Government

Investor Tim Draper Pushes Ballot Measure Splitting California Into 3 States (sfgate.com) 429

"One of several proposals aiming to split California into multiple smaller states has reportedly reached an important new goal thanks in large part to the efforts of its billionaire champion," writes schwit1. SFGate reports: Venture capitalist Tim Draper, who previously pushed a proposal that would split California into six states, says that his three-state proposal has enough signatures to qualify for the November ballot. On Thursday, Draper said in a statement that the "CAL 3" initiative has collected over 600,000 signatures from Californians who would like to see the state split into three. An initiative needs 366,000 signatures to appear on the ballot. "This is an unprecedented show of support on behalf of every corner of California to create three state governments that emphasize representation, responsiveness, reliability and regional identity," Draper said.
The U.S. Congress would still need to approve the change -- and it's probably useful to remember what happened when Draper tried splitting California into six states. He ultimately turned in 1.3 million signatures for a ballot measure in 2014, "only to see nearly half of them disqualified.

"He ended up about 100,000 short of the valid signatures he needed."
Yahoo!

Yahoo's New Privacy Policy Allows Data-Sharing With Verizon (cnet.com) 38

"Yahoo is now part of Oath and there is a new Privacy and Terms contract..." warns long-time Slashdot reader DigitalLogic. CNET reports: Oath notes that it has the right to read your emails, instant messages, posts, photos and even look at your message attachments. And it might share that data with parent company Verizon, too... When you dig further into Oath's policy about what it might do with your words, photos, and attachments, the company clarifies that it's utilizing automated systems that help the company with security, research and providing targeted ads -- and that those automated systems should strip out personally identifying information before letting any humans look at your data. But there are no explicit guarantees on that.
The update also warns that Oath is now "linking your activity on other sites and apps with information we have about you, and providing anonymized and/or aggregated reports to other parties regarding user trends." For example, Oath "may analyze user content around certain interactions with financial institutions," and "leverages information financial institutions are allowed to send over email."

Oath does offer a "Privacy Controls" page which includes a "legacy" AOL link letting you opt-out of internet-based advertising that's been targeted "based on your online activities" -- but it appears to be functioning sporadically.

CNET also reports that now Yahoo users are agreeing to a class-action waiver and mutual arbitration. "What it means is if you don't like what the company does with your data, you'll have a hard time suing."
Crime

Jailed Kansas 'Swat' Perpetrator Sneaks Online, Threatens More 'Swats' (kansas.com) 285

An anonymous reader quotes the Wichita Eagle: Tyler Barriss -- the man charged in a swatting hoax that led to the death of an innocent Wichita man -- apparently got access to the internet from jail for at least 28 minutes [last] Friday and threatened to swat again. "How am I on the Internet if I'm in jail? Oh, because I'm an eGod, that's how," a tweet posted at 9:05 a.m. said.
Other developments in the case:
  • Another tweet from the Barriss account 19 minutes later asked who was "talking shit," warning "your ass is about to get swatted." And nine minutes later his final tweet from jail bragged, "Y'all should see how much swag I got in here." The county sheriff's office blamed an outside vendor's improper software upgrade to an inmate kiosk, arguing that 14 inmates potentially had full internet access "for less than a few hours."
  • 25-year-old Barris is still in jail facing an 11-year prison sentence, noted a Twitter user who responded to the tweets. "This will play well at sentencing when you're pretending to be remorseful and asking the judge for mercy."
  • Meanwhile, the Wichita police officer who mistakenly fired the fatal shot that killed a 28-year-old father of two will not face charges. The district attorney concluded that several of the officers closest to victim Andrew Finch thought he reached down to pull up his pants, leaving his right arm hidden from the officers, the Wichita Eagle reports. "The officer who fired the shot, along with some others, thought Finch was reaching for a gun."
  • "This shooting should not have happened," said the district attorney. "But this officer's decision was made in the context of the false call." Finch was shot 10 seconds after opening his front door, and his family's civil case against the police department is still going forward.
  • Two other gamers involved in the shooting -- including one who allegedly hired Barriss over a $1.50 bet in the game Call of Duty -- have not been charged with a crime.

China

Trade War Or Not, China is Closing the Gap on US in Technology IP Race (reuters.com) 149

China's rising investment in research and expansion of its higher education system mean that it is fast closing the gap with the United States in intellectual property and the struggle to be the No.1 global technology power, according to patent experts. From a report: While U.S. President Donald Trump's threat of punitive tariffs on high-tech U.S. exports could slow Beijing's momentum, it won't turn back the tide, they say. Washington's allegation that the Chinese have engaged in intellectual property theft over many years -- which is denied by Beijing -- is a central reason for the worsening trade conflict between the U.S. and China. Forecasts for how long it will take for Beijing to close the technological gap vary -- though several patent specialists say it could happen in the next decade.

And China is already leapfrogging ahead in a couple of areas. "With the number of scientists China is training every year it will eventually catch up, regardless of what the U.S. does," said David Shen, head of IP for China at global law firm Allen & Overy. Indeed, IP lawyers now see President Xi Jinping's pledge earlier this week to protect foreign IP rights as projecting confidence in China's position as a leading innovator in sectors such as telecommunications and online payments, as well as its ability to catch up in other areas.

Piracy

Telegram is Riddled With Tens of Thousands of Piracy Channels; Apple and Google Have Ignored Requests From Creators To Take Action (theoutline.com) 49

joshtops writes: Instant messaging platform Telegram, which is used by more than 200 million users, has had an open secret since its inception: The platform has served as a haven for online pirates. The Outline reports that the platform is riddled with thousands of groups and channels, many with more than 100,000 members, whose sole purpose of existence is to share illegally copied movies, music albums, apps, and other content. The files are stored directly to Telegram's servers, allowing users to download movies, songs, and other content with one click. Channel admins told The Outline that they have not come across any resistance from Telegram despite the company, along with Apple and Google, maintaining a 'zero tolerance' stance on copyright infringement. This permissiveness on Telegram's part has led to the proliferation of a cottage industry of piracy marketplaces on the service.

[...] The Outline also discovered several groups and channels on Telegram in which stolen credentials -- i.e., the username and password for a website -- from Netflix, Spotify, Hulu, HBO, CBS, EA Sports, Lynda, Sling, WWE Network, Mega, India's Hotstar, and dozens of other services were being offered to tens of thousands of members each day. The Outline sourced nearly three-dozen free credentials from six Telegram channels, all of which worked as advertised.
The report says that content creators have reached out to Apple, requesting the iPhone-maker to intervene, but the company has largely ignored the issue.

In an unrelated development, a Moscow court cleared the way on Friday for the local government to ban Telegram, the messaging app, over its failure to give Russian security services the ability to read users' encrypted messages.
Google

Google is Testing Self-Destructing Emails in New Gmail (techcrunch.com) 172

The upcoming update to Gmail might include a feature which would allow users to send emails that expire after a user-defined period of time. From a report: Working on an email service is hard as you have to be compatible with all sorts of email providers and email clients. But it doesn't seem to be stopping Google as the company is now evolving beyond the simple POP3/IMAP/SMTP protocols. Based on those screenshots, expiring emails work pretty much like expiring emails in ProtonMail. After some time, the email becomes unreadable. In the compose screen, there's a tiny lock icon called "confidential mode." It says that the recipient won't be able to forward email content, copy and paste, download or print the email.
Chrome

Google Chrome To Boost User Privacy by Improving Cookies Handling Procedure (bleepingcomputer.com) 37

Catalin Cimpanu, writing for BleepingComputer: Google engineers plan to improve user privacy and security by putting a short lifespan on cookies delivered via HTTP connections. Google hopes that the move will force website developers and advertisers to send cookies via HTTPS, which "provides significant confidentiality protections against [pervasive monitoring] attacks."

