Electronic Frontier Foundation

Violating a Website's Terms of Service Is Not a Crime, Federal Court Rules (eff.org) 82

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.
The Courts

NYC Sues Oil Companies Over Climate Change (theguardian.com) 434

An anonymous reader quotes a report from The Guardian: New York City is seeking to lead the assault on both climate change and the Trump administration with a plan to divest $5 billion from fossil fuels and sue the world's most powerful oil companies over their contribution to dangerous global warming. City officials have set a goal of divesting New York's $189 billion pension funds from fossil fuel companies within five years in what they say would be "among the most significant divestment efforts in the world to date." Currently, New York City's five pension funds have about $5 billion in fossil fuel investments. New York state has already announced it is exploring how to divest from fossil fuels. New York's Mayor, Bill de Blasio, said that the city is taking the five fossil fuel firms -- BP, Exxon Mobil, Chevron, ConocoPhillips and Shell -- to federal court due to their contribution to climate change.

Court documents state that New York has suffered from flooding and erosion due to climate change and because of looming future threats it is seeking to "shift the costs of protecting the city from climate change impacts back on to the companies that have done nearly all they could to create this existential threat." The court filing claims that just 100 fossil fuel producers are responsible for nearly two-thirds of all greenhouse gas emissions since the industrial revolution, with the five targeted companies the largest contributors. The case will also point to evidence that firms such as Exxon knew of the impact of climate change for decades, only to downplay and even deny this in public.


FCC Plan To Lower Broadband Standards Is Met With 'Mobile Only Challenge' (arstechnica.com) 145

An anonymous reader quotes a report from Ars Technica: Broadband consumer advocates have launched a "Mobile Only Challenge" to show U.S. regulators that cellular data should not be considered an adequate replacement for home Internet service. The awareness campaign comes as the Federal Communications Commission is considering a change to the standard it uses to judge whether broadband is being deployed to all Americans in a reasonable and timely fashion. While FCC Chairman Ajit Pai hasn't released his final plan yet, the FCC may soon declare that America's broadband deployment problem is solved as long as everyone has access to either fast home Internet or cellular Internet service with download speeds of at least 10Mbps. That would be a change from current FCC policy, which says that everyone should have access to both mobile data and fast home Internet services such as fiber or cable.

"The FCC wants to lower broadband standards," organizers of the Mobile Only Challenge say on the campaign's website. "Pledge to spend one day in January 2018 accessing the Internet only on your mobile device to tell them that's not OK." The Mobile Only Challenge was organized by Public Knowledge, Next Century Cities, New America's Open Technology Institute, the Institute for Local Self-Reliance, the National Hispanic Media Coalition (NHMC), and other groups. Participants are encouraged to share their experiences using the #MobileOnly hashtag.

Desktops (Apple)

macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password (macrumors.com) 58

A bug report submitted on Open Radar this week reveals a security vulnerability in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password. From a report: MacRumors is able to reproduce the issue on macOS High Sierra version 10.13.2, the latest public release of the operating system, on an administrator-level account by following these steps: 1. Click on System Preferences. 2. Click on App Store. 3. Click on the padlock icon to lock it if necessary. 4. Click on the padlock icon again. 5. Enter your username and any password. 6. Click Unlock.

As mentioned in the radar, System Preferences does not accept an incorrect password with a non-administrator account. We also weren't able to unlock any other System Preferences menus with an incorrect password. We're unable to reproduce the issue on the third or fourth betas of macOS High Sierra 10.13.3, suggesting Apple has fixed the security vulnerability in the upcoming release. However, the update currently remains in testing.


WhatsApp Security Flaws Could Be Exploited To Covertly Add Members To Group Chats (iacr.org) 29

A group of crytopgraphers from Germany's Ruhr University Bochum have uncovered flaws in WhatsApp's security that compromise the instant messaging service's end-to-end encryption. WhatsApp, owned by Facebook, has over one billion active users. In a paper published last week, "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema," anyone who controls WhatsApp's servers, including company employees, can covertly add members to any group -- a claim that might not bode well with privacy enthusiasts. From the paper: The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group. Entering the group however leaves traces since this operation is listed in the graphical user interface. The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group. Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members. Additionally the WhatsApp server can forward these messages to the members individually such that a subtly chosen combination of messages can help it to cover the traces. Further reading: Wired.

Senator Wants Apple To Answer Questions on Slowing iPhones (reuters.com) 169

The chairman of a U.S. Senate committee overseeing business issues asked Apple to answer questions about its disclosure that it slowed older iPhones with flagging batteries, Reuters reported on Wednesday, citing a letter. From the report: The California-based company apologized over the issue on Dec. 28, cut battery replacement costs and said it will change its software to show users whether their phone battery is good. Senator John Thune, a Republican who chairs the Commerce, Science and Transportation Committee, said in a Jan. 9 letter to Apple Chief Executive Officer Tim Cook that "the large volume of consumer criticism leveled against the company in light of its admission suggests that there should have been better transparency."

Congress Is About To Vote On Expanding the Warrantless Surveillance of Americans (vice.com) 226

An anonymous reader quotes a report from Motherboard: On Tuesday afternoon, a handful of U.S. Representatives will convene to review an amendment that would reauthorize warrantless foreign surveillance and expand the law so that it could include American citizens. It would, in effect, legalize a surveillance practice abandoned by the NSA in 2017 in order to appease the Foreign Intelligence Surveillance Court, which found the NSA to have abused its collection capacity several times. If it passes Tuesday's review, the bill may be voted on by the U.S. House of Representatives as early as Thursday. Drafted by the House Intelligence Committee last December, the FISA Amendments Reauthorization Act of 2017 is an amendment to Section 702 of the Foreign Intelligence Surveillance Act (FISA). It is one of six different FISA-related bills under consideration by Congress at the moment, but by far the most damaging to the privacy rights of American citizens.

FISA was enacted in 1978, but Section 702, referred to by former FBI Director James Comey as the "crown jewels of the intelligence community," wasn't added until 2008. This section allows intelligence agencies to surveil any foreigner outside the U.S. without a warrant that the agency considers a target. The problem is that this often resulted in the warrantless surveillance of U.S. citizens as well due to two loopholes known as "backdoor searches" and "about collection." Backdoor search refers to a roundabout way of monitoring Americans' communications. Since intelligence agencies are able to designate any foreigner's communications as a target for surveillance, if this foreigner has communicated with an American this means this American's communications are then also considered fair game for surveillance by the agency.


