveillance Court order if the company refuses. The documents show officials testified they had never needed to obtain such an FISC order, though they declined to tell the committee whether they had "ever asked a company to add an encryption backdoor," per ZDNet. Other reporting has suggested the FISC has the power to authorize government personnel to compel such technical assistance without even notifying the FISC of what exactly is required. Section 702 of the Foreign Intelligence Surveillance Act gives authorities additional powers to compel service providers to build backdoors into their products.
Bitcoin

Feds Shut Down Allegedly Fraudulent Cryptocurrency Offering (arstechnica.com) 47

An anonymous reader quotes a report from Ars Technica: The Securities and Exchange Commission on Monday announced that it was taking action against an initial coin offering (ICO) that the SEC alleges is fraudulent. The announcement represents the first enforcement action by the SEC's recently created cyber fraud unit. In July, the agency fired a warning shot. It announced that a 2016 fundraising campaign had run afoul of securities law, but that the SEC would decline to prosecute those responsible. The hope was to get the cryptocurrency world to take securities laws more seriously without doing anything drastic. Now the SEC is taking the next step by prosecuting what it considers to be one of the most egregious scams in the ICO world. The SEC's complaint, filed in federal court in New York, is against Dominic Lacroix, whom the SEC describes as a "recidivist securities law violator." The SEC considers Lacroix's cryptocurrency project, PlexCoin, to be a "fast-moving Initial Coin Offering (ICO) fraud that raised up to $15 million from thousands of investors since August by falsely promising a 13-fold profit in less than a month." The PlexCoin website has a hilariously vague description of this supposedly revolutionary cryptocurrency. "The PlexCoin's new revolutionary operating structure is safer and much easier to use than any other current cryptocurrency," the site proclaims. "One of the many features of PlexBank will be to secure your cryptocurrency from market variation, which is highly volatile, and invest your money in a place where you can get interesting guaranteed returns." According to Ars, "The SEC isn't impressed and is arguing that PlexCoin has 'all of the characteristics of a full-fledged cyber scam.' The agency is seeking to freeze the assets of the PlexCoin project in hopes of getting investors' funds back to them."
Canada

ISPs and Movie Industry Prepare Canadian Pirate Site Blocking Deal (torrentfreak.com) 86

An anonymous reader quotes a report from TorrentFreak: A coalition of movie industry companies and ISPs, including Bell, Rogers, and Cineplex are discussing a proposal to implement a plan to allow for website blockades without judicial oversight. The Canadian blocklist would be maintained by a new non-profit organization called "Internet Piracy Review Agency" (IPRA) and enforced through the CTRC, Canadaland reports. The plan doesn't come as a total surprise as Bell alluded to a nationwide blocking mechanism during a recent Government hearing. What becomes clear from the new plans, however, is that the telco is not alone. The new proposal is being discussed by various stakeholders including ISPs and local movie companies. As in other countries, major American movie companies are also in the loop, but they will not be listed as official applicants when the plan is submitted to the CRTC. Canadian law professor Micheal Geist is very critical of the plans. Although the proposal would only cover sites that "blatantly, overwhelmingly or structurally" engage in or facilitate copyright infringement, this can be a blurry line.

"Recent history suggests that the list will quickly grow to cover tougher judgment calls. For example, Bell has targeted TVAddons, a site that contains considerable non-infringing content," Geist notes. "It can be expected that many other sites disliked by rights holders or broadcasters would find their way onto the block list," he adds. While the full list of applicants is not ready yet, it is expected that the coalition will file its proposal to the CRTC before the end of the month.

Privacy

Germany Preparing Law for Backdoors in Any Type of Modern Device (bleepingcomputer.com) 251

Catalin Cimpanu, writing for BleepingComputer: German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations. The law would target all modern devices, such as cars, phones, computers, IoT products, and more. Officials are expected to submit their proposed law for debate this week, according to local news outlet RedaktionsNetzwerk Deutschland (RND). The man supporting this proposal is Thomas de Maiziere, Germany's Interior Minister, who cites the difficulty law enforcement agents have had in past months investigating the recent surge of terrorist attacks and other crimes.
Privacy

Trump Is Looking at Plans For a Global Network of Private Spies (vice.com) 481

David Gilbert, writing for Vice: The White House is reportedly looking at a proposal to create a ghost network of private spies in hostile countries -- a way of bypassing the intelligence community's "deep state," which Donald Trump believes is a threat to his administration. The network would report directly to the president and CIA Director Mike Pompeo, and would be developed by Blackwater founder Erik Prince, according to multiple current and former officials speaking to The Intercept. "Pompeo can't trust the CIA bureaucracy, so we need to create this thing that reports just directly to him," a former senior U.S. intelligence official with firsthand knowledge of the proposals told the website. Described as "totally off the books," the network would be run by intelligence contractor Amyntor Group and would not share any data with the traditional intelligence community.
Security

A Popular Virtual Keyboard App Leaks 31 Million Users' Personal Data (zdnet.com) 65

