Crime

Former FCC Broadband Panel Chair Arrested For Fraud (dslreports.com) 106

An anonymous reader quotes a report from DSLReports: The former chair of a panel built by FCC boss Ajit Pai to advise the agency on broadband matters has been arrested for fraud. Elizabeth Ann Pierce, former CEO of Quintillion Networks, was appointed by Pai last April to chair the committee, but her tenure only lasted until September. Pierce resigned from her role as Quintillion CEO last August after investigators found she was engaged in a scam that tricked investors into pouring money into a multi-million dollar investment fraud scheme. According to the Wall Street Journal, Pierce convinced two investment firms that the company had secured contracts for a high-speed fiber-optic system that would generate hundreds of millions of dollars in future revenue. She pitched the system as a way to improve Alaska's connectivity to the rest of the country, but the plan was largely a fabrication, law enforcement officials say. "As it turned out, those sales agreements were worthless because the customers had not signed them," U.S. Attorney Geoffrey Berman said in prepared remarks. "Instead, as alleged, Pierce had forged counterparty signatures on contract after contract. As a result of Pierce's deception, the investment companies were left with a system that is worth far less than Pierce had led them to believe." Quintillion says it began cooperating with lawmakers as soon as allegations against Pierce surfaced last year. Pierce was charged with wire fraud last Thursday and faces a maximum sentence of 20 years in prison.
Facebook

Facebook Admits To Tracking Users, Non-Users Off-Site (theguardian.com) 147

Facebook said in a blog post yesterday that they tracked users and non-users across websites and apps for three main reasons: providing services directly, securing the company's own site, and "improving our products and services." The statement comes as the company faces a U.S. lawsuit over a controversial facial recognition feature launched in 2011. The Guardian reports: "When you visit a site or app that uses our services, we receive information even if you're logged out or don't have a Facebook account. This is because other apps and sites don't know who is using Facebook," Facebook's product management director, David Baser, wrote. "Whether it's information from apps and websites, or information you share with other people on Facebook, we want to put you in control -- and be transparent about what information Facebook has and how it is used."

But the company's transparency has still not extended to telling non-users what it knows about them -- an issue Zuckerberg also faced questions over from Congress. Asked by Texas representative Gene Green whether all information Facebook holds about a user is in the file the company offers as part of its "download your data" feature, Zuckerberg had responded he believed that to be the case. Privacy campaigner Paul-Olivier Dehaye disagreed, noting that, even as a Facebook user, he had been unable to access personal data collected through the company's off-site tracking systems. Following an official subject access request under EU law, he told MPs last month, Facebook had responded that it was unable to provide the information.

Bitcoin

New York's Attorney General Is Investigating Bitcoin Exchanges (theverge.com) 43

The office of New York Attorney General Eric Schneiderman announced today that it has launched an investigation into bitcoin exchanges. He's reportedly looking into thirteen major exchanges, including Coinbase, Gemini Trust, and Bitfinex, requesting information on their operations and what measures they have in place to protect consumers. The Verge reports: "Too often, consumers don't have the basic facts they need to assess the fairness, integrity, and security of these trading platforms," Schneiderman said in a statement. His office sent detailed questionnaires to the thirteen exchanges, asking them to disclose who owns and controls them, and how their basic operation and transaction fees work. The questionnaire also asks for specific details on how exchanges might suspend trading or delay orders, indicating Schneiderman is particularly concerned with exchanges manipulating the timing of public orders. The investigation will attempt to shed more transparency on how platforms combat market manipulation attempts and suspicious trading, as well as bots, theft, and fraud. Many of the exchanges Schneiderman is targeting, such as Beijing-based Huobi, have headquarters located outside the U.S., but the attorney general has jurisdiction over any foreign business operating in New York. Coin Center's director of research Peter Van Valkenburgh tells The Verge that the new investigation might be overkill, given the existing rules already in place for bitcoin exchanges. "Far from being unregulated," he says, "these businesses must contend with state money transmission licensing laws, federal anti-money laundering law, CFTC scrutiny for commodities spot market manipulation, SEC scrutiny for securities trading (should any tokens traded be securities), and in this case, state consumer protection investigations from the several attorneys general."
United States

Online Tax Filers Will Get Extension After IRS Payment Website Outage (cnbc.com) 39

An anonymous reader quotes a report from CNBC: The IRS will give last-minute filers additional time to file their tax returns after the page for paying their tax bills using their bank accounts crashed, Treasury Secretary Steven Mnuchin told the Associated Press. The IRS "Direct Pay" page allows filers to transfer funds from their checking or savings account to pay what they owe. As of 5 p.m. ET on April 17 -- Tax Day -- the page was still unavailable. Direct Pay is a free service. The "Payment Plan" page, where filers can pay their tax bill in installments also appears to have crashed. "I'd strongly advise folks who owe any federal taxes and cannot pay online to mail a check or money order to the IRS to the appropriate address," said Patrick Thomas, director of Notre Dame Law School's Tax Clinic. According to a TurboTax spokesperson, the IRS's technical difficulties are affecting all tax preparers and tax returns. "Taxpayers should go ahead and continue to prepare and file their taxes as normal with TurboTax," the spokesperson said. "TurboTax has uninterrupted service and is available and accepting e-filed returns," she said. "We will hold returns until the IRS is ready to begin accepting them again." H&R Block said it will continue to accept returns from filers.
Facebook