'I Tried the First Phone With An In-Display Fingerprint Sensor' (theverge.com) 70

Vlad Savov from The Verge reports of his experience using the first smartphone with a fingerprint scanner built into the display: After an entire year of speculation about whether Apple or Samsung might integrate the fingerprint sensor under the display of their flagship phones, it is actually China's Vivo that has gotten there first. At CES 2018, I got to grips with the first smartphone to have this futuristic tech built in, and I was left a little bewildered by the experience. The mechanics of setting up your fingerprint on the phone and then using it to unlock the device and do things like authenticate payments are the same as with a traditional fingerprint sensor. The only difference I experienced was that the Vivo handset was slower -- both to learn the contours of my fingerprint and to unlock once I put my thumb on the on-screen fingerprint prompt -- but not so much as to be problematic. Basically, every other fingerprint sensor these days is ridiculously fast and accurate, so with this being newer tech, its slight lag feels more palpable. Vivo is using a Synaptics optical sensor called Clear ID that works by peering through the gaps between the pixels in an OLED display (LCDs wouldn't work because of their need for a backlight) and scanning your uniquely patterned epidermis. The sensor is already in mass production and should be incorporated in several flagship devices later this year.

AT&T and Comcast Finalize Court Victory Over Nashville and Google Fiber (arstechnica.com) 122

"AT&T and Comcast have solidified a court victory over the metro government in Nashville, Tennessee, nullifying a rule that was meant to help Google Fiber compete against the incumbent broadband providers," reports Ars Technica. From the report: The case involved Nashville's "One Touch Make Ready" ordinance that was supposed to give Google Fiber and other new ISPs faster access to utility poles. The ordinance let a single company make all of the necessary wire adjustments on utility poles itself instead of having to wait for incumbent providers like AT&T and Comcast to send work crews to move their own wires. But AT&T and Comcast sued the metro government to eliminate the rule and won a preliminary victory in November when a U.S. District Court judge in Tennessee nullified the rule as it applies to poles owned by AT&T and other private parties.

The next step for AT&T and Comcast was overturning the rule as it applies to poles owned by the municipal Nashville Electric Service (NES), which owns around 80 percent of the Nashville poles. AT&T and Comcast achieved that on Friday with a new ruling from U.S. District Court Judge Aleta Trauger. Nashville's One Touch Make Ready ordinance "is ultra vires and void or voidable as to utility poles owned by Nashville Electric Service because adoption of the Ordinance exceeded Metro Nashville's authority and violated the Metro Charter," the ruling said. Nashville is "permanently enjoined from applying the Ordinance to utility poles owned by Nashville Electric Service." The Nashville government isn't planning to appeal the decision, a spokesperson for Nashville Mayor Megan Barry told Ars today.


Senate Bill to Block Net Neutrality Repeal Now Has 40 Co-Sponsors (thehill.com) 106

New submitter Rick Schumann writes: The senate bill to block the FCC repeal of Obama-era internet net neutrality rules now has 40 co-sponsors, up from the 30 co-sponsors it had yesterday. The bill, being driven by Senate minority Democrats, requires only a simple majority vote in order to be passed, although Washington insiders are currently predicting the bill will fail. "The bill would use authority under the Congressional Review Act (CRA) to block the FCC's repeal from going into effect," reports The Hill. "And with more than 30 senators on board, the legislation will be able to bypass the committee approval process and Democrats will be able to force a vote on the floor."

UK Backs Off From Banning Reidentification Research (theguardian.com) 10

An anonymous reader writes: The United Kingdom has recently debated banning reidentification in its new data privacy law. This proposal has quickly been identified as dangerous and criticized, as it was argued this is not only ineffective but would also put at risk legitimate security and privacy researchers. Following public outcry, the UK government amended the bill to include safe-guards allowing researchers to study anonymization weaknesses. Researchers will also gain a new channel of disclosure via the Information Commissioner Office (ICO). According to The Guardian, "Researchers will have to notify the ICO within three days of successfully deanonymizing data, and demonstrate that they had acted in the public interest and without intention to cause damage or distress in re-identifying data."

James Dolan, Co-Creator of SecureDrop, Dead At 36 (gizmodo.com) 188

The Freedom of the Press Foundation is reporting that James Dolan, former Marine and co-creator of the whistleblower submission system SecureDrop alongside Aaron Swartz and Wired editor Kevin Poulsen, has died at age 36. He reportedly took his own life. Gizmodo reports: First deployed as StrongBox with The New Yorker, organizations such as the Washington Post, the New York Times, the Associated Press, and Gizmodo Media Group have all come to rely on SecureDrop -- which allows highly secure communication between journalists and sources in possession of sensitive information or documents. As an industry tool, it has become invaluable for reporters. Dolan joined the Freedom of the Press Foundation to maintain SecureDrop after co-creator Aaron Swartz took his life in 2013 at age 26, as pressure mounted in a federal investigation against him that many felt was overzealous. Memorial services have not yet been announced, and presently the circumstances of Dolan's death are not known.
Wireless Networking

With WPA3, Wi-Fi Security is About To Get a Lot Tougher (zdnet.com) 121

One of the biggest potential security vulnerabilities -- public Wi-Fi -- may soon get its fix. From a report: The Wi-Fi Alliance, an industry body made up of device makers including Apple, Microsoft, and Qualcomm, announced Monday its next-generation wireless network security standard, WPA3. The standard will replace WPA2, a near-two decades-old security protocol that's built in to protect almost every wireless device today -- including phones, laptops, and the Internet of Things.

One of the key improvements in WPA3 will aim to solve a common security problem: open Wi-Fi networks. Seen in coffee shops and airports, open Wi-Fi networks are convenient but unencrypted, allowing anyone on the same network to intercept data sent from other devices. WPA3 employs individualized data encryption, which scramble the connection between each device on the network and the router, ensuring secrets are kept safe and sites that you visit haven't been manipulated.
Further reading: WPA3 WiFi Standard Announced After Researchers KRACKed WPA2 Three Months Ago

FBI Chief Calls Unbreakable Encryption 'Urgent Public Safety Issue' (reuters.com) 442

The inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an "urgent public safety issue," FBI Director Christopher Wray said on Tuesday in remarks that sought to renew a contentious debate over privacy and security. From a report: The FBI was unable to access data from nearly 7,800 devices in the fiscal year that ended Sept. 30 with technical tools despite possessing proper legal authority to pry them open, a growing figure that impacts every area of the agency's work, Wray said during a speech at a cyber security conference in New York. "This is an urgent public safety issue," Wray added, while saying that a solution is "not so clear cut."