Zack Whittaker, writing for ZDNet: Personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app's developer failed to secure the database's server. The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalizable on-screen keyboard, which boasts more than 40 million users across the world. But the server wasn't protected with a password, allowing anyone to access the company's database of user records, totaling more than 577 gigabytes of sensitive data. The database appears to only contain records on the app's Android users.
Businesses

Gizmodo: Don't Buy Anyone an Amazon Echo Speaker (gizmodo.com) 257

Adam Clark Estes, writing for Gizmodo: Three years ago, we said the Echo was "the most innovative device Amazon's made in years." That's still true. But you shouldn't buy one. You shouldn't buy one for your family. [...] Your family members do not need an Amazon Echo or a Google Home or an AppleHomePod or whatever that one smart speaker that uses Cortana is called. And you don't either. You only want one because every single gadget-slinger on the planet is marketing them to you as an all-new, life-changing device that could turn your kitchen into a futuristic voice-controlled paradise. You probably think that having an always-on microphone in your home is fine, and furthermore, tech companies only record and store snippets of your most intimate conversations. No big deal, you tell yourself. Actually, it is a big deal. The newfound privacy conundrum presented by installing a device that can literally listen to everything you're saying represents a chilling new development in the age of internet-connected things. By buying a smart speaker, you're effectively paying money to let a huge tech company surveil you. And I don't mean to sound overly cynical about this, either. Amazon, Google, Apple, and others say that their devices aren't spying on unsuspecting families. The only problem is that these gadgets are both hackable and prone to bugs.
The Courts

State Board Concedes It Violated Free Speech Rights of Oregon Man Fined For Writing 'I Am An Engineer' (oregonlive.com) 178

According to Oregon Live, "A state panel violated a Beaverton man's free speech rights by claiming he had unlawfully used the title 'engineer' and by fining him when he repeatedly challenged Oregon's traffic-signal timing before local media and policymakers, Oregon's attorney general has ruled." From the report: Oregon's Board of Examiners for Engineering and Land Surveying unconstitutionally applied state law governing engineering practice to Mats Jarlstrom when he exercised his free speech about traffic lights and described himself as an engineer since he was doing so "in a noncommercial'' setting and not soliciting professional business, the state Department of Justice has conceded. "We have admitted to violating Mr. Jarlstrom's rights,'' said Christina L. Beatty-Walters, senior assistant attorney general, in federal court Monday. The state's regulation of Jarlstrom under engineering practice law "was not narrowly tailored to any compelling state interests,'' she wrote in court papers. The state has pledged the board will not pursue the Beaverton man any further when he's not acting in a commercial or professional manner, and on Monday urged a federal judge to dismiss the case. The state also sent a $500 check to Jarlstrom in August, reimbursing him for the state fine.

Jarlstrom and his lawyers argued that's not good enough. They contend Jarlstrom isn't alone in getting snared by the state board's aggressive and "overbroad'' interpretation of state law. They contend others have been investigated improperly and want the court to look broader at the state law and its administrative rules and declare them unconstitutional. In the alternative, the state law should be restricted to only regulating engineering communications that are made as part of paid employment or a contractual agreement.

Censorship

Cloudflare's CEO Has a Plan To Never Censor Hate Speech Again (arstechnica.com) 393

"Cloudflare CEO Matthew Prince hated cutting off service to the infamous neo-Nazi site the Daily Stormer in August," reports Ars Technica. "And he's determined not to do it again. 'I'm almost a free-speech absolutist.' Prince said at an event at the New America Foundation last Wednesday. But in a subsequent interview with Ars, Prince argued that in the case of the Daily Stormer, the company didn't have much choice." From the report: Prince's response was to cut Daily Stormer off while laying the groundwork to make sure he'd never have to make a decision like that again. In a remarkable company-wide email sent shortly after the decision, Prince described his own actions as "arbitrary" and "dangerous." "I woke up this morning in a bad mood and decided to kick them off the Internet," Prince wrote in August. "It was a decision I could make because I'm the CEO of a major Internet infrastructure company." He argued that "it's important that what we did today not set a precedent." Prior to August, Cloudflare had consistently refused to police content published by its customers. Last week, Prince made a swing through DC to help ensure that the Daily Stormer decision does not, in fact, set a precedent. He met with officials from the Federal Communications Commission and with researchers at the libertarian Cato Institute and the left-of-center New America Foundation -- all in an effort to ensure that he'd have the political cover he needed to say no next time he came under pressure to take down controversial content.

The law is strongly on Cloudflare's side here. Internet infrastructure providers like Cloudflare have broad legal immunity for content created by their customers. But legal rights may not matter if Cloudflare comes under pressure from customers to take down content. And that's why Prince is working to cultivate a social consensus that infrastructure providers like Cloudflare should not be in the censorship business -- no matter how offensive its customers' content might be.