Former Cambridge Analytica Employee Says Facebook Users Affected Could Be 'Much Greater Than 87 million' (theverge.com) 45

Cambridge Analytica and its partners used data from previously unknown "Facebook-connected questionnaires" to obtain user data from the social media service, according to testimony from a former Cambridge Analytica employee. From a report: Brittany Kaiser provided evidence to the British Parliament today as part of a hearing on fake news. Kaiser, who worked on the business team at Cambridge Analytica's parent company until January of this year, wrote in a statement that she was "aware in a general sense of a wide range of surveys" used by Cambridge Analytica or its partners, and she said she believes the number of people whose Facebook data may have been compromised is likely higher than the widely reported 87 million.
Government

IRS 'Direct Pay' Option Not Working on Tax Day (cbsnews.com) 139

An anonymous reader shares a report: Online payments on IRS.gov are partially down. But the government still expects its money. A page on the IRS website that allows taxpayers to make a payment is not working for many as of Tuesday morning. Clicking on "Make a payment" on the payments page redirects the user to a page titled "unplannedOutagePage. Note that your tax payment is due although IRS Direct Pay may not be available," the page notes. UPDATE 04/17/18: Treasury Secretary Steven Mnuchin told the Associated Press that online tax filers will get an extension due to today's website outage.
Businesses

Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks (cybertechaccord.org) 67

Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.

The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.

Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."
Canada

19-Year-Old Archivist Charged For Downloading Freedom-of-Information Releases (www.cbc.ca) 422

Ichijo writes: According to CBC News, a Canadian teen "has been charged with 'unauthorized use of a computer,' which carries a possible 10-year prison sentence, for downloading approximately 7,000 freedom-of-information releases. The provincial government says about 250 of those contain Nova Scotians' sensitive personal information."

"When he was around eight [...] his Grade 3 class adopted an animal at a shelter, receiving an electronic adoption certificate," reports CBC. "That lead to a discovery on the classroom computer. 'The website had a number at the end, and I was able to change the last digit of the number to a different number and was able to see a certificate for someone else's animal that they adopted,' he said. 'I thought that was interesting.' The teenager's current troubles arose because he used the same trick on Nova Scotia's freedom-of-information portal, downloading about 7,000 freedom-of-information requests."
The teen is estimated to have around 30 terabytes of online data on his hard drives, which equates to "millions" of webpages. "He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
The Courts

Supreme Court Set To Hear Landmark Online Sales Tax Case (gizmodo.com) 248

An anonymous reader quotes a report from Gizmodo: On Tuesday, the U.S. Supreme Court will hear arguments in a case that could at least somewhat clarify Donald Trump's complaints about Amazon "not paying internet taxes." It will also decide if those cheap deals on NewEgg are going to be less of a steal. The case concerns the state of South Dakota versus online retailers Wayfront, NewEgg, and Overstock.com in a battle over whether or not state sales tax should apply to all online transactions in the U.S., regardless of where the customer or retailer is located. It promises to have an impact on the internet's competition with brick-and-mortar retailers, as well as continue to address the ongoing legal questions surrounding real-world borders in the borderless world of online.
United States

Facebook Must Face Class-Action Lawsuit Over Facial Recognition, Says Judge (kfgo.com) 79

U.S. District Judge James Donato ruled on Monday that Facebook must face a class-action lawsuit alleging that the social network unlawfully used a facial recognition process on photos without user permission. Donato ruled that a class-action was the most efficient way to resolve the dispute over facial templates. KFGO reports: Facebook said it was reviewing the ruling. "We continue to believe the case has no merit and will defend ourselves vigorously," the company said in a statement. Lawyers for the plaintiffs could not immediately be reached for comment. Facebook users sued in 2015, alleging violations of an Illinois state law about the privacy of biometric information. The class will consist of Facebook users in Illinois for whom Facebook created and stored facial recognition algorithms after June 7, 2011, Donato ruled. That is the date when Facebook launched "Tag Suggestions," a feature that suggests people to tag after a Facebook user uploads a photo. In the U.S. court system, certification of a class is typically a major hurdle that plaintiffs in proposed class actions need to overcome before reaching a possible settlement or trial.
Businesses

New Child Protection Nonprofit Strikes Back At Sex-Negative Approach of FOSTA-SESTA (youcaring.com) 212

qirtaiba writes: When the FOSTA-SESTA online sex trafficking bill passed last month, it sailed through Congress because there were no child protection organizations that stood against it, and because no member of Congress (with the brave exceptions of Ron Wyden and Rand Paul) wanted to face re-election having opposed a bill against sex trafficking, despite its manifest flaws. In the wake of the law's passage, its real targets -- not child sex traffickers, but adult sex workers and the internet platforms used by them -- have borne the brunt of its effects. Websites like the Erotic Review and Craigslist's personals section have either shut down entirely or for U.S. users, while Backpage.com has been seized, leaving many adult sex workers in physical and financial peril.