Snowden Joins Outcry Against World's Biggest Biometric Database (bloomberg.com) 36

Former U.S. intelligence-contractor-turned whistleblower Edward Snowden joined critics of India's digital ID program as the nation's top court is due to decide on its legality. From a report: Snowden on Tuesday tweeted in support of an Indian journalist who faces police charges after she reported that personal details of over a billion citizens enrolled in the program could be illegally accessed for just $8 paid through a digital wallet. Named Aadhaar, the program is backed by the world's biggest biometric database, which its operator Unique Identification Authority of India, or UIDAI, says wasn't breached. Snowden tweeted, "The journalists exposing the Aadhaar breach deserve an award, not an investigation. If the government were truly concerned for justice, they would be reforming the policies that destroyed the privacy of a billion Indians. Want to arrest those responsible? They are called @UIDAI."

Microsoft Says No More Windows Security Updates Unless AVs Set a Registry Key (bleepingcomputer.com) 136

Catalin Cimpanu, reporting for BleepingComputer: Microsoft has added a new and very important detail on the support page describing incompatibilities between antivirus (AV) products and the recent Windows Meltdown and Spectre patches. According to an update added this week, Microsoft says that Windows users will not receive the January 2018 Patch Tuesday security updates, or any subsequent Patch Tuesday security updates, unless the antivirus program they are using becomes compatible with the Windows Meltdown and Spectre patches. The way antivirus programs become compatible is by updating their product and then adding a special registry key to the Windows Registry. The presence of this registry key tells the Windows OS the AV product is compatible and will trigger the Windows Update that installs the Meltdown and Spectre patches that address critical flaws in the design of modern CPUs.

Apple Investigated By France For 'Planned Obsolescence' (bbc.com) 313

AmiMoJo shares a report from the BBC: French prosecutors have launched a probe over allegations of "planned obsolescence" in Apple's iPhone. Under French law it is a crime to intentionally shorten the lifespan of a product with the aim of making customers replace it. In December, Apple admitted that older iPhone models were deliberately slowed down through software updates. It follows a legal complaint filed in December by pro-consumer group Stop Planned Obsolescence (Hop). Hop said France was the third country to investigate Apple after Israel and the U.S., but the only one in which the alleged offense was a crime. Penalties could include up to 5% of annual turnover or even a jail term.
Data Storage

Western Digital 'My Cloud' Devices Have a Hardcoded Backdoor (betanews.com) 160

BrianFagioli shares a report from BetaNews: Today, yet another security blunder becomes publicized, and it is really bad. You see, many Western Digital MyCloud NAS drives have a hardcoded backdoor, meaning anyone can access them -- your files are at risk. It isn't even hard to take advantage of it -- the username is "mydlinkBRionyg" and the password is "abc12345cba" (without quotes). To make matters worse, it was disclosed to Western Digital six months ago and the company did nothing. GulfTech Research and Development explains, "The triviality of exploiting this issues makes it very dangerous, and even wormable. Not only that, but users locked to a LAN are not safe either. An attacker could literally take over your WDMyCloud by just having you visit a website where an embedded iframe or img tag make a request to the vulnerable device using one of the many predictable default hostnames for the WDMyCloud such as 'wdmycloud' and 'wdmycloudmirror' etc." The My Cloud Storage devices affected by this backdoor include: MyCloud, MyCloudMirror, My Cloud Gen 2, My Cloud PR2100, My Cloud PR4100, My Cloud EX2 Ultra, My Cloud EX2, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, and My Cloud DL4100. Firmware 2.30.172 reportedly fixes the bug, so make sure your device is updated before reconnecting to the internet.
The Internet

Senate Will Force Vote On Overturning Net Neutrality Repeal (theverge.com) 143

An anonymous reader quotes a report from The Verge: Senator Ed Markey (D-MA) has mustered the 30 votes necessary to force a vote on the FCC's decision to repeal net neutrality. Senator Claire McCaskill (D-MO) announced that she's signed onto Markey's request to overturn the new rules, under the Congressional Review Act -- which lets Congress nullify recently passed regulations with a simple majority. Markey announced his intention to file a resolution of disapproval in December, just after the FCC voted on new rules that killed net neutrality protections from 2015. These new rules were officially published last week, and with 30 sponsors, Markey can make the Senate vote on whether to consider overturning them. If this happens, it would lead to a debate and final vote. That's not remotely the end of the process: if it's approved, the resolution will go to the House, and if it passes there, the desk of Donald Trump, who seems unlikely to approve it.

After Iceland and Germany, Now France Declares War on the Gender Wage Gap (fastcompany.com) 293

France says it wants to make good on at least one-third of its motto of "liberte, egalite, and fraternite," by ensuring pay equality. From a report: The French government announced it is devising a "tough, concrete" plan to make the gender pay gap as much a thing of the past as Madame DeFarge's knitting habit. Per the Associated Press, France's plan for pay equity is still a work in progress. However, legislators may require companies to release the average salaries of their male and female employees and analyze them for disparities.

James Damore Sues Google For Allegedly Discriminating Against Conservative White Men (theverge.com) 1175

An anonymous reader shares a report: The author of the controversial memo that upended Google in August is suing the company, alleging that white, male conservatives are systematically discriminated against by Google. James Damore was fired as an engineer after a manifesto questioning the benefits of diversity programs was widely passed around the company. In a new lawsuit, he and another fired engineer claim that "employees who expressed views deviating from the majority view at Google on political subjects raised in the workplace and relevant to Google's employment policies and its business, such as 'diversity' hiring policies, 'bias sensitivity,' or 'social justice,' were/are singled out, mistreated, and systematically punished and terminated from Google, in violation of their legal rights."