Piracy

Gamer Streams Pay-Per-View UFC Fight By Pretending To Play It (theverge.com) 75

WheezyJoe writes: A pay-per-view UFC Match was streamed in its entirety on Twitch and other platforms by a gamer pretending he was "playing" the fight as a game. The gamer, AJ Lester, appearing in the corner of the image holding his game controller, made off like he was controlling the action of the "game" when in fact he was re-broadcasting the fight for free. A tweet showing Lester's antics went viral with over 63,000 retweets and 140,000 likes at the time of publication. Another clip shows him reacting wildly yelling "oooooooooooooooh!!!" and "damnnnnnn!" in response to the match.
Piracy

Not Even Free TV Can Get People To Stop Pirating Movies and TV Shows (qz.com) 221

An anonymous reader quotes a report from Quartz: Since the internet made it easier to illegally download and stream movies and TV shows, Hollywood struggled with people pirating its works online. About $5.5 billion in revenue was lost to piracy globally last year, Digital TV Research found (pdf), and it's expected to approach $10 billion by 2022. Streaming-video services like Netflix and Hulu have made it more affordable to access a wide-range of titles from different TV networks and movie studios. But the availability of cheap content online has done little to curb piracy, according to research published in Management Science (paywall) last month. Customers who were offered free subscriptions to a video-on-demand package (SVOD) were just as likely to turn to piracy to find programming as those without the offering, researchers at Catolica Lisbon School of Business & Economics and Carnegie Mellon University found.

The researchers partnered with an unnamed internet-service provider -- in a region they chose not to disclose -- to offer customers who were already prone to piracy an on-demand package for free for 45 days. About 10,000 households participated in the study, and about half were given the free service. The on-demand service was packaged like Netflix or Hulu in layout, appearance, and scope of programming, but was delivered through a TV set-top box. It had a personalized recommendation engine that surfaced popular programming based on what those customers were already watching illegally through BitTorrent logs, which were obtained from a third-party firm. The study found that while the participants watched 4.6% more TV overall when they had the free on-demand service, they did not stop using BitTorrent to pirate movies and TV shows that were not included in the offering.

Security

PayPal Says 1.6 Million Customer Details Stolen In Breach At Canadian Subsidiary (bleepingcomputer.com) 24

New submitter Kargan shares a report from BleepingComputer: PayPal says that one of the companies it recently acquired suffered a security incident during which an attacker appears to have accessed servers that stored information for 1.6 million customers. The victim of the security breach is TIO Networks, a Canadian company that runs a network of over 60,000 utility and bills payment kiosks across North America. PayPal acquired TIO Networks this past July for $238 million in cash. PayPal reportedly suspended the operations of TIO's network on November 10th. "PayPal says the intruder(s) got access to the personal information of both TIO customers and customers of TIO billers," reports BleepingComputer. "The company did not reveal what type of information the attacker accessed, but since this is a payment system, attackers most likely obtained both personally-identifiable information (PII) and financial details." The company has started notifying customers and is offering free credit monitoring memberships.
The Internet

FCC Won't Delay Vote, Says Net Neutrality Supporters Are 'Desperate' (arstechnica.com) 347

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission will move ahead with its vote to kill net neutrality rules next week despite an unresolved court case that could strip away even more consumer protections. FCC Chairman Ajit Pai says that net neutrality rules aren't needed because the Federal Trade Commission can protect consumers from broadband providers. But a pending court case involving AT&T could strip the FTC of its regulatory authority over AT&T and similar ISPs. A few dozen consumer advocacy groups and the City of New York urged Pai to delay the net neutrality-killing vote in a letter today. If the FCC eliminates its rules and the court case goes AT&T's way, there would be a "'regulatory gap' that would leave consumers utterly unprotected," the letter said. When contacted by Ars, Pai's office issued this statement in response to the letter: "This is just evidence that supporters of heavy-handed Internet regulations are becoming more desperate by the day as their effort to defeat Chairman Pai's plan to restore Internet freedom has stalled. The vote will proceed as scheduled on December 14."
Censorship

Apple, Google CEOs Bring Star Power as China Promotes Censorship (bloomberg.com) 38

An anonymous reader shares a Bloomberg report: Apple's Tim Cook and Google's Sundar Pichai made their first appearances at China's World Internet Conference, bringing star power to a gathering the Chinese government uses to promote its strategy of tight controls online. Apple's chief executive officer gave a surprise keynote at the opening ceremony on Sunday, calling for future internet and AI technologies to be infused with privacy, security and humanity. The same day, one of China's most-senior officials called for more aggressive government involvement online to combat terrorism and criminals. Wang Huning, one of seven men on China's top decision-making body, even called for a global response team to go well beyond its borders. It was Cook's second appearance in China in two months, following a meeting with President Xi Jinping in October. The iPhone maker has most of its products manufactured in the country and is trying to regain market share in smartphones against local competitors such as Huawei. "The theme of this conference -- developing a digital economy for openness and shared benefits -- is a vision we at Apple share," Cook said. "We are proud to have worked alongside many of our partners in China to help build a community that will join a common future in cyberspace."
Iphone

Should Apple Share iPhone X Face Data With App Developers? (washingtonpost.com) 66