A new child protection organization, Prostasia Foundation, has just been announced, with the aim of taking a more sex-positive approach that would allow it to push back against laws that really target porn or sex work under the guise of being child protection laws. Instead, the organization promotes a research-based approach to the prevention of child sexual abuse before it happens. From the organization's press release: "Prostasia Director Jaylen MacLaren is a former child prostitute who used a website like this to screen her clients. She now recognizes those clients as abusers, but she does not blame the website for her suffering. 'I am committed to preventing child sexual abuse, but I don't believe that this should come at the cost of civil liberties and sexual freedom,' Jaylen said. 'I have found ways to express my sexuality in consensual and cathartic ways.'" Nerea Vega Lucio, a member of the group's Advisory Council, said, 'Child protection laws need to be informed by accurate and impartial research, and ensuring that policy makers have access to such research will be a top priority for Prostasia.'"

Businesses

California Bill Would Restore, Strengthen Net Neutrality Protections (mercurynews.com) 83

An anonymous reader quotes a report from The Mercury News: With the FCC order to repeal net neutrality rules set to take effect next week, a bill that would restore those regulations in California will get its first hearing Tuesday (Warning: source may be paywalled; alternative source). SB 822, written by State Sen. Scott D. Wiener, D-San Francisco, is backed by big names including Tom Wheeler, the Obama-appointed former Federal Communications Commission chairman who wrote the 2015 Open Internet Order. Wheeler is joined by former FCC commissioners Michael Copps and Gloria Tristani in advocating for SB 822, which would in some ways be stronger than the net neutrality rules put in place under President Obama's administration after more than a decade of legal and political wrangling. Those rules required equal treatment of all internet traffic, and prohibited the establishment of internet slow and fast lanes. Wiener's bill would also prohibit "zero rating," in which internet providers exempt certain content, sites and services from data caps. In addition, it would prohibit public agencies in the state from signing contracts with ISPs that violate net neutrality principles, and call for internet service providers to be transparent about their practices and offerings.
United Kingdom

State-Sponsored Russian Hackers Actively Seeking To Hijack Essential Internet Hardware, US and UK Intelligence Agencies Say (bbc.com) 170

State-sponsored Russian hackers are actively seeking to hijack essential internet hardware, US and UK intelligence agencies say. BBC reports: The UK's National Cyber Security Centre (NCSC), the FBI and the US Department of Homeland Security issued a joint alert warning of a global campaign. The alert details methods used to take over essential network hardware. The attacks could be an attempt by Russia to gain a foothold for use in a future offensive, it said. "Russia is our most capable hostile adversary in cyber-space, so dealing with their attacks is a major priority for the National Cyber Security Centre and our US allies," said Ciaran Martin, head of the NCSC in a statement. The alert said attacks were aimed at routers and switches that directed traffic around the net. Compromised devices were used to look at data passing through them, so Russia could scoop up valuable intellectual property, business information and other intelligence.
Robotics

Europe Divided Over Robot 'Personhood' (politico.eu) 246

Politico Europe has an interesting piece which looks at the high-stakes debate between European lawmakers, legal experts and manufacturers over who should bear the ultimate responsibility for the actions by a machine: the machine itself or the humans who made them?. Two excerpts from the piece: The battle goes back to a paragraph of text, buried deep in a European Parliament report from early 2017, which suggests that self-learning robots could be granted "electronic personalities." Such a status could allow robots to be insured individually and be held liable for damages if they go rogue and start hurting people or damaging property.

Those pushing for such a legal change, including some manufacturers and their affiliates, say the proposal is common sense. Legal personhood would not make robots virtual people who can get married and benefit from human rights, they say; it would merely put them on par with corporations, which already have status as "legal persons," and are treated as such by courts around the world.

Encryption

Former FBI Director James Comey Reveals How Apple and Google's Encryption Efforts Drove Him 'Crazy' (fastcompany.com) 351

An anonymous reader shares a report: In his explosive new book, A Higher Loyalty, fired FBI director James Comey denounces President Trump as "untethered to the truth" and likens him to a "mob boss," but he also touches on other topics during his decades-long career in law enforcement -- including his strong objection to the tech industry's encryption efforts. When Apple and Google announced in 2014 that they would be moving their mobile devices to default encryption, by emphasizing that making them immune to judicial orders was good for society, "it drove me crazy," he writes. He goes on to lament the lack of "true listening" between tech and law enforcement, saying that "the leaders of the tech companies don't see the darkness the FBI sees," such as terrorism and organized crime.

He writes, "I found it appalling that the tech types couldn't see this. I would frequently joke with the FBI 'Going Dark' team assigned to seek solutions, 'Of course the Silicon Valley types don't see the darkness -- they live where it's sunny all the time and everybody is rich and smart." But Comey understood it was an unbelievably difficult issue and that public safety had to be balanced with privacy concerns.