Sending cookies via plaintext HTTP is considered both a user privacy and security risk, as these cookies could be intercepted and even modified by an attacker. Banning the sending of cookies via HTTP is not yet an option, so Chrome engineers hope that by limiting a cookie's lifespan, they would prevent huge troves of user data from gathering inside cookies, or advertisers using the same cookie to track users across different sites.

United States

Trump Orders Audit of Postal Service After Suggesting Amazon Is To Blame For Their Troubles (politico.com) 493

An anonymous reader quotes a report from Politico: President Donald Trump ordered the U.S. Postal Service to undergo an audit Thursday evening, a move that comes after president's repeated claims that Amazon is fleecing the USPS through alleged unfair business practices. "The USPS is on an unsustainable financial path and must be restructured to prevent a taxpayer-funded bailout," reads the executive order Trump issued shortly before 9 p.m. While not explicitly mentioned in the order, the president has hammered e-commerce giant Amazon in recent weeks and alleged that the company and its CEO Jeff Bezos are driving the USPS into the ground. "I am right about Amazon costing the United States Post Office massive amounts of money for being their Delivery Boy," Trump wrote on Twitter on April 3. "Amazon should pay these costs (plus) and not have them bourne by the American Taxpayer." According to the executive order, a task force comprise of top officials, including Treasury Secretary Steven Mnuchin, who would chair the group, will lead the investigation into the USPS' finances and will be required to issue recommendations and a final report no later than early August.
Bitcoin

438 Bitcoins Worth Nearly $3.5 Million Stolen From Exchange In India, CSO Accused (indiatimes.com) 85

William Robinson shares a report from The Economic Times: Nearly 438 bitcoins, worth nearly $3.5 million, were stolen from a top exchange firm in India in what is being billed as the biggest cryptocurrency theft in the country so far. The exchange, which has over two hundred thousand users across the country, found that all the bitcoins that were stored offline had vanished. It was later found that the private keys -- the password that is kept by the company and is stored offline -- were leaked online, leading to the hack. The company tried to trace the hackers, but found that all the data logs of the affected wallets had been erased, leaving no trails about where the bitcoins were transferred. Coinsecure, a Delhi-based cryptocurrency exchange, is accusing its CSO, Amitabh Saxena, of siphoning off the money from the firm's wallet. The exchange is urging the government to seize Saxena's passport, fearing that he may leave the country.
Music

'High Definition Vinyl' Is Coming As Early As Next Year (pitchfork.com) 330

An anonymous reader quotes a report from Pitchfork: In 2016, a European patent filing described a way of manufacturing records that the inventors claimed would have higher audio fidelity, louder volume, and longer playing times than conventional LPs. Now, the Austrian-based startup Rebeat Innovation has received $4.8 million in funding for the initiative, founder and CEO Gunter Loibl told Pitchfork. Thanks to the investment, the first "HD vinyl" albums could hit stores as early as 2019, Loibl said. The HD vinyl process involves converting audio digitally to a 3D topographic map. Lasers are then used to inscribe the map onto the "stamper," the part that stamps the grooves into the vinyl. According to Loibl, these methods allow for records to be made more precisely and with less loss of audio information. The results, he said, are vinyl LPs that can have up to 30 percent more playing time, 30 percent more amplitude, and overall more faithful sound reproduction. The technique would also avoid the chemicals that play a role in traditional vinyl manufacturing. Plus, the new-school HD vinyl LPs would still play on ordinary record players.
Businesses

Uber Drivers Are Independent Contractors, Not Employees, Judge Rules (reuters.com) 192

Uber drivers are independent contractors, not full-time employees of the ride-hailing company, a federal judge in Philadelphia ruled in what is said to be the first classification of Uber drivers under federal law. Reuters reports: U.S. District Judge Michael Baylson on Wednesday said San Francisco-based Uber does not exert enough control over drivers for its limo service, UberBLACK, to be considered their employer under the federal Fair Labor Standards Act. The drivers work when they want to and are free to nap, run personal errands, or smoke cigarettes in between rides, Baylson said. Jeremy Abay, a lawyer for the plaintiffs, said he would appeal the ruling to the Philadelphia-based 3rd U.S. Circuit Court of Appeals. The 3rd Circuit would be the first federal appeals court to consider whether Uber drivers are properly classified as independent contractors.
Transportation

NTSB Boots Tesla From Investigation Into Fatal Autopilot Crash (theverge.com) 160

The National Transportation Safety Board has removed Tesla from the investigation into a fatal Autopilot accident that occurred in March. The NTSB says it took the action because Tesla had released "investigative information before it was vetted and confirmed by" the agency. "Such releases of incomplete information often lead to speculation and incorrect assumptions about the probable cause of a crash, which does a disservice to the investigative process and the traveling public," the agency writes. The Verge reports: The NTSB's account contradicts Tesla's version of the story. In a statement, the automaker says it decided to remove itself from the investigation on Tuesday because of the NTSB was restricting it from sharing information before the probe ends. The company also accuses the NTSB of being duplicitous, arguing that the agency has released statements about the crash at the same time that it told Tesla not to. "It's been clear in our conversations with the NTSB that they're more concerned with press headlines than actually promoting safety," a spokesperson for the company says. "Among other things, they repeatedly released partial bits of incomplete information to the media in violation of their own rules, at the same time that they were trying to prevent us from telling all the facts. We don't believe this is right and we will be making an official complaint to Congress." The company also said it will issue "a Freedom Of Information Act request to understand the reasoning behind their focus on the safest cars in America while they ignore the cars that are the least safe." The full letter send to Musk from the NTSB can be seen here.
Iphone

Cops Around the Country Can Now Unlock iPhones, Records Show (vice.com) 98

Law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors, Motherboard reported on Thursday. From the report: FBI Director Christopher Wray recently said that law enforcement agencies are "increasingly unable to access" evidence stored on encrypted devices. Wray is not telling the whole truth. Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.

The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI's argument for introducing backdoors into consumer devices so authorities can more readily access their contents.

United States

Trump Proposes Rejoining Trans-Pacific Partnership (nytimes.com) 315

According to The New York Times, "President Trump told a gathering of farm state lawmakers and governors on Thursday morning that he was directing his advisers to look into rejoining the multicountry trade deal known as the Trans-Pacific Partnership (Warning: source may be paywalled; alternative source)." The TPP was a contentious issue during the 2016 presidential election as both Democrats and Republicans attacked it. After signaling during the election that he would pull out of the trade deal "on day one" of his presidency, Trump followed through with his plans. From the report: Rejoining the 11-country pact could be a significant change in fortune for many American industries that stood to benefit from the trade agreement's favorable terms and Republican lawmakers who supported the pact. The deal, which was negotiated by the Obama administration, was largely viewed as a tool to prod China into making the type of economic reforms that the United States and others have long wanted. Both Democrats and Republicans attacked the deal during the president campaign, but many business leaders were disappointed when Mr. Trump withdrew from the agreement, arguing that the United States would end up with less favorable terms attempting to broker an array of individual trade pacts and that scrapping the deal would empower China.