The Washington Post ran a technology column asking what happens "when the face-mapping tech that powers the iPhone X's cutesy 'Animoji' starts being used for creepier purposes." It's not just that the iPhone X scans 30,000 points on your face to make a 3D model. Though Apple stores that data securely on the phone, instead of sending it to its servers over the Internet, "Apple just started sharing your face with lots of apps." Although their columnist praises Apple's own commitment to privacy, "I also think Apple rushed into sharing face maps with app makers that may not share its commitment, and it isn't being paranoid enough about the minefield it just entered." "I think we should be quite worried," said Jay Stanley, a senior policy analyst at the American Civil Liberties Union. "The chances we are going to see mischief around facial data is pretty high -- if not today, then soon -- if not on Apple then on Android." Apple's face tech sets some good precedents -- and some bad ones... Less noticed was how the iPhone lets other apps now tap into two eerie views from the so-called TrueDepth camera. There's a wireframe representation of your face and a live read-out of 52 unique micro-movements in your eyelids, mouth and other features. Apps can store that data on their own computers.

To see for yourself, use an iPhone X to download an app called MeasureKit. It exposes the face data Apple makes available. The app's maker, Rinat Khanov, tells me he's already planning to add a feature that lets you export a model of your face so you can 3D print a mini-me. "Holy cow, why is this data available to any developer that just agrees to a bunch of contracts?" said Fatemeh Khatibloo, an analyst at Forrester Research.

"From years of covering tech, I've learned this much," the article concludes. "Given the opportunity to be creepy, someone will take it."
Botnet

How 'Grinch Bots' Are Ruining Online Christmas Shopping (nypost.com) 283

Yes, U.S. Senator Chuck Schumer actually called them "Grinch bots." From the New York Post: The senator said as soon as a retailer puts a hard-to-get toy -- like Barbie's Dreamhouse or Nintendo game systems -- for sale on a website, a bot can snatch it up even before a kid's parents finish entering their credit card information... "Bots come in and buy up all the toys and then charge ludicrous prices amidst the holiday shopping bustle," the New York Democrat said on Sunday... For example, Schumer said, the popular Fingerlings -- a set of interactive baby monkey figurines that usually sell for around $15 -- are being snagged by the scalping software and resold on secondary websites for as much as $1,000 a pop...

In December 2016, Congress passed the Better Online Ticket Sales (BOTS) Act, which Schumer sponsored, to crack down on their use to buy concert tickets, but the measure doesn't apply to other consumer products. He wants that law expanded but knows that won't happen in time for this holiday season. In the meantime, Schumer wants the National Retail Federation and the Retail Industry Leaders Association to block the bots and lead the effort to stop them from buying toys at fair retail prices and then reselling them at outrageous markups.

Intel

Dell Begins Offering Laptops With Intel's 'Management Engine' Disabled (liliputing.com) 140

An anonymous reader quotes Liliputing.com Linux computer vendor System76 announced this week that it will roll out a firmware update to disable Intel Management Engine on laptops sold in the past few years. Purism will also disable Intel Management Engine on computers it sells moving forward. Those two computer companies are pretty small players in the multi-billion dollar PC industry. But it turns out one of the world's largest PC companies is also offering customers the option of buying a computer with Intel Management Engine disabled.

At least three Dell computers can be configured with an "Intel vPro -- ME Inoperable, Custom Order" option, although you'll have to pay a little extra for those configurations... While Intel doesn't officially provide an option to disable its Management Engine, independent security researchers have discovered methods for doing that and we're starting to see PC makers make use of those methods.

The option appears to be available on most of Dell's Latitude laptops (from the 12- to 15-inch screens), including the 7480, 5480, and 5580 and the Latitude 14 5000 Series (as well as several "Rugged" and "Rugged Extreme" models).

Dell is charging anywhere from $20.92 to $40 to disable Intel's Management Engine.
Education

Massive Financial Aid Data Breach Proves Stanford Lied For Years To MBAs (poetsandquants.com) 115

14 terabytes of "highly confidential" data about 5,120 financial aid applications over seven years were exposed in a breach at Stanford's Graduate School of Business -- proving that the school "misled thousands of applicants and donors about the way it distributes fellowship aid and financial assistance to its MBA students," reports Poets&Quants. The information was unearthed by a current MBA student, Adam Allcock, in February of this year from a shared network directory accessible to any student, faculty member or staffer of the business school. In the same month, on Feb. 23, the student reported the breach to Jack Edwards, director of financial aid, and the records were removed within an hour of his meeting with Edwards. Allcock, however, says he spent 1,500 hours analyzing the data and compiling an 88-page report on it...

Allcock's discovery that more money is being used by Stanford to entice the best students with financial backgrounds suggests an admissions strategy that helps the school achieve the highest starting compensation packages of any MBA program in the world. That is largely because prior work experience in finance is generally required to land jobs in the most lucrative finance fields in private equity, venture capital and hedge funds.

Half the school's students are awarded financial aid, and though Stanford always insisted it was awarded based only on need, the report concluded the school had been "lying to their faces" for more than a decade, also identifying evidece of "systemic biases against international students."