Encryption

Lawmakers Call FBI's 'Going Dark' Narrative 'Highly Questionable' After Motherboard Shows Cops Can Easily Hack iPhones (vice.com) 69

Joseph Cox, reporting for Motherboard: This week, Motherboard showed that law enforcement agencies across the country, including a part of the State Department, have bought GrayKey, a relatively cheap technology that can unlock fully up-to-date iPhones. That revelation, cryptographers and technologists said, undermined the FBI's renewed push for backdoors in consumer encryption products. Citing Motherboard's work, on Friday US lawmakers sent a letter to FBI Director Christopher Wray, doubting the FBI's narrative around 'going dark', where law enforcement officials say they are increasingly unable to obtain evidence related to crimes due to encryption. Politico was first to report the letter. "According to your testimony and public statements, the FBI encountered 7,800 devices last year that it could not access due to encryption," the letter, signed by 5 Democrat and 5 Republican n House lawmakers, reads. "However, in light of the availability of unlocking tools developed by third-parties and the OIG report's findings that the Bureau was uninterested in seeking available third-party options, these statistics appear highly questionable," it adds, referring to a recent report from the Justice Department's Office of the Inspector General. That report found the FBI barely explored its technical options for accessing the San Bernardino iPhone before trying to compel Apple to unlock the device. The lawmaker's letter points to Motherboard's report that the State Department spent around $15,000 on a GrayKey.
Social Networks

Is It Time To Stop Using Social Media? (counterpunch.org) 291

Slashdot reader Nicola Hahn writes: Bulk data collection isn't the work of a couple of bad apples. Corporate social media is largely predicated on stockpiling and mining user information. As Zuckerberg explained to lawmakers, it's their business model...

While Zuckerberg has offered public apologias, spurring genuine regulation will probably be left to the public. Having said that, confronting an economic sector which makes up one of the country's largest political lobbying blocks might not be a tenable path in the short term.

The best immediate option for netizens may be to opt out of social media entirely.

The original submission links to this call-to-action from Counterpunch: Take personal responsibility for your own social life. Go back to engaging flesh and blood people without tech companies serving as an intermediary. Eschew the narcissistic impulse to broadcast the excruciating minutiae of your life to the world. Refuse to accept the mandate that you must participate in social media in order to participate in society. Reclaim your autonomy.
Government

Investor Tim Draper Pushes Ballot Measure Splitting California Into 3 States (sfgate.com) 429

"One of several proposals aiming to split California into multiple smaller states has reportedly reached an important new goal thanks in large part to the efforts of its billionaire champion," writes schwit1. SFGate reports: Venture capitalist Tim Draper, who previously pushed a proposal that would split California into six states, says that his three-state proposal has enough signatures to qualify for the November ballot. On Thursday, Draper said in a statement that the "CAL 3" initiative has collected over 600,000 signatures from Californians who would like to see the state split into three. An initiative needs 366,000 signatures to appear on the ballot. "This is an unprecedented show of support on behalf of every corner of California to create three state governments that emphasize representation, responsiveness, reliability and regional identity," Draper said.
The U.S. Congress would still need to approve the change -- and it's probably useful to remember what happened when Draper tried splitting California into six states. He ultimately turned in 1.3 million signatures for a ballot measure in 2014, "only to see nearly half of them disqualified.

"He ended up about 100,000 short of the valid signatures he needed."
Yahoo!

Yahoo's New Privacy Policy Allows Data-Sharing With Verizon (cnet.com) 38

"Yahoo is now part of Oath and there is a new Privacy and Terms contract..." warns long-time Slashdot reader DigitalLogic. CNET reports: Oath notes that it has the right to read your emails, instant messages, posts, photos and even look at your message attachments. And it might share that data with parent company Verizon, too... When you dig further into Oath's policy about what it might do with your words, photos, and attachments, the company clarifies that it's utilizing automated systems that help the company with security, research and providing targeted ads -- and that those automated systems should strip out personally identifying information before letting any humans look at your data. But there are no explicit guarantees on that.
The update also warns that Oath is now "linking your activity on other sites and apps with information we have about you, and providing anonymized and/or aggregated reports to other parties regarding user trends." For example, Oath "may analyze user content around certain interactions with financial institutions," and "leverages information financial institutions are allowed to send over email."

Oath does offer a "Privacy Controls" page which includes a "legacy" AOL link letting you opt-out of internet-based advertising that's been targeted "based on your online activities" -- but it appears to be functioning sporadically.

CNET also reports that now Yahoo users are agreeing to a class-action waiver and mutual arbitration. "What it means is if you don't like what the company does with your data, you'll have a hard time suing."
Crime

Jailed Kansas 'Swat' Perpetrator Sneaks Online, Threatens More 'Swats' (kansas.com) 285

An anonymous reader quotes the Wichita Eagle: Tyler Barriss -- the man charged in a swatting hoax that led to the death of an innocent Wichita man -- apparently got access to the internet from jail for at least 28 minutes [last] Friday and threatened to swat again. "How am I on the Internet if I'm in jail? Oh, because I'm an eGod, that's how," a tweet posted at 9:05 a.m. said.
Other developments in the case:
  • Another tweet from the Barriss account 19 minutes later asked who was "talking shit," warning "your ass is about to get swatted." And nine minutes later his final tweet from jail bragged, "Y'all should see how much swag I got in here." The county sheriff's office blamed an outside vendor's improper software upgrade to an inmate kiosk, arguing that 14 inmates potentially had full internet access "for less than a few hours."
  • 25-year-old Barris is still in jail facing an 11-year prison sentence, noted a Twitter user who responded to the tweets. "This will play well at sentencing when you're pretending to be remorseful and asking the judge for mercy."
  • Meanwhile, the Wichita police officer who mistakenly fired the fatal shot that killed a 28-year-old father of two will not face charges. The district attorney concluded that several of the officers closest to victim Andrew Finch thought he reached down to pull up his pants, leaving his right arm hidden from the officers, the Wichita Eagle reports. "The officer who fired the shot, along with some others, thought Finch was reaching for a gun."
  • "This shooting should not have happened," said the district attorney. "But this officer's decision was made in the context of the false call." Finch was shot 10 seconds after opening his front door, and his family's civil case against the police department is still going forward.
  • Two other gamers involved in the shooting -- including one who allegedly hired Barriss over a $1.50 bet in the game Call of Duty -- have not been charged with a crime.