Mr. Trump's decision to reconsider the deal comes as the White House tries to find ways to protect the agriculture sector, which could be badly damaged by the president's trade approach. The risk of an escalating trade war with China has panicked American farmers and ranchers, who send many of their products abroad. China has responded to Mr. Trump's threat of tariffs on as much as $150 billion worth of Chinese goods by placing its own tariffs on American pork, and threatening taxes on soybeans, sorghum, corn and beef. Many American agriculturalists maintain that the easiest way to help them is to avoid a trade war with China in the first place. And many economists say the best way to combat a rising China and pressure it to open its market is through multilateral trade deals like the Trans-Pacific Partnership, which create favorable trading terms for participants.

Google

It's Surprisingly Easy To Make Government Records Public on Google Books (fastcompany.com) 11

From a report on FastCompany: While working on a recent story about hate speech spread by telephone in the '60s and '70s, I came across an interesting book that had been digitized by Google Books. Unfortunately, while it was a transcript of a Congressional hearing, and therefore should be in the public domain and not subject to copyright, it wasn't fully accessible through Google's archive. It's not surprising that Google might be cautious about making documents available, since its book search project resulted in over a decade of controversy over copyrights, with authors and publishers arguing that the search giant was exceeding its rights, and users clamoring to see the full texts of books, especially those that are in public domain.

But, as it turns out, Google provides a form where anyone can ask that a book scanned as part of Google Books be reviewed to determine if it's in the public domain. And, despite internet companies sometimes earning a mediocre-at-best reputation for responding to user inquiries about free services, I'm happy to report that Google let me know within a week after filling out the form that the book would now be available for reading and download.

Security

Uber's 2016 Breach Affected More Than 20 Million US Users (bloomberg.com) 6

An anonymous reader quotes a report from Bloomberg: A data breach in 2016 exposed the names, phone numbers and email addresses of more than 20 million people who use Uber's service in the U.S., authorities said on Thursday, as they chastised the ride-hailing company for not revealing the lapse earlier. The Federal Trade Commission said Uber failed to disclose the leak last year as the agency investigated and sanctioned the company for a similar data breach that happened in 2014. "After misleading consumers about its privacy and security practices, Uber compounded its misconduct," said Maureen Ohlhausen, the acting FTC chairman. She announced an expansion of last year's settlement with the company and said the new agreement was "designed to ensure that Uber does not engage in similar misconduct in the future."

In the 2016 breach, intruders in a data-storage service run by Amazon.com Inc. obtained unencrypted consumer personal information relating to U.S. riders and drivers, including 25.6 million names and email addresses, 22.1 million names and mobile phone numbers, and 607,000 names and driver's license numbers, the FTC said in a complaint. Under the revised settlement, Uber could be subject to civil penalties if it fails to notify the FTC of future incidents, and it must submit audits of its data security, the agency said.

China

A Wanted Man in China Has Been Caught Because of Facial Recognition Software (fastcompany.com) 146

An anonymous reader writes: The man was reportedly caught after facial recognition software running on cameras at a concert identified him, reports AbacusNews. That's despite there being over 50,000 people attending the concert, which took place in Nanchang, China. Law enforcement in the country has increasingly been turning to facial recognition software to surveil the public for persons of interest.
Communications

Reddit Continues To Protect Racist Language In Favor of Free Speech (digitaltrends.com) 661

In a thread about Reddit's 2017 transparency report, a user asked CEO Steve Huffman whether posts containing racism or racial slurs violate Reddit's terms. Huffman revealed that said speech are permissible on the site. "On Reddit, the way in which we think about speech is to separate behavior from beliefs," Huffman clarified. "This means on Reddit there will be people with beliefs different from your own, sometimes extremely so." Digital Trends reports: It's unclear if Huffman's comments are representative of Reddit's company policy, but protection of hate speech can -- and do -- lead to online harassment and cyberbullying. A recent study from Pew revealed that as many as 40 percent of Americans have experienced some form of harassment online. And even if hate speech may still be protected content on Reddit, Huffman was quick to point out that any threat of violence is not tolerated on the site. "When users actions conflict with our own content policies, we take action," he said. This distinction is consistent with Reddit's prior policies for enforcement. "Going forward, we will take action against any content that encourages, glorifies, incites, or calls for violence or physical harm against an individual or a group of people; likewise we will also take action against content that glorifies or encourages the abuse of animals," the updated terms read, noting that "context is key."
AI

FDA Approves AI-Powered Software To Detect Diabetic Retinopathy (engadget.com) 34

The U.S. Food and Drug Administration (FDA) has just approved an AI-powered device that can be used by non-specialists to detect diabetic retinopathy in adults with diabetes. Engadget reports: Diabetic retinopathy occurs when the high levels of blood sugar in the bloodstream cause damage to your retina's blood vessels. It's the most common cause of vision loss, according to the FDA. The approval comes for a device called IDx-DR, a software program that uses an AI algorithm to analyze images of the eye that can be taken in a regular doctor's office with a special camera, the Topcon NW400. The photos are then uploaded to a server that runs IDx-DR, which can then tell the doctor if there is a more than mild level of diabetic retinopathy present. If not, it will advise a re-screen in 12 months. The device and software can be used by health care providers who don't normally provide eye care services. The FDA warns that you shouldn't be screened with the device if you have had laser treatment, eye surgery or injections, as well as those with other conditions, like persistent vision loss, blurred vision, floaters, previously diagnosed macular edema and more.
Social Networks

Instagram Will Soon Let You Download a Copy of Your Data (techcrunch.com) 22

An Instagram spokesperson has confirmed to TechCrunch that the site will soon let users download a copy of what they've shared on Instagram, including their photos, videos and messages. The new data portability tool could make it much easier for users to leave Instagram and go to a competing image social network. It will also help the site comply with the upcoming European GDPR privacy law that requires data portability, assuming the feature launches before May 25th. From the report: Instagram has historically made it very difficult to export your data. You can't drag, or tap and hold on images to save them. And you can't download images you've already posted. That's despite Instagram now being almost 8 years old and having over 800 million users. For comparison, Facebook launched its Download Your Information tool in 2010, just six years after launch. We're awaiting more info on whether you'll only be able to download your photos, videos, and messages; or if you'll also be able to export your following and follower lists, Likes, comments, Stories, and the captions you share with posts. It's also unclear whether photos and videos will export in the full fidelity that they're uploaded or displayed in, or whether they'll be compressed. Instagram told me "we'll share more details very soon when we actually launch the tool. But at a high level it allows you to download and export what you have shared on Instagram" so we'll have to wait for more clarity.
AI