Besides the embarrassing exposure of their financial aid policies, there's another obvious lesson, writes Slashdot reader twentysixV. "It's actually way too easy for users to improperly secure their files in a shared file system, especially if the users aren't particularly familiar with security settings." Especially since Friday the university also reported another university-wide file-sharing platform had exposed "a variety of information from several campus offices, including Clery Act reports of sexual violence and some confidential student disciplinary information from six to 10 years ago."
Businesses

Shouting 'Pay Your Taxes', Activists Occupy Apple Stores in France (marketwatch.com) 233

An anonymous reader quotes MarketWatch: A group of global activists stormed and occupied several Apple Stores in France on Saturday in a move aimed at pressuring the company to pay up on a €13 billion ($15.5 billion) tax bill to the European Union. In a press release, the France unit of the Association for the Taxation of Financial Transactions and Citizen's Action organization (Attac), said 100 of its members occupied the Opera Apple Store in Paris, demanding the company pay its taxes... Attac said dozens of protests were organized at other Apple store locations throughout France on Saturday. In the Paris store, activists were seen via videos circulating on Twitter, pushing past security and hanging a banner that said "We will stop when Apple pays." Security in Paris reportedly evacuated Apple workers from the building as those protests began.
After three hours they left the store -- leaving behind protest messages on the iPads on display. The group claims that Apple has stashed $230 billion in tax havens around the world, but also hopes to raise awareness about other issues.

"Attac said the action was part of the #PhoneRevolt movement aimed at highlighting unfair practices by Apple, that are not just about taxes, but also pollution via extraction of metals for its phones, worker exploitation and driving a global consumption binge."
The Courts

Free Game Company Sues 14-Year-Old Over 'Cheats' Video -- Claiming DMCA Violation (bbc.co.uk) 237

Bizzeh shared this report from the BBC: A mother has written a letter in defense of her 14-year-old son who is facing a lawsuit over video game cheats in the US. Caleb Rogers is one of two people facing legal action from gaming studio Epic Games for using cheat software to play the free game Fortnite. The studio says it has taken the step because the boy declined to remove a YouTube video he published which promoted how to use the software... "This company is in the process of attempting to sue a 14-year-old child," she wrote in the letter which has been shared online by the news site Torrentfreak.

Ms. Rogers added that she had not given her son parental consent to play the game as stated in its terms and conditions, and that as the game was free to play the studio could not claim loss of profit as a result of the cheats... In a statement given to the website Kotaku, Epic Games said the lawsuit was a result of Mr. Rogers "filing a DMCA counterclaim to a takedown notice on a YouTube video that exposed and promoted Fortnite Battle Royale cheats and exploits... Epic is not OK with ongoing cheating or copyright infringement from anyone at any age," it said.

Cory Doctorow counters that the 14-year-old "correctly asserted that there was no copyright infringement here. Videos that capture small snippets of a videogame do not violate that game creator's copyrights, because they are fair use..."
Transportation

Drone Pilot Arrested After Flying Over Two Stadiums, Dropping Leaflets (cbslocal.com) 108

"A man with an anti-media agenda was arrested in Oakland after he flew a drone over two different stadiums to drop leaflets" last Sunday, writes Slashdot reader execthis. A local CBS station reports: According to investigators, [55-year-old Tracy] Mapes piloted his drone over Levi's Stadium during the second quarter of the 49ers-Seattle game and released a load of pamphlets. He then quickly landed the drone, loaded it up and drove over to Oakland. He flew a similar mission over the Raiders-Broncos game. Santa Clara Police Lt. Dan Moreno said after Mapes was apprehended he defended the illegal action as a form of free speech.
USA Today reports there's now also an ongoing federal investigation "because the Federal Aviation Administration prohibits the flying of drones within five miles of an airport. Both Levi's Stadium and Oakland Coliseum are within that range."

"The San Francisco Chronicle added that the drone was a relatively ineffective messenger because 'most of the drone-dropped leaflets were carried away by the wind.'"
Communications

Volunteers Around the World Build Surveillance-Free Cellular Network Called 'Sopranica' (vice.com) 77

dmoberhaus writes: Motherboard's Daniel Oberhaus spoke to Denver Gingerich, the programmer behind Sopranica, a DIY, community-oriented cell phone network. "Sopranica is a project intended to replace all aspects of the existing cell phone network with their freedom-respecting equivalents," says Gingerich. "Taking out all the basement firmware on the cellphone, the towers that track your location, the payment methods that track who you are and who owns the number, and replacing it so we can have the same functionality without having to give up all the privacy that we have to give up right now. At a high level, it's about running community networks instead of having companies control the cell towers that we connect to." Motherboard interviews Gingerich and shows you how to use the network to avoid cell surveillance. According to Motherboard, all you need to do to join Sopranica is "create a free and anonymous Jabber ID, which is like an email address." Jabber is slang for a secure instant messaging protocol called XMPP that let's you communicate over voice and text from an anonymous phone number. "Next, you need to install a Jabber app on your phone," reports Motherboard. "You'll also need to install a Session Initiation Protocol (SIP) app, which allows your phone to make calls and send texts over the internet instead of the regular cellular network." Lastly, you need to get your phone number, which you can do by navigating to Sopranica's JMP website. (JMP is the code, which was published by Gingerich in January, and "first part of Sopranica.") "These phone numbers are generated by Sopranica's Voice Over IP (VOIP) provider which provides talk and text services over the internet. Click whichever number you want to be your new number on the Sopranica network and enter your Jabber ID. A confirmation code should be sent to your phone and will appear in your Jabber app." As for how JMP protects against surveillance, Gingerich says, "If you're communicating with someone using your JMP number, your cell carrier doesn't actually know what your JMP number is because that's going over data and it's encrypted. So they don't know that that communication is happening."
Government