China

Trade War Or Not, China is Closing the Gap on US in Technology IP Race (reuters.com) 149

China's rising investment in research and expansion of its higher education system mean that it is fast closing the gap with the United States in intellectual property and the struggle to be the No.1 global technology power, according to patent experts. From a report: While U.S. President Donald Trump's threat of punitive tariffs on high-tech U.S. exports could slow Beijing's momentum, it won't turn back the tide, they say. Washington's allegation that the Chinese have engaged in intellectual property theft over many years -- which is denied by Beijing -- is a central reason for the worsening trade conflict between the U.S. and China. Forecasts for how long it will take for Beijing to close the technological gap vary -- though several patent specialists say it could happen in the next decade.

And China is already leapfrogging ahead in a couple of areas. "With the number of scientists China is training every year it will eventually catch up, regardless of what the U.S. does," said David Shen, head of IP for China at global law firm Allen & Overy. Indeed, IP lawyers now see President Xi Jinping's pledge earlier this week to protect foreign IP rights as projecting confidence in China's position as a leading innovator in sectors such as telecommunications and online payments, as well as its ability to catch up in other areas.

Piracy

Telegram is Riddled With Tens of Thousands of Piracy Channels; Apple and Google Have Ignored Requests From Creators To Take Action (theoutline.com) 49

joshtops writes: Instant messaging platform Telegram, which is used by more than 200 million users, has had an open secret since its inception: The platform has served as a haven for online pirates. The Outline reports that the platform is riddled with thousands of groups and channels, many with more than 100,000 members, whose sole purpose of existence is to share illegally copied movies, music albums, apps, and other content. The files are stored directly to Telegram's servers, allowing users to download movies, songs, and other content with one click. Channel admins told The Outline that they have not come across any resistance from Telegram despite the company, along with Apple and Google, maintaining a 'zero tolerance' stance on copyright infringement. This permissiveness on Telegram's part has led to the proliferation of a cottage industry of piracy marketplaces on the service.

[...] The Outline also discovered several groups and channels on Telegram in which stolen credentials -- i.e., the username and password for a website -- from Netflix, Spotify, Hulu, HBO, CBS, EA Sports, Lynda, Sling, WWE Network, Mega, India's Hotstar, and dozens of other services were being offered to tens of thousands of members each day. The Outline sourced nearly three-dozen free credentials from six Telegram channels, all of which worked as advertised.
The report says that content creators have reached out to Apple, requesting the iPhone-maker to intervene, but the company has largely ignored the issue.

In an unrelated development, a Moscow court cleared the way on Friday for the local government to ban Telegram, the messaging app, over its failure to give Russian security services the ability to read users' encrypted messages.
Google

Google is Testing Self-Destructing Emails in New Gmail (techcrunch.com) 172

The upcoming update to Gmail might include a feature which would allow users to send emails that expire after a user-defined period of time. From a report: Working on an email service is hard as you have to be compatible with all sorts of email providers and email clients. But it doesn't seem to be stopping Google as the company is now evolving beyond the simple POP3/IMAP/SMTP protocols. Based on those screenshots, expiring emails work pretty much like expiring emails in ProtonMail. After some time, the email becomes unreadable. In the compose screen, there's a tiny lock icon called "confidential mode." It says that the recipient won't be able to forward email content, copy and paste, download or print the email.
Chrome

Google Chrome To Boost User Privacy by Improving Cookies Handling Procedure (bleepingcomputer.com) 37

Catalin Cimpanu, writing for BleepingComputer: Google engineers plan to improve user privacy and security by putting a short lifespan on cookies delivered via HTTP connections. Google hopes that the move will force website developers and advertisers to send cookies via HTTPS, which "provides significant confidentiality protections against [pervasive monitoring] attacks."

Sending cookies via plaintext HTTP is considered both a user privacy and security risk, as these cookies could be intercepted and even modified by an attacker. Banning the sending of cookies via HTTP is not yet an option, so Chrome engineers hope that by limiting a cookie's lifespan, they would prevent huge troves of user data from gathering inside cookies, or advertisers using the same cookie to track users across different sites.

United States

Trump Orders Audit of Postal Service After Suggesting Amazon Is To Blame For Their Troubles (politico.com) 493

An anonymous reader quotes a report from Politico: President Donald Trump ordered the U.S. Postal Service to undergo an audit Thursday evening, a move that comes after president's repeated claims that Amazon is fleecing the USPS through alleged unfair business practices. "The USPS is on an unsustainable financial path and must be restructured to prevent a taxpayer-funded bailout," reads the executive order Trump issued shortly before 9 p.m. While not explicitly mentioned in the order, the president has hammered e-commerce giant Amazon in recent weeks and alleged that the company and its CEO Jeff Bezos are driving the USPS into the ground. "I am right about Amazon costing the United States Post Office massive amounts of money for being their Delivery Boy," Trump wrote on Twitter on April 3. "Amazon should pay these costs (plus) and not have them bourne by the American Taxpayer." According to the executive order, a task force comprise of top officials, including Treasury Secretary Steven Mnuchin, who would chair the group, will lead the investigation into the USPS' finances and will be required to issue recommendations and a final report no later than early August.
Bitcoin