SpaceX Completes First Launch of 2018: Secretive 'Zuma' Spacecraft (cnn.com) 103

SpaceX's first launch of 2018 was "a secretive spacecraft commissioned by the U.S. government for an undisclosed mission," reports TechCrunch. An anonymous reader quotes CNN: After more than a month of delays, a SpaceX Falcon 9 rocket vaulted toward the skies at 8 p.m. ET Sunday with the secretive payload. It launched from Cape Canaveral Air Force Station in Florida... The company [then] executed its signature move: guiding the first-stage rocket booster back to Earth for a safe landing. Just over two minutes after liftoff Sunday, the first-stage booster separated from the second stage and fired up its engines. The blaze allowed the rocket to safely cut back through the Earth's atmosphere and land on a pad at the Cape Canaveral Air Force Station... The company completed a record-setting 18 launches last year, and SpaceX plans to do even more this year, according to spokesman James Gleeson.

Kansas 'Swat' Perpetrator Had Already Been To Prison For Fake Bomb Threats (go.com) 315

More details are emerging about an online gamer whose fake call to Kansas police led to a fatal shooting:
  • "After phoning in a false bomb threat to a Glendale, California TV station in 2015, Tyler Barriss threatened to kill his grandmother if she reported him, according to local reports and court documents." -- The Wichita Eagle
  • "The Glendale Police Department confirmed to ABC News that Tyler Barriss made about 20 calls to universities and media outlets throughout the country around the time he was arrested for a bomb threat to Los Angeles ABC station KABC in 2015... He was sentenced to two years and eight months in jail, court records show." -- ABC News
  • "Within months of his release in August, he had already become the target of a Los Angeles Police Department investigation into similar hoax calls... LAPD detectives were planning to meet with federal prosecutors to discuss their investigation..." -- The Los Angeles Times
  • The Wichita Eagle reports that even after the police had fatally shot the person SWauTistic was pretending to be, he continued his phone call with the 911 operator for another 16 minutes -- on a call which lasted over half an hour.
  • Brian Krebs reports that police may have been aided in their investigation by another reformed SWAT perpetrator -- adding that SWauTistic privately claimed to have already called in fake emergencies at approximately 100 schools and 10 homes.

Just last month SWauTistic's Twitter account showed him bragging about a bomb threat which caused the evacuation of a Dallas convention center, according to the Daily Beast -- after which SWauTistic encouraged his Twitter followers to also follow him on a second account, "just in case twitter suspends me for being a god." Later the 25-year-old tweeted that "if you can't pull off a swat without getting busted you're not a leet hacking God its that simple."

Barriss remains in jail in Los Angeles with no bond, though within three weeks he's expected to be extradited to Kansas for his next trial.


Intel Hit With Three Class-Action Lawsuits Over Meltdown and Spectre Bugs (theguardian.com) 220

An anonymous reader quotes a report from The Guardian: Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week. Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel's delay in public disclosure from when it was first notified by researchers of the flaws in June. Intel said in a statement it "can confirm it is aware of the class actions but as these proceedings are ongoing, it would be inappropriate to comment." The plaintiffs also cite the alleged computer slowdown that will be caused by the fixes needed to address the security concerns, which Intel disputes is a major factor. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," Intel said in an earlier statement.

Why Twitter Hasn't Banned President Trump (theverge.com) 449

An anonymous reader quotes a report from The Verge: Amid vocal calls for the company to act, Twitter today offered its first explanation for why it hasn't banned President Donald Trump -- without ever saying the man's name. "Elected world leaders play a critical role in that conversation because of their outsized impact on our society," the company said in a blog post. "Blocking a world leader from Twitter or removing their controversial Tweets, would hide important information people should be able to see and debate. It would also not silence that leader, but it would certainly hamper necessary discussion around their words and actions." In its blog post, Twitter reiterated its previous statement that all accounts still must follow the company's rules. The statement seemed to leave open the possibility that it might one day take action against Trump's account, or the accounts of other world leaders who might use the platform to incite violence or otherwise break its rules. "We review Tweets by leaders within the political context that defines them, and enforce our rules accordingly," it said. In response to the claims that Twitter doesn't ban President Trump because he draws attention -- and ad revenue -- to the company, Twitter said: "No one person's account drives Twitter's growth, or influences these decisions. We work hard to remain unbiased with the public interest in mind."

Don't Pirate Or We'll Mess With Your Connected Thermostats, Warns East Coast ISP (engadget.com) 252

Internet service provider Armstrong Zoom has roughly a million subscribers in the Northeastern part of the U.S. and is keen to punish those it believes are using file-sharing services. According to Engadget, "the ISP's response to allegedly naughty customers is bandwidth throttling, which is when an ISP intentionally slows down your internet service based on what you're doing online. Armstrong Zoom's warning letter openly threatens its suspected file-sharing customers about its ability to use or control their webcams and connected thermostats." From the report: The East Coast company stated: "Please be advised that this may affect other services which you may have connected to your internet service, such as the ability to control your thermostat remotely or video monitoring services." All U.S. states served by Armstrong Zoom will be experiencing temperatures around or under freezing over the weekend and into the near future. Bandwidth throttling for customers in those areas who have connected thermostats could mean the difference between sickness and health, or even life and death. Seems like an extreme punishment for any allegedly downloaded Game of Thrones cam rips.

New US Customs Guidelines Limit Copying Files and Searching Cloud Data (theverge.com) 71

The U.S. Customs and Border Protection Agency has updated its guidelines for electronic border searches, adding new detail to border search rules that were last officially updated in 2009. The Verge reports: Officers can still request that people unlock electronic devices for inspection when they're entering the U.S., and they can still look through any files or apps on those devices. But consistent with a statement from acting commissioner Kevin McAleenan last summer, they're explicitly banned from accessing cloud data -- per these guidelines, that means anything that can't be accessed while the phone's data connection is disabled. The guidelines also draw a distinction between "basic" and "advanced" searches. If officers connect to the phone (through a wired or wireless connection) and copy or analyze anything on it using external devices, that's an advanced search, and it can only be carried out with reasonable suspicion of illegal activity or a national security concern. A supervisor can approve the search, and "many factors" might create reasonable suspicion, including a terrorist watchlist flag or "other articulable factors."
Operating Systems

Eben Upton Explains Why Raspberry Pi Isn't Vulnerable To Spectre Or Meltdown (raspberrypi.org) 116

Raspberry Pi founder and CEO Eben Upton says the Raspberry Pi isn't susceptible to the "Spectre" or "Meltdown" vulnerabilities because of the particular ARM cores they use. "Spectre allows an attacker to bypass software checks to read data from arbitrary locations in the current address space; Meltdown allows an attacker to read data from arbitrary locations in the operating system kernel's address space (which should normally be inaccessible to user programs)," Upton writes. He goes on to provide a "primer on some concepts in modern processor design" and "illustrate these concepts using simple programs in Python syntax..."