Tesla Proves To Be Too Pricey For Germany, Loses Tax Subsidies (reuters.com) 121

Tesla has been removed from Germany's list of electric cars eligible for subsidies because its Model S sedan is too expensive for the scheme. Tesla customers cannot order the Model S base version without extra features that pushed the car above the 60,000 euro ($71,500) price limit, a spokesman for the German Federal Office for Economic Affairs and Export Controls (BAFA) said on Friday. From the report: Germany last year launched the incentive scheme worth about 1 billion euros, partly financed by the German car industry, to boost electric car usage. A price cap was included to exempt premium models. "This is a completely false accusation. Anyone in Germany can order a Tesla Model S base version without the comfort package, and we have delivered such cars to customers," Tesla said in a statement. The carmaker said the upper price limit was initially set by the German government to exclude Tesla, but later a compromise was reached "that allows Tesla to sell a low option vehicle that qualifies for the incentive and customers can subsequently upgrade if they wish." It said, however, it would investigate whether any car buyers were denied the no-frills version. Under the subsidy scheme, buyers get 4,000 euros off their all-electric vehicle purchase and 3,000 euros off plug-in hybrids.
Bitcoin

Blockchains Are Poised To End the Password Era (technologyreview.com) 129

schwit1 shares a report from MIT Technology Review: Blockchain technology can eliminate the need for companies and other organizations to maintain centralized repositories of identifying information, and users can gain permanent control over who can access their data (hence "self-sovereign"), says Drummond Reed, chief trust officer at Evernym, a startup that's developing a blockchain network specifically for managing digital identities. Self-sovereign identity systems rely on public-key cryptography, the same kind that blockchain networks use to validate transactions. Although it's been around for decades, the technology has thus far proved difficult to implement for consumer applications. But the popularity of cryptocurrencies has inspired fresh commercial interest in making it more user-friendly.

Public-key cryptography relies on pairs of keys, one public and one private, which are used to authenticate users and verify their encrypted transactions. Bitcoin users are represented on the blockchain by strings of characters called addresses, which are derived from their public keys. The "wallet" applications they use to hold and exchange digital coins are essentially management systems for their private keys. Just like a real wallet, they can also hold credentials that serve as proof of identification, says Reed. Using a smartphone or some other device, a person could use a wallet-like application to manage access to these credentials. But will regular consumers buy in? Technologists will need to create a form factor and user experience compelling enough to convince them to abandon their familiar usernames and passwords, says Meltem Demirors, development director at Digital Currency Group, an investment firm that funds blockchain companies. The task calls for reinforcements, she says: "The geeks are working on it right now, but we need the designers, we need the sociologists, and we need people who study ethics of technology to participate."

Businesses

Homeland Security Claims DJI Drones Are Spying For China (engadget.com) 82

A memo from the Los Angeles office of the Immigration and Customs Enforcement bureau (ICE) says that the officials assess "with moderate confidence that Chinese-based company DJI Science and Technology is providing U.S. critical infrastructure and law enforcement data to the Chinese government." It also says that the information is based on "open source reporting and a reliable source within the unmanned aerial systems industry with first and secondhand access." Engadget reports: Part of the memo focuses on targets that the LA ICE office believes to be of interest to DJI. "DJI's criteria for selecting accounts to target appears to focus on the account holder's ability to disrupt critical infrastructure," it said. The memo goes on to say that DJI is particularly interested in infrastructure like railroads and utilities, companies that provide drinking water as well as weapon storage facilities. The LA ICE office concludes that it, "assesses with high confidence the critical infrastructure and law enforcement entities using DJI systems are collecting sensitive intelligence that the Chinese government could use to conduct physical or cyber attacks against the United States and its population." The accusation that DJI is using its drones to spy on the US and scope out particular facilities for the Chinese government seems pretty wacky and the company itself told the New York Times that the memo was "based on clearly false and misleading claims."
The Internet

Was Your Name Stolen To Support Killing Net Neutrality? (dslreports.com) 128

An anonymous reader quotes a report from DSLReports: New York Attorney General Eric Schneiderman has launched a new tool for users interested in knowing whether their identity was stolen and used to fraudulently support the FCC's attack on popular net neutrality rules. The NY AG's office announced earlier this month that it was investigating identity theft and comment fraud during the FCC's public comment period. Researchers have noted repeatedly how "someone" used a bot to fill the comment proceeding with bogus support for the FCC plan, with many of the names being those of folks who'd never heard of net neutrality -- or were even dead. The new AG tool streamlines the act of searching the FCC proceeding for comments filed falsely in your name, and lets you contribute your findings to the AG's ongoing investigation into identity theft.