The US Military Desperately Wants To Weaponize AI (technologyreview.com) 179

Artificial intelligence is a transformative technology, and US generals already see it as the next big weapon in their arsenal. From a report: War-machine learning: Michael Griffin, Undersecretary of Defense for Research and Engineering, signaled how keen the military is to make use of AI at the Future of War 2018 conference held in Washington, DC, yesterday. Saber rattling: "There might be an artificial intelligence arms race, but we're not yet in it," Griffin said. In reference to China and Russia, he added, "I think our adversaries -- and they are our adversaries -- understand very well the possible future utility of machine learning, and I think it's time we did as well."
Facebook

Mark Zuckerberg Denies Knowledge of Non-Consensual Shadow Profiles Facebook Has Been Building of Non-Users For Years 235

It has been widely reported that Facebook builds profile of people even if they have never signed up for its services. However, in a hearing with the House Energy & Commerce Committee on Wednesday, when New Mexico Representative Ben Lujan asked Facebook CEO Mark Zuckerberg if he was aware of the so-called practice of building "shadow profiles", Zuckerberg denied knowledge of it. Here's the exchange: Lujan: Facebook has detailed profiles on people who have never signed up for Facebook, yes or no?
Zuckerberg: Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers].
Lujan: So these are called shadow profiles, is that what they've been referred to by some?
Zuckerberg: Congressman, I'm not, I'm not familiar with that.
Lujan: I'll refer to them as shadow profiles for today's hearing. On average, how many data points does Facebook have on each Facebook user?
Zuckerberg: I do not know off the top of my head.
Lujan: Do you know how many points of data Facebook has on the average non-Facebook user?
Zuckerberg: Congressman, I do not know off the top of my head but I can have our team get back to you afterward.
Lujan: It's been admitted by Facebook that you do collect data points on non-[Facebook users]. My question is, can someone who does not have a Facebook account opt out of Facebook's involuntary data collection?
Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not but in order to prevent people from scraping public information ... we need to know when someone is repeatedly trying to access our services.
Privacy

Steam Spy Announces It's Shutting Down, Blames Valve's New Privacy Settings 97

Steam Spy, the world's most comprehensive game ownership and play estimator available to the public, announced that it "won't be able to operate anymore" thanks to recent changes to Valve's privacy policy. "Valve just made a change to their privacy settings, making games owned by Steam users hidden by default," the site's operators announced on its official Twitter account. "Steam Spy relied on this information being visible by default." The creator of the website, Sergey Galyonkin, suggested that the site will only remain as an "archive" from here on out. Ars Technica reports: Indeed, Steam's new private-by-default setting is the kind of proactive, data-protective move that sites like Facebook have faced repeated scrutiny about over the past decade. However, as of press time, we could not confirm exactly how these updated settings will work, thanks to the service's "edit privacy settings" page currently appearing blank. (This can be found in the Steam interface by selecting the word "profile" under the menu that appears when mousing over your username.)

Valve pointed out that Steam will also receive a long, long, long-awaited "invisible" function for Steam's online-status toggle, which will allow players to actively communicate with Steam friends while hiding from the general public, and that it will also specifically let players hide both game ownership and gameplay time counts from friends. The company explained that Tuesday's changes came "directly from user feedback," which Steam Spy founder Sergey Galyonkin questioned via his site's Twitter feed: "They said it was by users feedback which makes me as a person born in the Soviet Union very suspicious :)" After Epic Games founder Tim Sweeney applauded Valve's privacy-minded policy change, Galyonkin responded with his own opinion on why so much data was open on Steam in the first place: "This was always a compromise between being able to play with other people and privacy," he wrote in response. "It seems they moved towards privacy now."
Advertising

Zuckerberg: Facebook Doesn't Use Your Mic For Ad Targeting (engadget.com) 257

During today's joint hearing before the Senate Judiciary and Commerce Committees, CEO Mark Zuckerberg fully denied the idea that Facebook listens in on your conversations via microphones to display relevant ads. Engadget reports: Senator Gary Peters (D-MI) asked him to answer "yes or no" whether Facebook used audio from personal devices to fill out its ad data, and Zuckerberg said no. The CEO explained that users can upload videos with audio in them, but not the kind of background spying that you've probably heard people talk about. Peters: "I have heard constituents say Facebook is mining audio from their mobile devices for the purpose of ad targeting. This speaks to the lack of trust we are seeing. I understand there are technical and logistical issues for that to happen. For the record, I hear it all the time, does Facebook use audio obtained from mobile devices to enrich personal information about its users?"

Zuckerberg: "We do not. Senator, Let me be clear on this. You are talking about the conspiracy theory passed around that we listen to what is going on on your microphone and use that. We do not do that. We do allow people to take videos on their device and share those. Videos also have audio. We do, while you are taking a video, record that and use that to make the service better by making sure that you have audio. That is pretty clear."
Facebook

Facebook Data Collected By Quiz App Included Private Messages (nytimes.com) 30

In addition to the public profile data of up to 87 million Facebook users, political data firm Cambridge Analytica also reportedly harvested people's private messages, too (Warning: source may be paywalled; alternative source). The New York Times reports: On Monday, Facebook began informing people whose data may have been compromised by Cambridge Analytica through an app developed by the researcher Aleksandr Kogan. In its notifications, Facebook said that while the information harvested was largely limited to what was on people's public profiles, "a small number of people" also shared information from their Facebook timeline, posts and messages. Facebook did not specify how many people's messages were gathered and said it was taking as broad a view as possible when notifying people that their data may have been taken.
Businesses

Apple Must Pay Patent Troll More Than $500 Million In iMessage Case (bloomberg.com) 75

A federal court in Texas today has ordered Apple to pay $502.6 million to a patent troll called VirnetX, the latest twist in a dispute now in its eighth year. "VirnetX claimed that Apple's FaceTime, VPN on Demand and iMessage features infringe four patents related to secure communications, claims that Apple denied," reports Bloomberg. From the report: The dispute has bounced between the district court, patent office and Federal Circuit since 2010. There have been multiple trials, most recently one involving earlier versions of the Apple devices. A jury in that case awarded $302 million that a judge later increased to $439.7 million. Kendall Larsen, CEO of VirnetX, said the damages, which were based on sales of more than 400 million Apple devices, were "fair." "The evidence was clear," Larsen said after the verdict was announced. "Tell the truth and you don't have to worry about anything." For VirnetX, the jury verdict in its favor could be a short-lived victory. The Patent Trial and Appeal Board has said the patents are invalid, in cases that are currently before the U.S. Court of Appeals for the Federal Circuit in Washington. The Federal Circuit, which handles all patent appeals, declined to put this trial on hold, saying it was so far along that a verdict would come before a final validity decision.
Democrats

Democratic Senators Propose 'Privacy Bill of Rights' To Prevent Websites From Sharing Or Selling Sensitive Info Without Opt-In Consent (arstechnica.com) 136

Democratic Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) today proposed a "privacy bill of rights" that would prevent Facebook and other websites from sharing or selling sensitive information without a customer's opt-in consent. The proposed law would protect customers' web browsing and application usage history, private messages, and any sensitive personal data such as financial and health information. Ars Technica reports: Markey teamed with Sen. Richard Blumenthal (D-Conn.) to propose the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act. You can read the full legislation here. "Edge providers" refers to websites and other online services that distribute content over consumer broadband networks. Facebook and Google are the dominant edge providers when it comes to advertising and the use of customer data to serve targeted ads. No current law requires edge providers to seek customers' permission before using their browsing histories to serve personalized ads. The online advertising industry uses self-regulatory mechanisms in which websites let visitors opt out of personalized advertising based on browsing history, and websites can be punished by the Federal Trade Commission (FTC) if they break their privacy promises.