In conclusion: "Modern processors go to great lengths to preserve the abstraction that they are in-order scalar machines that access memory directly, while in fact using a host of techniques including caching, instruction reordering, and speculation to deliver much higher performance than a simple processor could hope to achieve," writes Upton. "Meltdown and Spectre are examples of what happens when we reason about security in the context of that abstraction, and then encounter minor discrepancies between the abstraction and reality. The lack of speculation in the ARM1176, Cortex-A7, and Cortex-A53 cores used in Raspberry Pi render us immune to attacks of the sort."

Ex-NSA Hacker Is Building an AI To Find Hate and Far-Right Symbols on Twitter and Facebook (vice.com) 509

Motherboard reporter Lorenzo Franceschi-Bicchierai has interviewed Emily Crose, a former NSA hacker, who has built NEMESIS, an AI-powered program that can help spot symbols that have been co-opted by hate groups to signal to each other in plain sight. Crose, who has also moderated Reddit in the past, thought of building NEMESIS after the Charlottesville, Virginia incident last year. From the report: Crose's motivation is to expose white nationalists who use more or less obscure, mundane, or abstract symbols -- or so-called dog whistles -- in their posts, such as the Black Sun and certain Pepe the frog memes. Crose's goal is not only to expose people who use these symbols online but hopefully also push the social media companies to clamp down on hateful rhetoric online. "The real goal is to educate people," Crose told me in a phone call. "And a secondary goal: I'd really like to get the social media platforms to start thinking how they can enforce some decency on their own platforms, a certain level of decorum." [...]

At a glance, the way NEMESIS works is relatively simple. There's an "inference graph," which is a mathematical representation of trained images, classified as Nazi or white supremacist symbols. This inference graph trains the system with machine learning to identify the symbols in the wild, whether they are in pictures or videos. In a way, NEMESIS is dumb, according to Crose, because there are still humans involved, at least at the beginning. NEMESIS needs a human to curate the pictures of the symbols in the inference graph and make sure they are being used in a white supremacist context. For Crose, that's the key to the whole project -- she absolutely does not want NEMESIS to flag users who post Hindu swastikas, for example -- so NEMESIS needs to understand the context. "It takes thousands and thousands of images to get it to work just right," she said.


Leading Lobbying Group for Amazon, Facebook, Google and Other Tech Giants is Joining the Legal Battle To Restore Net Neutrality (recode.net) 77

A leading lobbying group for Amazon, Facebook, Google, Netflix, Twitter and other tech giants said Friday that it would be joining the coming legal crusade to restore the U.S. government's net neutrality rules. From a report: The Washington, D.C.-based Internet Association specifically plans to join a lawsuit as an intervening party, aiding the challenge to FCC Chairman Ajit Pai's vote in December to repeal regulations that required internet providers like AT&T and Comcast to treat all web traffic equally, its leader confirmed to Recode. Technically, the Internet Association isn't filing its own lawsuit. That task will fall to companies like Etsy, public advocates like Free Press and state attorneys general, all of which plan to contend they are most directly harmed by Pai's decision, as Recode first reported this week. As an intervener, though, the Internet Association still will play a crucial role, filing legal arguments in the coming case. And in formally participating, tech giants will have the right to appeal a judge's decision later if Silicon Valley comes out on the losing end. "The final version of Chairman Pai's rule, as expected, dismantles popular net neutrality protections for consumers," said the group's chief, Michael Beckerman, in a statement. "This rule defies the will of a bipartisan majority of Americans and fails to preserve a free and open internet."

What Happens When States Have Their Own Net Neutrality Rules? (bloomberg.com) 179

Last month FCC Chairman Ajit Pai dismantled Obama-era rules on net neutrality. A handful of lawmakers in liberal-leaning U.S. states plan to spend this year building them back up. FCC anticipated the move -- the commission's rules include language forbidding states from doing this, warning against an unwieldy patchwork of regulations. But lawmakers in New York and California aren't aiming to be exceptions to the national rules; they're looking to, in effect, create their own. From a report: In New York, Assemblywoman Patricia Fahy introduced a bill that would make it a requirement for internet providers to adhere to the principles of net neutrality as a requirement for landing state contracts. This would mean they couldn't block or slow down certain web traffic, and couldn't offer faster speeds to companies who pay them directly. Fahy said the restrictions on contractors would apply even if the behaviors in question took place outside New York. She acknowledged that the approach could run afoul of limits on states attempting to regulate interstate commerce, but thought the bill could "thread the needle." Even supporters of state legislation on net neutrality think this may go too far. California State Senator Scott Wiener introduced a bill this week that would only apply to behavior within the state, saying any other approach would be too vulnerable to legal challenge.

But this wouldn't be the first time a large state threw around its weight in ways that reverberate beyond its borders. The texbook industry, for instance, has long accommodated the standards of California and Texas. [...] The internet doesn't lend itself cleanly to state lines. It could be difficult for Comcast or Verizon to accept money from services seeking preferential treatment in one state, then make sure that its network didn't reflect those relationships in places where state lawmakers forbade them, said Geoffrey Manne, executive director of the International Center for Law & Economics, a research group.


Amazon Alexa is Coming To Headphones, Smart Watches, Bathrooms and More (cnbc.com) 89

An anonymous reader shares a CNBC report: Amazon announced new tools on Friday that will allow gadget-makers to include the smart voice assistant in a whole array of new products. Alexa is Amazon's smart voice assistant and it has slowly made its way from the Amazon Echo into third-party speakers, refrigerators and, soon, even microwaves. Now, with Amazon's Alexa Mobile Accessory Kit, device makers will be able to build Alexa into headphones, smart watches, fitness trackers and more. That means you may soon be able to look down at your wrist and ask Alexa the weather, or to remind you to pick up eggs at the grocery store. CNET reports Kohler, a company that makes plumbing products, wants to bring Alexa to your bathroom as well.