"Such conduct likely violates state law -- yet the FCC has refused multiple requests for crucial evidence in its sole possession that is vital to permit that law enforcement investigation to proceed," noted Schneiderman. "We reached out for assistance to multiple top FCC officials, including you, three successive acting FCC General Counsels, and the FCC's Inspector General. We offered to keep the requested records confidential, as we had done when my office and the FCC shared information and documents as part of past investigative work." "Yet we have received no substantive response to our investigative requests," stated the AG. "None." As such, the AG is taking its fight to the public itself.

Piracy

Netflix Is Not Going to Kill Piracy, Research Suggests (torrentfreak.com) 158

Even as more people than ever are tuning to Netflix, Hulu, Amazon Prime and other streaming services to look, piracy too continues to thrive, a research suggests. An anonymous reader shares a report: Intrigued by this interplay of legal and unauthorized viewing, researchers from Carnegie Mellon University and Universidade Catolica Portuguesa carried out an extensive study. They partnered with a major telco, which is not named, to analyze if BitTorrent downloading habits can be changed by offering legal alternatives. The researchers used a piracy-tracking firm to get a sample of thousands of BitTorrent pirates at the associated ISP. Half of them were offered a free 45-day subscription to a premium TV and movies package, allowing them to watch popular content on demand. To measure the effects of video-on-demand access on piracy, the researchers then monitored the legal viewing activity and BitTorrent transfers of the people who received the free offer, comparing it to a control group. The results show that piracy is harder to beat than some would expect. Subscribers who received the free subscription watched more TV, but overall their torrenting habits didn't change significantly. "We find that, on average, households that received the gift increased overall TV consumption by 4.6% and reduced Internet downloads and uploads by 4.2% and 4.5%, respectively. However, and also on average, treated households did not change their likelihood of using BitTorrent during the experiment," the researchers write.
United States

House Panel Advances Bill on Key Surveillance Measure (axios.com) 70

The House Intelligence Committee approved a bill Friday along party lines that would reauthorize a central surveillance law, the Washington Post reports. From a report: It does change the law -- known as Section 702 -- but doesn't satisfy surveillance reform advocates, including in the tech industry. The law is used to authorize the surveillance of electronic communications by foreign nationals abroad, but advocates worry about the programs picking up communications involving Americans as well.
Businesses

Disney Sues Redbox, Hoping To Block Digital Movie Sales (marketwatch.com) 285

phalse phace writes: About 1 month ago, Redbox started selling through their kiosks slips of paper with codes on them that lets the buyer download a digital copy of a Disney movie.But Disney says that's a no-no and this week it sued Redbox in an attempt to stop the code sales. According to Marketwatch: "Walt Disney sued Redbox on Thursday in an attempt to stop the DVD rental company from selling digital copies of its movies. Privately held Redbox last month began offering consumers codes they can use to download a digital copy of a Disney movie. Redbox charges between $7.99 and $14.99 for slips of paper with the codes to download Disney films such as "Cars 3" and "Star Wars: The Force Awakens." That is less than those movies cost to buy and download from Apple's iTunes Store. Redbox is only offering digital copies of Disney movies because it doesn't have a distribution arrangement with the studio and buys retail copies of its discs to rent to customers. Those retail DVDs come with digital download codes."
Government

Democrat Senators Introduce National Data Breach Notification Law (cyberscoop.com) 160

New submitter unarmed8 shares a report from CyberScoop: Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports that Uber paid $100,000 to cover up a 2016 data breach that affected 57 million users. The scope of what kind of data breach falls under this is limited. For instance, if only a last name, address or phone number is breached, the law would not apply. If an organization "reasonably concludes that there is no reasonable risk of identity theft, fraud, or other unlawful conduct," the incident is considered exempt from the legislation.

"We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers," Sen. Bill Nelson, D-Fla., said in a statement. "Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what's best for consumers, the choice is clear."

Intel

System76 Will Disable Intel Management Engine On Its Linux Laptops (liliputing.com) 148

System76 is rolling out a firmware update for its recent laptops that will disable the Intel Management Engine altogether. The decision comes after a major security vulnerability was discovered that would allow an attacker with local access to execute arbitrary code. Liliputing reports: What's noteworthy in the System76 announcement is that the PC maker isn't just planning to disable Intel ME in computers that ship from now on. The company will send out an update that disables it on existing computers with 6th, 7th, or 8th-gen Intel Core processors. System76 also notes that Intel ME "provides no functionality for System76 laptop customers and is safe to disable." Right now the firmware update will only be available for computers running Ubuntu 16.04 or later or a related operating system with the System76 driver. But the company says it's working on developing a command line tool that should work on laptops running other GNU/Linux-based operating systems. System76 says it will also release an update for its desktop computers... but on those machines the update will patch the security vulnerability rather than disabling Intel ME altogether.
Communications

Australian Man Uses Snack Bags As Faraday Cage To Block Tracking By Employer (arstechnica.com) 193

An anonymous reader quotes a report from Ars Technica: A 60-year-old electrician in Perth, Western Australia had his termination upheld by a labor grievance commission when it was determined he had been abusing his position and technical knowledge to squeeze in some recreation during working hours. Tom Colella used mylar snack bags to block GPS tracking via his employer-assigned personal digital assistant to go out to play a round of golf -- more than 140 times -- while he reported he was offsite performing repairs.