438 Bitcoins Worth Nearly $3.5 Million Stolen From Exchange In India, CSO Accused (indiatimes.com) 85

William Robinson shares a report from The Economic Times: Nearly 438 bitcoins, worth nearly $3.5 million, were stolen from a top exchange firm in India in what is being billed as the biggest cryptocurrency theft in the country so far. The exchange, which has over two hundred thousand users across the country, found that all the bitcoins that were stored offline had vanished. It was later found that the private keys -- the password that is kept by the company and is stored offline -- were leaked online, leading to the hack. The company tried to trace the hackers, but found that all the data logs of the affected wallets had been erased, leaving no trails about where the bitcoins were transferred. Coinsecure, a Delhi-based cryptocurrency exchange, is accusing its CSO, Amitabh Saxena, of siphoning off the money from the firm's wallet. The exchange is urging the government to seize Saxena's passport, fearing that he may leave the country.
Music

'High Definition Vinyl' Is Coming As Early As Next Year (pitchfork.com) 330

An anonymous reader quotes a report from Pitchfork: In 2016, a European patent filing described a way of manufacturing records that the inventors claimed would have higher audio fidelity, louder volume, and longer playing times than conventional LPs. Now, the Austrian-based startup Rebeat Innovation has received $4.8 million in funding for the initiative, founder and CEO Gunter Loibl told Pitchfork. Thanks to the investment, the first "HD vinyl" albums could hit stores as early as 2019, Loibl said. The HD vinyl process involves converting audio digitally to a 3D topographic map. Lasers are then used to inscribe the map onto the "stamper," the part that stamps the grooves into the vinyl. According to Loibl, these methods allow for records to be made more precisely and with less loss of audio information. The results, he said, are vinyl LPs that can have up to 30 percent more playing time, 30 percent more amplitude, and overall more faithful sound reproduction. The technique would also avoid the chemicals that play a role in traditional vinyl manufacturing. Plus, the new-school HD vinyl LPs would still play on ordinary record players.
Businesses

Uber Drivers Are Independent Contractors, Not Employees, Judge Rules (reuters.com) 192

Uber drivers are independent contractors, not full-time employees of the ride-hailing company, a federal judge in Philadelphia ruled in what is said to be the first classification of Uber drivers under federal law. Reuters reports: U.S. District Judge Michael Baylson on Wednesday said San Francisco-based Uber does not exert enough control over drivers for its limo service, UberBLACK, to be considered their employer under the federal Fair Labor Standards Act. The drivers work when they want to and are free to nap, run personal errands, or smoke cigarettes in between rides, Baylson said. Jeremy Abay, a lawyer for the plaintiffs, said he would appeal the ruling to the Philadelphia-based 3rd U.S. Circuit Court of Appeals. The 3rd Circuit would be the first federal appeals court to consider whether Uber drivers are properly classified as independent contractors.
Transportation

NTSB Boots Tesla From Investigation Into Fatal Autopilot Crash (theverge.com) 160

The National Transportation Safety Board has removed Tesla from the investigation into a fatal Autopilot accident that occurred in March. The NTSB says it took the action because Tesla had released "investigative information before it was vetted and confirmed by" the agency. "Such releases of incomplete information often lead to speculation and incorrect assumptions about the probable cause of a crash, which does a disservice to the investigative process and the traveling public," the agency writes. The Verge reports: The NTSB's account contradicts Tesla's version of the story. In a statement, the automaker says it decided to remove itself from the investigation on Tuesday because of the NTSB was restricting it from sharing information before the probe ends. The company also accuses the NTSB of being duplicitous, arguing that the agency has released statements about the crash at the same time that it told Tesla not to. "It's been clear in our conversations with the NTSB that they're more concerned with press headlines than actually promoting safety," a spokesperson for the company says. "Among other things, they repeatedly released partial bits of incomplete information to the media in violation of their own rules, at the same time that they were trying to prevent us from telling all the facts. We don't believe this is right and we will be making an official complaint to Congress." The company also said it will issue "a Freedom Of Information Act request to understand the reasoning behind their focus on the safest cars in America while they ignore the cars that are the least safe." The full letter send to Musk from the NTSB can be seen here.
Iphone

Cops Around the Country Can Now Unlock iPhones, Records Show (vice.com) 98

Law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors, Motherboard reported on Thursday. From the report: FBI Director Christopher Wray recently said that law enforcement agencies are "increasingly unable to access" evidence stored on encrypted devices. Wray is not telling the whole truth. Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.

The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI's argument for introducing backdoors into consumer devices so authorities can more readily access their contents.