The FCC Is Preparing To Weaken the Definition of Broadband (dslreports.com) 217

An anonymous reader quotes a report from DSLReports: Under Section 706 of the Telecommunications Act, the FCC is required to consistently measure whether broadband is being deployed to all Americans uniformly and "in a reasonable and timely fashion." If the FCC finds that broadband isn't being deployed quickly enough to the public, the agency is required by law to "take immediate action to accelerate deployment of such capability by removing barriers to infrastructure investment and by promoting competition in the telecommunications market." Unfortunately whenever the FCC is stocked by revolving door regulators all-too-focused on pleasing the likes of AT&T, Verizon and Comcast -- this dedication to expanding coverage and competition often tends to waver.

What's more, regulators beholden to regional duopolies often take things one-step further -- by trying to manipulate data to suggest that broadband is faster, cheaper, and more evenly deployed than it actually is. We saw this under former FCC boss Michael Powell (now the top lobbyist for the cable industry), and more recently when the industry cried incessantly when the base definition of broadband was bumped to 25 Mbps downstream, 4 Mbps upstream. We're about to see this effort take shape once again as the FCC prepares to vote in February for a new proposal that would dramatically weaken the definition of broadband. How? Under this new proposal, any area able to obtain wireless speeds of at least 10 Mbps down, 1 Mbps would be deemed good enough for American consumers, pre-empting any need to prod industry to speed up or expand broadband coverage.


France's President Macron Wants To Block Websites During Elections To Fight 'Fake News' (gizmodo.com) 299

French President Emmanuel Macron has a rather extreme approach to combat fake news: ban entire websites. In a speech to journalists on Wednesday, Macron said he planned to introduce new legislation to strictly regulate fake news during online political campaigns. Gizmodo reports: His proposal included a number of measures, most drastically "an emergency legal action" that could enable the government to either scrap "fake news" from a website or even block a website altogether. "If we want to protect liberal democracies, we must be strong and have clear rules," Macron said. "When fake news are spread, it will be possible to go to a judge... and if appropriate have content taken down, user accounts deleted and ultimately websites blocked."

Macron, himself a target of election interference, also outlined some less extreme measures in his speech yesterday. He proposed more rigid requirements around transparency, specifically in relation to online ads during elections. According to the Guardian, Macron said the legislation would force platforms to publicly identify who their advertisers are, as well as limit how much they can spend on ads over the course of an election campaign.


White House Bans Use of Personal Devices From West Wing (cbsnews.com) 205

In the wake of damaging reports of a chaotic Trump administration detailed in a new book from Michael Wolff, the White House is instituting new policies on the use of personal cellphones in the West Wing. CBS News reports: White House Press Secretary Sarah Huckabee Sanders released the following statement on the policy change: "The security and integrity of the technology systems at the White House is a top priority for the Trump administration and therefore starting next week the use of all personal devices for both guests and staff will no longer be allowed in the West Wing. Staff will be able to conduct business on their government-issued devices and continue working hard on behalf of the American people."

Wolff reportedly gained access to the White House where he conducted numerous interviews with staffers on the inner-workings of the Trump campaign and West Wing operations. Sanders told reporters Wednesday that there were about "a dozen" interactions between Wolff and White House officials, which she said took place at Bannon's request. The White House swiftly slammed the book and those who cooperated with Wolff.


How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com) 138

Reuters tells the story of how Daniel Gruss, a 31-year-old information security researcher and post-doctoral fellow at Austria's Graz Technical University, hacked his own computer and exposed a flaw in most of the Intel chips made in the past two decades. Prior to his discovery, Gruss and his colleagues Moritz Lipp and Michael Schwarz had thought such an attack on the processor's "kernel" memory, which is meant to be inaccessible to users, was only theoretically possible. From the report: "When I saw my private website addresses from Firefox being dumped by the tool I wrote, I was really shocked," Gruss told Reuters in an email interview, describing how he had unlocked personal data that should be secured. Gruss, Lipp and Schwarz, working from their homes on a weekend in early December, messaged each other furiously to verify the result. "We sat for hours in disbelief until we eliminated any possibility that this result was wrong," said Gruss, whose mind kept racing even after powering down his computer, so he barely caught a wink of sleep.

Gruss and his colleagues had just confirmed the existence of what he regards as "one of the worst CPU bugs ever found." The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995. Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices (AMD) and ARM Holdings, a unit of Japan's Softbank.


Google Blocks Pirate Search Results Prophylactically (torrentfreak.com) 38

Google is accepting "prophylactic" takedown requests to keep pirated content out of its search results, an anonymous reader writes, citing a TorrentFreak report. From the article: Over the past year, we've noticed on a few occasions that Google is processing takedown notices for non-indexed links. While we assumed that this was an 'error' on the sender's part, it appears to be a new policy. "Google has critically expanded notice and takedown in another important way: We accept notices for URLs that are not even in our index in the first place. That way, we can collect information even about pages and domains we have not yet crawled," Caleb Donaldson, copyright counsel at Google writes. In other words, Google blocks URLs before they appear in the search results, as some sort of piracy vaccine. "We process these URLs as we do the others. Once one of these not-in-index URLs is approved for takedown, we prophylactically block it from appearing in our Search results, and we take all the additional deterrent measures listed above." Some submitters are heavily relying on the new feature, Google found. In some cases, the majority of the submitted URLs in a notice are not indexed yet.

Personal Data of a Billion Indians Sold Online For $8, Report Claims (theguardian.com) 74

Michael Safi, reporting for The Guardian: The personal information of more than a billion Indians stored in the world's largest biometric database can be bought online for less than $8, according to an investigation by an Indian newspaper. The reported breach is the latest in a series of alleged leaks from the Aadhaar database, which has been collecting the photographs, thumbprints, retina scans and other identifying details of every Indian citizen. The report in the Chandigarh-based Tribune newspaper claimed that software is also being sold online that can generate fake Aadhaar cards, an identity document that is required to access a growing number of government services including free meals and subsidised grain. The Unique Identification Authority of India (UIDAI), which administers the Aadhaar system, said it appeared the newspaper had accessed only limited details through a search facility that had been made available to government officials.
The Internet

Ajit Pai Backs Out of Planned CES 2018 Appearance (techcrunch.com) 277

New submitter sdinfoserv writes: Ajit Pai, the most hated person in tech since Darl McBride, backed out of a speaking engagement at CES 2018. Apparently he lacks the spine to justify himself before the group of individuals his decisions affect most. Consumer Technology Association head Gary Shapiro announced: "Unfortunately, Federal Communications Commission Chairman Ajit Pai is unable to attend CES 2018. We look forward to our next opportunity to host a technology policy discussion with him before a public audience."
The Internet