In his finding against Colella, Australia Fair Work Commissioner Bernie Riordan wrote: "I have taken into account that Mr Colella openly stored his PDA device in an empty foil 'Twisties' bag. As an experienced electrician, Mr Colella knew that this bag would work as a faraday cage, thereby preventing the PDA from working properly -- especially the provision of regular GPS co-ordinate updates Mr. Colella went out of his way to hide his whereabouts. He was concerned about Aroona tracking him when the Company introduced the PDA into the workplace. He protested about Aroona having this information at that time. Mr Colella then went out of his way to inhibit the functionality of the PDA by placing it in a foil bag to create a faraday cage."

Facebook

Facebook Judge Frowns on Bid To Toss Biometric Face Print Suit (bloomberg.com) 39

Facebook faced a skeptical judge over its second request to get out of a lawsuit alleging its photo scanning technology flouts users' privacy rights. From a report: "The right to say no is a valuable commodity," U.S. District Judge James Donato said Thursday during a hearing in San Francisco. The case concerns the "most personal aspects of your life: your face, your fingers, who you are to the world." The owner of the world's largest social network faces claims that it violated the privacy of millions of users by gathering and storing biometric data without their consent. Alphabet's Google is fighting similar claims in federal court in Chicago.
Medicine

An Unconscious Patient With a 'DO NOT RESUSCITATE' Tattoo (nejm.org) 454

A real-life case study, published on New England Journal of Medicine, documents the ethical dilemma that a Florida hospital faced after a 70-year-old unresponsive patient arrived at the hospital. The medical staff, the journal notes, was taken aback when it discovered the words "DO NOT RESUSCITATE" tattooed onto the man's chest. Furthermore, the word "NOT" was underlined with his signature beneath it. The patient had a history of chronic obstructive pulmonary disease, diabetes mellitus, and atrial fibrillation. Confused and alarmed, the medical staff chose to ignore the apparent DNR request -- but not without alerting the hospital's ethics team, which had a different take on the matter. From the report: We initially decided not to honor the tattoo, invoking the principle of not choosing an irreversible path when faced with uncertainty. This decision left us conflicted owing to the patient's extraordinary effort to make his presumed advance directive known; therefore, an ethics consultation was requested. He was placed on empirical antibiotics, received intravenous fluid resuscitation and vasopressors, and was treated with bilevel positive airway pressure. After reviewing the patient's case, the ethics consultants advised us to honor the patient's do not resuscitate (DNR) tattoo. They suggested that it was most reasonable to infer that the tattoo expressed an authentic preference, that what might be seen as caution could also be seen as standing on ceremony, and that the law is sometimes not nimble enough to support patient-centered care and respect for patients' best interests. A DNR order was written. Subsequently, the social work department obtained a copy of his Florida Department of Health "out-of-hospital" DNR order, which was consistent with the tattoo. The patient's clinical status deteriorated throughout the night, and he died without undergoing cardiopulmonary respiration or advanced airway management.
Google

Google Faces Lawsuit For Gathering Personal Data From Millions of iPhone Users (betanews.com) 35

Mark Wilson writes: A group going by the name Google You Owe Us is taking Google to court in the UK, complaining that the company harvested personal data from 5.4 million iPhone users. The group is led by Richard Lloyd, director of consumer group Which?, and it alleges that Google bypassed privacy settings on iPhones between June 2011 and February 2012. The lawsuit seeks compensation for those affected by what is described as a "violation of trust." Google is accused of breaching UK data protection laws, and Lloyd says that this is "one of the biggest fights of my life." Even if the case is successful, the people represented by Google You Owe Us are not expected to receive more than a few hundred pounds each, and this is not an amount that would make much of an impact on Google's coffers.
Bitcoin

Coinbase Ordered To Report 14,355 Users To the IRS (theverge.com) 141

Nearly a year after the case was initially filed, Coinbase has been ordered to turn over identifying records for all users who have bought, sold, sent, or received more than $20,000 through their accounts in a single year. The digital asset broker estimates that 14,355 users meet the government's requirements. The Verge reports: For each account, the company has been asked to provide the IRS with the user's name, birth date, address, and taxpayer ID, along with records of all account activity and any associated account statements. The result is both a definitive link to the user's identity and a comprehensive record of everything they've done with their Coinbase account, including other accounts to which they've sent money. The order is significantly narrower than the IRS's initial request, which asked for records on every single Coinbase user over the same period. That request would also have required all communications between Coinbase and the user, a measure the judge ultimately found unnecessarily comprehensive. The government made no claim of suspicion against individual users, but instead argued that the order was justified based on the discrepancy between Coinbase users and U.S. citizens reporting Bitcoin gains to the IRS.

Slashdot Top Deals