United States

Trump Proposes Rejoining Trans-Pacific Partnership (nytimes.com) 315

According to The New York Times, "President Trump told a gathering of farm state lawmakers and governors on Thursday morning that he was directing his advisers to look into rejoining the multicountry trade deal known as the Trans-Pacific Partnership (Warning: source may be paywalled; alternative source)." The TPP was a contentious issue during the 2016 presidential election as both Democrats and Republicans attacked it. After signaling during the election that he would pull out of the trade deal "on day one" of his presidency, Trump followed through with his plans. From the report: Rejoining the 11-country pact could be a significant change in fortune for many American industries that stood to benefit from the trade agreement's favorable terms and Republican lawmakers who supported the pact. The deal, which was negotiated by the Obama administration, was largely viewed as a tool to prod China into making the type of economic reforms that the United States and others have long wanted. Both Democrats and Republicans attacked the deal during the president campaign, but many business leaders were disappointed when Mr. Trump withdrew from the agreement, arguing that the United States would end up with less favorable terms attempting to broker an array of individual trade pacts and that scrapping the deal would empower China.

Mr. Trump's decision to reconsider the deal comes as the White House tries to find ways to protect the agriculture sector, which could be badly damaged by the president's trade approach. The risk of an escalating trade war with China has panicked American farmers and ranchers, who send many of their products abroad. China has responded to Mr. Trump's threat of tariffs on as much as $150 billion worth of Chinese goods by placing its own tariffs on American pork, and threatening taxes on soybeans, sorghum, corn and beef. Many American agriculturalists maintain that the easiest way to help them is to avoid a trade war with China in the first place. And many economists say the best way to combat a rising China and pressure it to open its market is through multilateral trade deals like the Trans-Pacific Partnership, which create favorable trading terms for participants.

Google

It's Surprisingly Easy To Make Government Records Public on Google Books (fastcompany.com) 11

From a report on FastCompany: While working on a recent story about hate speech spread by telephone in the '60s and '70s, I came across an interesting book that had been digitized by Google Books. Unfortunately, while it was a transcript of a Congressional hearing, and therefore should be in the public domain and not subject to copyright, it wasn't fully accessible through Google's archive. It's not surprising that Google might be cautious about making documents available, since its book search project resulted in over a decade of controversy over copyrights, with authors and publishers arguing that the search giant was exceeding its rights, and users clamoring to see the full texts of books, especially those that are in public domain.

But, as it turns out, Google provides a form where anyone can ask that a book scanned as part of Google Books be reviewed to determine if it's in the public domain. And, despite internet companies sometimes earning a mediocre-at-best reputation for responding to user inquiries about free services, I'm happy to report that Google let me know within a week after filling out the form that the book would now be available for reading and download.

Security

Uber's 2016 Breach Affected More Than 20 Million US Users (bloomberg.com) 6

An anonymous reader quotes a report from Bloomberg: A data breach in 2016 exposed the names, phone numbers and email addresses of more than 20 million people who use Uber's service in the U.S., authorities said on Thursday, as they chastised the ride-hailing company for not revealing the lapse earlier. The Federal Trade Commission said Uber failed to disclose the leak last year as the agency investigated and sanctioned the company for a similar data breach that happened in 2014. "After misleading consumers about its privacy and security practices, Uber compounded its misconduct," said Maureen Ohlhausen, the acting FTC chairman. She announced an expansion of last year's settlement with the company and said the new agreement was "designed to ensure that Uber does not engage in similar misconduct in the future."

In the 2016 breach, intruders in a data-storage service run by Amazon.com Inc. obtained unencrypted consumer personal information relating to U.S. riders and drivers, including 25.6 million names and email addresses, 22.1 million names and mobile phone numbers, and 607,000 names and driver's license numbers, the FTC said in a complaint. Under the revised settlement, Uber could be subject to civil penalties if it fails to notify the FTC of future incidents, and it must submit audits of its data security, the agency said.

China

A Wanted Man in China Has Been Caught Because of Facial Recognition Software (fastcompany.com) 146

An anonymous reader writes: The man was reportedly caught after facial recognition software running on cameras at a concert identified him, reports AbacusNews. That's despite there being over 50,000 people attending the concert, which took place in Nanchang, China. Law enforcement in the country has increasingly been turning to facial recognition software to surveil the public for persons of interest.
Communications

Reddit Continues To Protect Racist Language In Favor of Free Speech (digitaltrends.com) 661

In a thread about Reddit's 2017 transparency report, a user asked CEO Steve Huffman whether posts containing racism or racial slurs violate Reddit's terms. Huffman revealed that said speech are permissible on the site. "On Reddit, the way in which we think about speech is to separate behavior from beliefs," Huffman clarified. "This means on Reddit there will be people with beliefs different from your own, sometimes extremely so." Digital Trends reports: It's unclear if Huffman's comments are representative of Reddit's company policy, but protection of hate speech can -- and do -- lead to online harassment and cyberbullying. A recent study from Pew revealed that as many as 40 percent of Americans have experienced some form of harassment online. And even if hate speech may still be protected content on Reddit, Huffman was quick to point out that any threat of violence is not tolerated on the site. "When users actions conflict with our own content policies, we take action," he said. This distinction is consistent with Reddit's prior policies for enforcement. "Going forward, we will take action against any content that encourages, glorifies, incites, or calls for violence or physical harm against an individual or a group of people; likewise we will also take action against content that glorifies or encourages the abuse of animals," the updated terms read, noting that "context is key."
AI

FDA Approves AI-Powered Software To Detect Diabetic Retinopathy (engadget.com) 34