After Beating Cable Lobby, Colorado City Moves Ahead With Muni Broadband (arstechnica.com) 198

Last night, the city council in Fort Collins, Colorado, voted to move ahead with a municipal fiber broadband network providing gigabit speeds, two months after the cable industry failed to stop the project. Ars Technica reports: Last night's city council vote came after residents of Fort Collins approved a ballot question that authorized the city to build a broadband network. The ballot question, passed in November, didn't guarantee that the network would be built because city council approval was still required, but that hurdle is now cleared. Residents approved the ballot question despite an anti-municipal broadband lobbying campaign backed by groups funded by Comcast and CenturyLink. The Fort Collins City Council voted 7-0 to approve the broadband-related measures, a city government spokesperson confirmed to Ars today.

While the Federal Communications Commission has voted to eliminate the nation's net neutrality rules, the municipal broadband network will be neutral and without data caps. "The network will deliver a 'net-neutral' competitive unfettered data offering that does not impose caps or usage limits on one use of data over another (i.e., does not limit streaming or charge rates based on type of use)," a new planning document says. "All application providers (data, voice, video, cloud services) are equally able to provide their services, and consumers' access to advanced data opens up the marketplace." The city will also be developing policies to protect consumers' privacy. The city intends to provide gigabit service for $70 a month or less and a cheaper Internet tier.


2 Years Later, Security Holes Linger In GPS Services Used By Millions of Devices (securityledger.com) 12

chicksdaddy quotes a report from The Security Ledger: Security researchers say that serious security vulnerabilities linger in GPS software by the China-based firm ThinkRace more than two years after the hole was discovered and reported to the firm, The Security Ledger reports. Data including a GPS enabled device's location, serial number, assigned phone number and model and type of device can be accessed by any user with access to the GPS service. In some cases, other information is available including the device's location history going back 1 week. In some cases, malicious actors could also send commands to the device via SMS including those used to activate or deactivate GEO fencing alarms features, such as those used on child-tracking devices.

The vulnerabilities affect hundreds of thousands of connected devices that use the GPS services, from smart watches, to vehicle GPS trackers, fitness trackers, pet trackers and more. At issue are security holes in back-end GPS tracking services that go by names like amber360.com, kiddo-track.com, carzongps.com and tourrun.net, according to Michael Gruhn, an independent security researcher who noted the insecure behavior in a location tracker he acquired and has helped raise awareness of the widespread flaws. Working with researcher Vangelis Stykas, Gruhn discovered scores of seemingly identical GPS services, many of which have little security, allowing low-skill hackers to directly access data on GPS tracking devices.

Alas, news about the security holes is not new. In fact, the security holes in ThinkRace's GPS services are identical to those discovered by New Zealand researcher Lachlan Temple in 2015 and publicly disclosed at the time. Temple's research focused on one type of device: a portable GPS tracker that plugged into a vehicle's On Board Diagnostic (or OBD) port. However, Stykas and Gruhn say that they have discovered the same holes spread across a much wider range of APIs (application program interfaces) and services linked to ThinkRace.


Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users (hothardware.com) 375

An anonymous reader quotes a report from Hot Hardware: The tech blogosphere lit up yesterday afternoon after reports of a critical bug in modern Intel processors has the potential to seriously impact systems running Windows, Linux and macOS. The alleged bug is so severe that it cannot be corrected with a microcode update, and instead, OS manufacturers are being forced to address the issue with software updates, which in some instances requires a redesign of the kernel software. Some early performance benchmarks have even suggested that patches to fix the bug could result in a performance hit of as much as 30 percent. Since reports on the issues of exploded over the past 24 hours, Intel is looking to cut through the noise and tell its side of the story. The details of the exploit and software/firmware updates to address the matter at hand were scheduled to go live next week. However, Intel says that it is speaking out early to combat "inaccurate media reports."

Intel acknowledges that the exploit has "the potential to improperly gather sensitive data from computing devices that are operating as designed." The company further goes on state that "these exploits do not have the potential to corrupt, modify or delete data." The company goes on to state that the "average computer user" will be negligibly affected by any software fixes, and that any negative performance outcomes "will be mitigated over time." In a classic case of trying to point fingers at everyone else, Intel says that "many different vendors' processors" are vulnerable to these exploits.
You can read the full statement here.

Mozilla Will Delete Firefox Crash Reports Collected by Accident (bleepingcomputer.com) 38

Catalin Cimpanu, writing for BleepingComputer: Mozilla said last week it would delete all telemetry data collected because of a bug in the Firefox crash reporter. According to Mozilla engineers, Firefox has been collecting information on crashed background tabs from users' browsers since Firefox 52, released in March 2017. Firefox versions released in that time span did not respect user-set privacy settings and automatically auto-submitted crash reports to Mozilla servers. The browser maker fixed the issue with the release of Firefox 57.0.3. Crash reports are not fully-anonymized.
The Internet

The FCC Is Still Tweaking Its Net Neutrality Repeal (techcrunch.com) 68

An anonymous reader quotes a report from TechCrunch: You may think, from the pomp accompanying the FCC's vote in December to repeal the 2015 net neutrality rules, that the deed was accomplished. Not so -- in fact, the order hasn't even reached its final form: the Commission is still working on it. But while it may be frustrating, this is business as usual for regulations like this, and concerned advocates should conserve their outrage for when it's really needed. The "Restoring Internet Freedom" rule voted on last month was based on a final draft circulated several weeks before the meeting at which it would be adopted. But as reports at the time noted, significant edits (i.e. not fixing typos) were still going into the draft the day before the FCC voted. Additional citations, changes in wording and more serious adjustments may be underway. It may sound like some serious shenanigans are being pulled, but this is how the sausage was always made, and it's actually one of Chairman Ajit Pai's handful of commendable efforts that the process is, in some ways at least, more open to the public. The question of exactly what is being changed, however, we will have ample time to investigate: The rules will soon be entered into the federal register, at which point they both come into effect and come under intense scrutiny and legal opposition.
The Courts