The Markey/Blumenthal bill's stricter opt-in standard would require edge providers to "obtain opt-in consent from a customer to use, share, or sell the sensitive customer proprietary information of the customer." Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service. The FTC and state attorneys general would be empowered to enforce the new opt-in requirements. The bill would require edge providers to notify users about all collection, use, and sharing of their information. The bill also requires edge providers "to develop reasonable data security practices" and to notify customers about data breaches that affect them.

Twitter

Twitter Says It Will Comply With Honest Ads Act To Combat Russia Social Media Meddling (theverge.com) 47

An anonymous reader quotes a report from The Verge: Twitter today pledged to support a proposed Senate bill that would require technology platforms that sell advertising space to disclose the source of and amount of money paid for political ads. Called the Honest Ads Act, the bipartisan bill was first introduced back in October by Sen. Amy Klobuchar (D-MN), Sen. Mark Warner (D-VA), and Sen. John McCain (R-AZ). As part of its transparency efforts, Twitter says it's launched a new platform called the Ads Transparency Center, or ATC, that will "go beyond the requirements of the Honest Ads Act and eventually provide increased transparency to all advertisements on Twitter." Twitter says the platform will increase transparency for political and so-called issue ads, which target specific topics like immigration and gun control, by providing even more information on the origin of an ad that is required by the Honest Ads Act. "We have a dedicated team that is fully resourced to implementing the ATC and are committed to launching it this summer," the company states. "Twitter is moving forward on our commitment to providing transparency for online ads. We believe the Honest Ads Act provides an appropriate framework for such ads and look forward to working with bill sponsors and others to continue to refine and advance this important proposal."
Facebook

Facebook Launches Bug Bounty Program To Report Data Thieves (cnet.com) 66

Facebook on Tuesday launched a data abuse bug bounty program, just hours ahead of CEO Mark Zuckerberg's testimony to the Senate judiciary and commerce committees in Washington, DC. The bug bounty program is asking for people to report any apps that abuse data on Facebook, and it offers a reward based on how severe the abuse is. From a report: "While there is no maximum, high impact bug reports have garnered as much as $40,000 for people who bring them to our attention," Collin Greene, Facebook's head of product security, said in a post. The new program comes almost a month after the New York Times and the UK's Observer and Guardian papers revealed that Cambridge Analytica, a voter profiling firm, took advantage of a Facebook app to siphon off personal information on 87 million people. The scandal has fanned the flames of a backlash against Facebook by lawmakers and users.
Chrome

Biometric and App Logins Will Soon Be Pushed Across the Web (vice.com) 161

Soon, it will be much easier to log into more websites using a hardware key plugged into your laptop, a dedicated app, or even the fingerprint scanner on your phone. Motherboard: On Tuesday, a spread of organizations and businesses, including top browser vendors such as Microsoft and Google, announced a new standards milestone that will streamline the process for web developers to add extra login methods to their sites, potentially keeping consumers' accounts and data more secure. "For users, this will be a natural transition. People everywhere are already using their fingers and faces to 'unlock' their mobile phones and PCs, so this will be natural to them -- and more convenient," Brett McDowell, executive director at the FIDO Alliance, one of the organizations involved in setting up the standard, told Motherboard in an email.

"What they use today to 'unlock' will soon allow them to 'login' to all their favorite websites and a growing number of native apps that already includes Bank of America, PayPal, eBay and Aetna," he added. Passwords continue to be one of the weaker points in online security. A hacker may phish a target's password and log into their account, or take passwords from one data breach and use them to break into accounts on another site. The login standard, called Web Authentication (WebAuthn), will let potentially any website or online service use apps, security keys, or biometrics as a login method instead of a password, or use those alternative approaches as a second method of verification. The key here is making it easy and open for developers to use, and for it to work across all different brands of browsers. The functionality is already available in Mozilla's Firefox, and will be rolled out to Microsoft's Edge and Google Chrome in the new few months. Opera has committed to supporting WebAuthn as well.

Communications

Oregon Becomes Second State To Pass a Net Neutrality Law (katu.com) 91

An anonymous reader quotes a report from KATU: Oregon Gov. Kate Brown signed a bill Monday withholding state business from internet providers who throttle traffic, making the state the second to finalize a proposal aimed at thwarting moves by federal regulators to relax net neutrality requirements. The bill stops short of actually putting new requirements on internet service providers in the state, but blocks the state from doing business with providers that offer preferential treatment to some internet content or apps, starting in 2019. The move follows a December vote by the Federal Communications Commission repealing Obama-era rules that prohibited such preferential treatment, referred to generally as throttling, by providers like AT&T, Comcast, and Verizon. Brown's signature makes the state the second to enact such legislation, according to the National Conference of State Legislatures. It also stakes out the state's claim to a moderate approach, compared to others: Five weeks to the day before Brown, Washington State Gov. Jay Inslee signed a bill in his state to directly regulate providers there. The prohibition, which restricts with whom the state may contract for internet services, applies to cities and counties, but exempts areas with only a single provider.
China

China Removes Four News Apps From Smartphone Stores To Tighten Control (scmp.com) 52

The mobile apps for four popular news apps in China, including the most popular aggregator, Jinri Toutiao, were removed from a number of Chinese smartphone app stores following reports of a crackdown by the country's media watchdog, local media reported on Monday. From the report: Toutiao, with about 120 million daily active users, was not available on the app stores of smartphone manufacturers Xiaomi and Meizu on Monday afternoon. The apps for Tiantian Kuaibao, Netease News and Ifeng News were also not found on Xiaomi. China's authorities have asked several of the country's smartphone app stores to remove the four apps by 3pm on Monday as part of efforts to "regulate order in the broadcasting environment," according to Chinese news portal Sohu.com. The apps will be removed for between three days to three weeks, with Toutiao being offline for the longest period, according to the Sohu report. [...] China has shut down more than 13,000 websites in the last three years as Beijing sought to tighten its grip on the internet.
Businesses

How Much VR User Data Is Oculus Giving To Facebook? (theverge.com) 60

Facebook owns many other apps and services, including the Oculus virtual-reality platform, which collects incredibly detailed information about where users are looking and how they're moving. Since most of the discussion about how Facebook handles user information is focused on the social network itself, The Verge's Adi Robertson looks into the link between Facebook and Oculus: A VR platform like Oculus offers lots of data points that could be turned into a detailed user profile. Facebook already records a "heatmap" of viewer data for 360-degree videos, for instance, flagging which parts of a video people find most interesting. If it decided to track VR users at a more detailed level, it could do something like track overall movement patterns with hand controllers, then guess whether someone is sick or tired on a particular day. Oculus imagines people using its headsets the way they use phones and computers today, which would let it track all kinds of private communications. The Oculus privacy policy has a blanket clause that lets it share and receive information from Facebook and Facebook-owned services. So far, the company claims that it exercises this option in very limited ways, and none of them involve giving data to Facebook advertisers. "Oculus does not share people's data with Facebook for third-party advertising," a spokesperson tells The Verge.

Oculus says there are some types of data it either doesn't share or doesn't retain at all. The platform collects physical information like height to calibrate VR experiences, but apparently, it doesn't share any of it with Facebook. It stores posts that are made on the Oculus forums, but not voice communications between users in VR, although it may retain records of connections between them. The company also offers a few examples of when it would share data with Facebook or vice versa. Most obviously, if you're using a Facebook-created VR app like Spaces, Facebook gets information about what you're doing there, much in the same way that any third-party app developer would. You can optionally link your Facebook account to your Oculus ID, in which case, Oculus will use your Facebook interests to suggest specific apps or games. If you've linked the accounts, any friend you add on Facebook will also become your friend on Oculus, if they're on the platform.
Oculus does, however, share data between the two services to fight certain kinds of banned activity. "If we find someone using their account to send spam on one service, we can disable all of their accounts," an Oculus spokesperson says. "Similarly, if there's 'strange activity' on a specific Oculus account, they can share the IP address it's coming from with Facebook," writes Robertson. "The biggest problem is that there's nothing stopping Facebook and Oculus from choosing to share more data in the future."
Crime

Backpage Founders Charged With Money Laundering, Aiding Prostitution (theverge.com) 256

Federal authorities have charged the two founders of classified site Backpage.com, along with five other employees, with laundering money and facilitating prostitution. According to The Washington Post, the Justice Department claims Backpage took "consistent and concerted action" to knowingly allow ads for illegal sex work. The indictment alleges that "virtually every dollar flowing into Backpage's coffers represents the proceeds of illegal activity." The Verge reports: Law enforcement agencies seized Backpage's servers last week, and co-founder Michael Lacey was charged in a sealed 93-count indictment, which has now been revealed. Lacey, as well as his co-founder James Larkin, were already charged with violating California money laundering laws, although a judge threw out state-level pimping charges. Beyond Lacey and Larkin, the Backpage indictment includes charges against the site's chief financial officer, operations manager, assistant operations manager, and marketing director. It also charges the executive vice president of one of Backpage's parent companies. Backpage CEO Carl Ferrer, who was previously charged with pimping in California, was not charged in this indictment. The Justice Department claims Backpage's owners tried to cover up the fact that most of its "adult services" ads involved prostitution, and that Backpage allowed child sex traffickers to keep ads on the site as long as they deleted age-related keywords. The indictment also claims that Backpage disguised payments for illegal services by having customers funnel money to foreign bank accounts or apparently unrelated companies, or by transferring funds into cryptocurrency. These federal chargers are reportedly unrelated to the Stop Enabling Sex Traffickers Act, a bill that would make website operators liable for illegal content posted to their sites. The bill is currently awaiting Trump's signature.
Security

Don't Give Away Historic Details About Yourself (krebsonsecurity.com) 158

Brian Krebs: Social media sites are littered with seemingly innocuous little quizzes, games and surveys urging people to reminisce about specific topics, such as "What was your first job," or "What was your first car?" The problem with participating in these informal surveys is that in doing so you may be inadvertently giving away the answers to "secret questions" that can be used to unlock access to a host of your online identities and accounts. I'm willing to bet that a good percentage of regular readers here would never respond -- honestly or otherwise -- to such questionnaires (except perhaps to chide others for responding). But I thought it was worth mentioning because certain social networks -- particularly Facebook -- seem positively overrun with these data-harvesting schemes. What's more, I'm constantly asking friends and family members to stop participating in these quizzes and to stop urging their contacts to do the same.

On the surface, these simple questions may be little more than an attempt at online engagement by otherwise well-meaning companies and individuals. Nevertheless, your answers to these questions may live in perpetuity online, giving identity thieves and scammers ample ammunition to start gaining backdoor access to your various online accounts.

The Internet

'Erotic Review' Blocks US Internet Users To Prepare For Government Crackdown (arstechnica.com) 154

An anonymous reader quotes a report from Ars Technica: A website that hosts customer reviews of sex workers has started blocking Internet users in the United States because of forthcoming changes in U.S. law. Congress recently passed the Stop Enabling Sex Traffickers Act bill (SESTA), and President Trump is expected to sign it into law. SESTA will make it easier to prosecute websites that host third-party content that promotes or facilitates prostitution, even in cases when the sex workers aren't victims of trafficking. After Congress approved the bill, Craigslist removed its "Personals" section and Reddit removed some sex-related subreddits. The Erotic Review (TER) has followed suit by blocking any user who appears to be visiting the website from the United States.

"As a result of this new law, TER has made the difficult decision to block access to the website from the United States until such time as the courts have enjoined enforcement of the law, the law has been repealed or amended, or TER has found a way to sufficiently address any legal concerns created by the new law," the website's home page says in a notice to anyone who accesses the site from a US location. The Erotic Review explained in an FAQ why it blocked US-based users even before SESTA takes effect. (The bill is also known as the Allow States and Victims to Fight Online Sex Trafficking Act, or FOSTA.) "TER has always operated within the law, and it takes SESTA seriously," the FAQ says. "Because we do not know when SESTA will be signed into law, TER wants to be certain that it is in compliance with the statute the moment it becomes effective."
TER can still be accessed outside the U.S., and U.S.-based users can still access the site via a VPN service. "Non-U.S. are asked to agree to a disclaimer, which requires users to agree to 'report suspected exploitation of minors and/or human trafficking' and that they 'will not access TER from a Prohibited Country,'" reports Ars.
Facebook

Steve Wozniak Drops Facebook: 'The Profits Are All Based On the User's Info' (arstechnica.com) 246

Apple cofounder Steve Wozniak has formally deactivated his Facebook account. In an email interview with USA Today, Wozniak wrote that he was no longer satisfied with Facebook, knowing that it makes money off of user data. "The profits are all based on the user's info, but the users get none of the profits back," he wrote. "Apple makes its money off of good products, not off of you. As they say, with Facebook, you are the product." Ars Technica reports: His Sunday announcement to his Facebook followers came just ahead of Facebook CEO Mark Zuckerberg's scheduled testimony before Congress on Tuesday. The CEO is also reportedly set to meet with members of Congress privately on Monday. Wozniak wrote that Facebook had "brought me more negatives than positives." Still, when Wozniak tried to change some of his privacy settings in the aftermath of Cambridge Analytica, he said he was "surprised" to find out how many categories for ads he had to remove. "I did not feel that this is what people want done to them," added Wozniak. "Ads and spam are bad things these days and there are no controls over them. Or transparency."
Youtube

YouTube Is Illegally Collecting Data From Children, Say Advocacy Groups (gizmodo.com) 69

Nearly two-dozen privacy and children's advocacy groups have filed a Federal Trade Commission complaint against YouTube, alleging the platform of illegally collecting data from children. From a report: The groups, led by the Campaign for a Commercial-Free Childhood (CCFC), allege YouTube is violating the Children's Online Privacy Protection Act (COPPA) by collecting data from children under 13 without parents' permission.

"It's just fundamentally unfair," Josh Golin, executive director of the CCFC, told Gizmodo, "to use Google's powerful behavioral targeting on a child that doesn't yet understand what's going on." COPPA requires platforms "give parents notice of its data collection practices, and obtain verifiable parental consent before collecting the data." But, as Golin argues, YouTube violates COPPA because it doesn't differentiate between videos marketed to children and the rest of the site.