Spotify Hit With $1.6 Billion Copyright Lawsuit (spin.com) 132

The Wixen Music Publishing company, which administers song compositions by Tom Petty, Dan Auerbach, Rivers Cuomo, Stevie Nicks, Neil Young, and others, has hit Spotify with a copyright lawsuit seeking $1.6 billion in damages. The publishing company filed the lawsuit on December 29, alleging the streaming giant is using Petty's "Free Fallin" and tens of thousands of other songs without license or compensation. SPIN reports: Back in September, Wixen objected to a $43 million settlement Spotify had arranged over another class action lawsuit brought by David Lowery (of Cracker and Camper van Beethoven) and Melissa Ferrick, stating it was "procedurally and substantively unfair to Settlement Class Members because it prevents meaningful participation by rights holders and offers them an unfair dollar amount in light of Spotify's ongoing, willful copyright infringement of their works." A judge has yet to rule on that settlement, and in the meantime, Wixen has moved to file its own lawsuit, which purports "as much as 21 percent of the 30 million songs on Spotify are unlicensed," according to The Hollywood Reporter.

"Spotify brazenly disregards United States Copyright law and has committed willful, ongoing copyright infringement," the complaint reads. "Wixen notified Spotify that it had neither obtained a direct or compulsory mechanical license for the use of the Works. For these reasons and the foregoing, Wixen is entitled to the maximum statutory relief."


US Calls On Iran To Unblock Social Media Sites Amid Protests (go.com) 135

The Trump administration is calling on the government of Iran to stop blocking Instagram and other social media sites while encouraging Iranians to use special software to circumvent controls. "The great Iranian people have been repressed for many years," President Trump tweeted yesterday. "They are hungry for food & for freedom. Along with human rights, the wealth of Iran is being looted. Time for change!" ABC News reports: Undersecretary of State Steve Goldstein, in charge of public diplomacy, said the U.S. wants Iran's government to "open these sites" including the photo-sharing platform Instagram and the messaging app Telegram. "They are legitimate avenues for communication," Goldstein said. "People in Iran should be able to access those sites." Iranians seeking to evade the blocks can use virtual private networks, Goldstein said. Known as VPNs, the services create encrypted data "tunnels" between computers and are used in many countries to access overseas websites blocked by the local government. Despite the blocks, the United States is working to maintain communication with Iranians in the Farsi language, including through official accounts on Facebook, Twitter and other platforms. The State Department also was to distribute videos of top U.S. officials encouraging the protesters through those and other sites.

New Bill Could Finally Get Rid of Paperless Voting Machines (arstechnica.com) 391

An anonymous reader quotes a report from Ars Technica: A bipartisan group of six senators has introduced legislation that would take a huge step toward securing elections in the United States. Called the Secure Elections Act, the bill aims to eliminate insecure paperless voting machines from American elections while promoting routine audits that would dramatically reduce the danger of interference from foreign governments. "With the 2018 elections just around the corner, Russia will be back to interfere again," said co-sponsor Sen. Kamala Harris (D-Calif.). So a group of senators led by James Lankford (R-Okla.) wants to shore up the security of American voting systems ahead of the 2018 and 2020 elections. And the senators have focused on two major changes that have broad support from voting security experts.

The first objective is to get rid of paperless electronic voting machines. Computer scientists have been warning for more than a decade that these machines are vulnerable to hacking and can't be meaningfully audited. States have begun moving away from paperless systems, but budget constraints have forced some to continue relying on insecure paperless equipment. The Secure Elections Act would give states grants specifically earmarked for replacing these systems with more secure systems that use voter-verified paper ballots. The legislation's second big idea is to encourage states to perform routine post-election audits based on modern statistical techniques. Many states today only conduct recounts in the event of very close election outcomes. And these recounts involve counting a fixed percentage of ballots. That often leads to either counting way too many ballots (wasting taxpayer money) or too few (failing to fully verify the election outcome). The Lankford bill would encourage states to adopt more statistically sophisticated procedures to count as many ballots as needed to verify an election result was correct -- and no more.


Toutiao, One of China's Most Popular News Apps, is Discovering the Risks Involved in Giving People Exactly What They Want Online (nytimes.com) 29

The New York Times reports: One of the world's most valuable start-ups got that way by using artificial intelligence to satisfy Chinese internet users' voracious appetite for news and entertainment. Every day, its smartphone app feeds 120 million people personalized streams of buzzy news stories, videos of dogs frolicking in snow, GIFs of traffic mishaps and listicles such as "The World's Ugliest Celebrities." Now the company is discovering the risks involved, under China's censorship regime, in giving the people exactly what they want. The makers of the popular news app Jinri Toutiao unveiled moves this week to allay rising concerns from the authorities (Editor's note: the link may be paywalled; alternative source).

Last week, the Beijing bureau of China's top internet regulator accused Toutiao of "spreading pornographic and vulgar information" and "causing a negative impact on public opinion online," and ordered that updates to several popular sections of the app be halted for 24 hours. In response, the app's parent company, Beijing Bytedance Technology, took down or temporarily suspended the accounts of more than 1,100 bloggers that it said had been publishing "low-quality content" on the app. It also replaced Toutiao's "Society" section with a new section called "New Era," which is heavy on state media coverage of government decisions.


Big Tech and Democracy Need To Work Together, Microsoft Executives Say (axios.com) 89

From a report: It's not often that Big Tech calls for more government action. But two top Microsoft executives -- Brad Smith, president and chief legal officer, and Carol Ann Browne, director of executive communications -- write in a tech trends forecast out today. "2018 will be a year when democratic governments can either work together to safeguard electoral processes or face a future where democracy is more fragile. [T]his needs to include work to protect campaigns from hacking, address social media issues, ensure the integrity of voting results, and protect vital census processes," they wrote.

China's WeChat Denies Storing User Chats (reuters.com) 49

WeChat, China's most popular messenger app, on Tuesday denied storing users' chat histories, after a top businessman was quoted in media reports as saying he believed Tencent was monitoring everyone's account. From a report: " WeChat does not store any users' chat history. That is only stored in users' mobiles, computers and other terminals," WeChat said in a post on the social media platform. "WeChat will not use any content from user chats for big data analysis. Because of WeChat's technical model that does not store or analyse user chats, the rumour that 'we are watching your WeChat everyday' is pure misunderstanding." More than 900 million people use WeChat.

Slashdot Top Deals