Facebook

Facebook Suspends Another Data Analytics Firm After CNBC Discovers It Was Using Tactics like Cambridge Analytica (cnbc.com) 83

Facebook suspended a company from its site over the weekend while it investigates claims it harvested user information under the guise of academic research, in a case with echoes of the Cambridge Analytica scandal. From a report: Facebook is suspending a data analytics firm called CubeYou from the platform after CNBC notified the company that CubeYou was collecting information about users through quizzes. CubeYou misleadingly labeled its quizzes "for non-profit academic research," then shared user information with marketers. The scenario is eerily similar to how Cambridge Analytica received unauthorized access to data from as many as 87 million Facebook user accounts to target political marketing. CubeYou, whose CEO denies any deception, sold data that had been collected by researchers working with the Psychometrics Lab at Cambridge University, similar to how Cambridge Analytica used information it obtained from other professors at the school for political marketing.
Facebook

Cambridge Analytica Whistleblower Says Data From 87 Million Users Could Be Stored In Russia (cnn.com) 178

PolygamousRanchKid shares a report from CNN: Cambridge Analytica whistleblower Christopher Wylie says the data the firm gathered from Facebook could have come from more than 87 million users and could be stored in Russia. Wylie added that his lawyer has been contacted by U.S. authorities, including congressional investigators and the Department of Justice, and says he plans to cooperate with them. Aleksander Kogan, a Russian data scientist who gave lectures at St. Petersburg State University, gathered Facebook data from millions of Americans. He then sold it to Cambridge Analytica, which worked with President Donald Trump's 2016 presidential campaign. "I know that Facebook is now starting to take steps to rectify that and start to find out who had access to it and where it could have gone, but ultimately it's not watertight to say that, you know, we can ensure that all the data is gone forever," he said.
Advertising

Tim Cook Says Ads That Follow You Online Are 'Creepy' (cnet.com) 181

In a wide-ranging interview with MSNBC and Recode, Apple CEO Tim Cook said that everyone should know how much data they're sharing and what can be inferred about us from that information. He added that privacy "is a human right" and said he's worried about how advertisers and others can abuse access to our data. "To me it's creepy when I look at something and all of a sudden it's chasing me all the way across the web," Cook said. "I don't like that." CNET reports: The comments came as part of a wide-ranging interview between Cook, MSNBC's Chris Hayes and Recode's Kara Swisher. MSNBC broadcast the special, named "Revolution: Apple changing the world" at 5 p.m. PT on Friday. The interview was taped the day after Apple's education event in Chicago, where the company introduced a new 9.7-inch iPad and tools for teachers. The two publications released some early clips and comments from Cook over the past couple of weeks. That included remarks he made about Facebook and its CEO, Mark Zuckerberg in the wake of the Cambridge Analytica scandal. Cook noted that Apple purposely chose not to make "a ton of money" off its customers' data and that Facebook failed to effectively regulate itself, prompting a need for government intervention. Along with Facebook and its privacy issues, Cook talked up DACA and immigration, tax reform, the changing job landscape and the need for everyone to learn coding, among other topics.
Privacy

'Big Brother' In India Requires Fingerprint Scans For Food, Phones, Finances (nytimes.com) 132

The New York Times reports of the Indian government's intent to build an identification system of unprecedented scope. The country is reportedly "scanning the fingerprints, eyes and faces of its 1.3 billion residents (alternative source) and connecting the data to everything from welfare benefits to mobile phones." Here's an excerpt from the report: Civil libertarians are horrified, viewing the program, called Aadhaar, as Orwell's Big Brother brought to life. To the government, it's more like "big brother," a term of endearment used by many Indians to address a stranger when asking for help. For other countries, the technology could provide a model for how to track their residents. And for India's top court, the ID system presents unique legal issues that will define what the constitutional right to privacy means in the digital age. The government has made registration mandatory for hundreds of public services and many private ones, from taking school exams to opening bank accounts.

Technology has given governments around the world new tools to monitor their citizens. In China, the government is rolling out ways to use facial recognition and big data to track people, aiming to inject itself further into everyday life. Many countries, including Britain, deploy closed-circuit cameras to monitor their populations. But India's program is in a league of its own, both in the mass collection of biometric data and in the attempt to link it to everything -- traffic tickets, bank accounts, pensions, even meals for undernourished schoolchildren.

Facebook

Facebook Donated To 46 of 55 Members On Committee That Will Question Zuckerberg (usatoday.com) 160

Facebook CEO Mark Zuckerberg will be questioned about user privacy protections next week by members of the House and Senate committees, but as USA Today notes, many of these members were also "some of the biggest recipients of campaign contributions from Facebook employees directly and the political action committee funded by employees." An anonymous reader shares the report: The congressional panel that got the most Facebook contributions is the House Energy and Commerce Committee, which announced Wednesday morning it would question Zuckerberg on April 11. Members of the committee, whose jurisdiction gives it regulatory power over Internet companies, received nearly $381,000 in contributions tied to Facebook since 2007, according to the Center for Responsive Politics. The center is a non-partisan, non-profit group that compiles and analyzes disclosures made to the Federal Election Commission.

The second-highest total, $369,000, went to members of the Senate Commerce, Science and Transportation Committee, which announced later that it would have a joint hearing with the Senate Judiciary Committee to question Zuckerberg on Tuesday. Judiciary Committee members have received $235,000 in Facebook contributions. On the House committee, Republicans got roughly twice as much as Democrats, counter to the broader trend in Facebook campaign gifts. Of the $7 million in contributions to all federal candidates tied to the Menlo Park, Calif.-based social network, Democrats got 65% to Republicans' 33%. Of the 55 members on the Energy and Commerce Committee this year, all but nine have received Facebook contributions in the past decade. The average Republican got $6,800, while the average Democrat got $6,750.

Security

'Vigilante Hackers' Strike Routers In Russia and Iran, Reports Motherboard (vice.com) 121

An anonymous reader quotes Motherboard: On Friday, a group of hackers targeted computer infrastructure in Russia and Iran, impacting internet service providers, data centres, and in turn some websites. "We were tired of attacks from government-backed hackers on the United States and other countries," someone in control of an email address left in the note told Motherboard Saturday... "We simply wanted to send a message...." In addition to disabling the equipment, the hackers left a note on affected machines, according to screenshots and photographs shared on social media: "Don't mess with our elections," along with an image of an American flag...

In a blog post Friday, cybersecurity firm Kaspersky said the attack was exploiting a vulnerability in a piece of software called Cisco Smart Install Client. Using computer search engine Shodan, Talos (which is part of Cisco) said in its own blog post on Thursday it found 168,000 systems potentially exposed by the software. Talos also wrote it observed hackers exploiting the vulnerability to target critical infrastructure, and that some of the attacks are believed to be from nation-state actors...

Reuters reported that Iran's IT Minister Mohammad Javad Azari-Jahromi said the attack mainly impacted Europe, India, and the U.S.... The hackers said they did scan many countries for the vulnerable systems, including the U.K., U.S., and Canada, but only "attacked" Russia and Iran, perhaps referring to the post of an American flag and their message. They claimed to have fixed the Cisco issue on exposed devices in the US and UK "to prevent further attacks... As a result of our efforts, there are almost no vulnerable devices left in many major countries," they claimed in an email.

Their image of the American flag was a black-and-white drawing done with ASCII art.
Businesses

Apple Tells the EPA Why Cutting the Clean Power Plan Is a Bad Move (theverge.com) 131

An anonymous reader quotes a report from The Verge: Apple is pushing back against the Environmental Protection Agency's proposal to repeal the Clean Power Plan. The company filed a public comment with the EPA today arguing that scrapping the policy, which calls for cutting power plant pollution, would dull the United States' competitive edge in the clean energy economy. The Clean Power Plan (or CPP) was finalized by the Obama administration, and it takes aim at power plants -- the number one carbon polluters in the U.S., according to the Obama-era EPA website. Had the CPP ever taken effect, it would have given power plants until the year 2030 to curb their carbon emissions by about 30 percent, a move that the Obama administration said could protect the environment, public health, and consumer's pocketbooks.

Apple's comment cites the economic advantages of supporting clean energy, including that it provides "corporate electricity buyers with a hedge against fuel price fluctuation." The price of solar and wind don't change like the price of oil, Apple's filing says. (It also notes that China is currently beating the U.S. in clean energy investments.) The company also says that regulating the grid's carbon emissions "power plant by power plant" won't work. It references its own experiences operating with 100 percent renewable energy here in the U.S. and the work of its subsidiary, Apple Energy LLC, which sells the excess electricity the company generates back to the grid. The electricity system is far too interconnected, the filing says, so "regulation should consider the dynamic and interconnected nature of how power is generated, sold and consumed." That's why it supports the clean power plan, which it says provides a nationwide framework for regulating electricity generation: "It is both needed and the smart thing to do."

Google

Google Seeks To Limit 'Right To Be Forgotten' By Claiming It's Journalistic (cjr.org) 203

"In the first 'right to be forgotten' case to reach England's High Court, two men are fighting to keep their past crimes out of Google's search results, and the tech giant is fighting back by claiming it's 'journalistic.'" Chava Gourarie reports via Columbia Journalism Review: The case, which is actually two nearly identical cases, involves two businessmen who were both convicted of white-collar crimes in the '90s, and requested that Google delist several URLs referencing their convictions, including news articles. When Google denied their requests, they sued under a 2014 European Union ruling which established the right of individuals to have information delisted from search indexes under certain conditions. In its defense, Google has argued that it should be protected under an exception for journalism because it provides access to journalistic content. Even as a legal sleight of hand, the argument is quite a departure from Google's customary efforts to present itself as a disinterested arbiter of information, a position that has become more untenable with time.

Gareth Corfield, a reporter for The Register who covered the cases from the courtroom, said it's disingenuous of Google to put on the mantle of journalism only when it suits them. "They've gone through great lengths to say they don't make any editorial judgement in processing results," Corfield said, but "it now wants you to believe it is on a par with journalism." As the first case to test the "right to be forgotten" in England's High Court, its outcome will likely set some ground rules in the roiling debate between personal privacy and freedom of expression on the internet. Google's sudden identification with journalism may be a legal gambit, but it could have far-reaching effects across the landscape of data protection laws.

Security

T-Mobile Stores Part of Customers' Passwords In Plaintext, Says It Has 'Amazingly Good' Security (vice.com) 71

T-Mobile Austria admitted on Twitter that it stores at least part of their customer's passwords in plaintext. What this means is that "if anyone breaches T-Mobile (it's only a matter of time), they could likely guess or brute-force every user's password," reports Motherboard. "If the passwords were fully encrypted or hashed, it wouldn't be that easy. But having a portion of the credential in plaintext reduces the difficulty of decoding the hashed part and obtaining the whole password." From the report: "Based on what we know about how people choose their passwords," Per Thorsheim, the founder of the first-ever conference dedicated to passwords, told me via Twitter direct message, "knowing the first 4 characters of your password can make it DEAD EASY for an attacker to figure out the rest." T-Mobile doesn't see that as a problem because it has "amazingly good security." On Thursday, a T-Mobile Austria customer support employee made that stunning revelation in an incredibly nonchalant tweet. Twitter user Claudia Pellegrino was quick to point out that storing passwords in plaintext is wrong, but another T-Mobile customer rep didn't see it that way. "I really do not get why this is a problem. You have so many passwords for every app, for every mail-account and so on. We secure all data very carefully, so there is not a thing to fear," the rep wrote back.
Privacy

Comcast, AT&T, Verizon Pose a Greater Surveillance Risk Than Facebook (theguardian.com) 65

An anonymous reader writes: "Comcast, AT&T and Verizon pose a greater surveillance risk than Facebook -- but their surveillance is much harder to avoid," writes Salome Viljoen in an opinion piece for The Guardian. From the report: "Facebook isn't the only company that amasses troves of data about people and leaves it vulnerable to exploitation and misuse. As of last year, Congress extended the same data-gathering practices of tech companies like Google and Facebook to internet providers like Comcast, AT&T and Verizon. Because service providers serve as gatekeepers to the entire internet, they can collect far more information about us, and leave us with far less power to opt out of that process. This means that the risks of allowing our internet providers to collect and monetize the same type of user data that Facebook collects -- and the potential that such data will therefore be misused -- are much, much worse. Your internet provider doesn't just know what you do on Facebook -- it sees all the sites you visit and how much time you spend there. Your provider can see where you shop, what you watch on TV, where you choose to eat dinner, what medical symptoms you search, where you apply for work, school, a mortgage. Everything that is unencrypted is fair game. But internet providers don't just pose a greater surveillance risk than Facebook -- their surveillance is also far harder to avoid. 'Choosing' not to use an internet provider to avoid surveillance is not really a choice at all. As of 2016, only about half of Americans have more than one option for broadband internet. In rural areas, this number drops to just 13%.
Piracy

Three Execs Get Prison Time For Pirating Oracle Firmware & Solaris OS Update (bleepingcomputer.com) 119

An anonymous reader writes: Three of four TERiX executives were sentenced to prison yesterday for a scheme through which they created three fake companies to pirate Oracle firmware patches and Solaris OS updates. By doing this, the execs avoided paying a per-server fee for every Oracle product their company serviced, instead paying for one patch/update alone.

Court documents show that Oracle was aware of the scheme and eventually connected the dots between the fake companies and TERiX when one of the execs downloaded files from Oracle's servers via one of the fake company's accounts from a TERiX IP address. Oracle filed a complaint with the FBI, but also a civil suit. A judge awarded Oracle damages last year totaling $57.423 million. The judge also barred TERiX from servicing Oracle products.

Security

Best Buy Warns of Data Breach (usatoday.com) 25

Best Buy, along with Delta Air Lines and Sears, says that [24]7.ai, a company that provides the technology backing its chat services, was hacked between September 27 and October 12, potentially jeopardizing the personal payment details of "a number of Best Buy customers." The electronics company said in a statement that "as best we can tell, only a small fraction of our overall online customer population could have been caught up in this... incident whether or not they used the chat function." They will reach out to customers who were impacted.

Slashdot Top Deals