The U.S. Food and Drug Administration (FDA) has just approved an AI-powered device that can be used by non-specialists to detect diabetic retinopathy in adults with diabetes. Engadget reports: Diabetic retinopathy occurs when the high levels of blood sugar in the bloodstream cause damage to your retina's blood vessels. It's the most common cause of vision loss, according to the FDA. The approval comes for a device called IDx-DR, a software program that uses an AI algorithm to analyze images of the eye that can be taken in a regular doctor's office with a special camera, the Topcon NW400. The photos are then uploaded to a server that runs IDx-DR, which can then tell the doctor if there is a more than mild level of diabetic retinopathy present. If not, it will advise a re-screen in 12 months. The device and software can be used by health care providers who don't normally provide eye care services. The FDA warns that you shouldn't be screened with the device if you have had laser treatment, eye surgery or injections, as well as those with other conditions, like persistent vision loss, blurred vision, floaters, previously diagnosed macular edema and more.
Social Networks

Instagram Will Soon Let You Download a Copy of Your Data (techcrunch.com) 22

An Instagram spokesperson has confirmed to TechCrunch that the site will soon let users download a copy of what they've shared on Instagram, including their photos, videos and messages. The new data portability tool could make it much easier for users to leave Instagram and go to a competing image social network. It will also help the site comply with the upcoming European GDPR privacy law that requires data portability, assuming the feature launches before May 25th. From the report: Instagram has historically made it very difficult to export your data. You can't drag, or tap and hold on images to save them. And you can't download images you've already posted. That's despite Instagram now being almost 8 years old and having over 800 million users. For comparison, Facebook launched its Download Your Information tool in 2010, just six years after launch. We're awaiting more info on whether you'll only be able to download your photos, videos, and messages; or if you'll also be able to export your following and follower lists, Likes, comments, Stories, and the captions you share with posts. It's also unclear whether photos and videos will export in the full fidelity that they're uploaded or displayed in, or whether they'll be compressed. Instagram told me "we'll share more details very soon when we actually launch the tool. But at a high level it allows you to download and export what you have shared on Instagram" so we'll have to wait for more clarity.
AI

The US Military Desperately Wants To Weaponize AI (technologyreview.com) 179

Artificial intelligence is a transformative technology, and US generals already see it as the next big weapon in their arsenal. From a report: War-machine learning: Michael Griffin, Undersecretary of Defense for Research and Engineering, signaled how keen the military is to make use of AI at the Future of War 2018 conference held in Washington, DC, yesterday. Saber rattling: "There might be an artificial intelligence arms race, but we're not yet in it," Griffin said. In reference to China and Russia, he added, "I think our adversaries -- and they are our adversaries -- understand very well the possible future utility of machine learning, and I think it's time we did as well."
Facebook

Mark Zuckerberg Denies Knowledge of Non-Consensual Shadow Profiles Facebook Has Been Building of Non-Users For Years 235

It has been widely reported that Facebook builds profile of people even if they have never signed up for its services. However, in a hearing with the House Energy & Commerce Committee on Wednesday, when New Mexico Representative Ben Lujan asked Facebook CEO Mark Zuckerberg if he was aware of the so-called practice of building "shadow profiles", Zuckerberg denied knowledge of it. Here's the exchange: Lujan: Facebook has detailed profiles on people who have never signed up for Facebook, yes or no?
Zuckerberg: Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers].
Lujan: So these are called shadow profiles, is that what they've been referred to by some?
Zuckerberg: Congressman, I'm not, I'm not familiar with that.
Lujan: I'll refer to them as shadow profiles for today's hearing. On average, how many data points does Facebook have on each Facebook user?
Zuckerberg: I do not know off the top of my head.
Lujan: Do you know how many points of data Facebook has on the average non-Facebook user?
Zuckerberg: Congressman, I do not know off the top of my head but I can have our team get back to you afterward.
Lujan: It's been admitted by Facebook that you do collect data points on non-[Facebook users]. My question is, can someone who does not have a Facebook account opt out of Facebook's involuntary data collection?
Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not but in order to prevent people from scraping public information ... we need to know when someone is repeatedly trying to access our services.
Privacy

Steam Spy Announces It's Shutting Down, Blames Valve's New Privacy Settings 97

Steam Spy, the world's most comprehensive game ownership and play estimator available to the public, announced that it "won't be able to operate anymore" thanks to recent changes to Valve's privacy policy. "Valve just made a change to their privacy settings, making games owned by Steam users hidden by default," the site's operators announced on its official Twitter account. "Steam Spy relied on this information being visible by default." The creator of the website, Sergey Galyonkin, suggested that the site will only remain as an "archive" from here on out. Ars Technica reports: Indeed, Steam's new private-by-default setting is the kind of proactive, data-protective move that sites like Facebook have faced repeated scrutiny about over the past decade. However, as of press time, we could not confirm exactly how these updated settings will work, thanks to the service's "edit privacy settings" page currently appearing blank. (This can be found in the Steam interface by selecting the word "profile" under the menu that appears when mousing over your username.)

Valve pointed out that Steam will also receive a long, long, long-awaited "invisible" function for Steam's online-status toggle, which will allow players to actively communicate with Steam friends while hiding from the general public, and that it will also specifically let players hide both game ownership and gameplay time counts from friends. The company explained that Tuesday's changes came "directly from user feedback," which Steam Spy founder Sergey Galyonkin questioned via his site's Twitter feed: "They said it was by users feedback which makes me as a person born in the Soviet Union very suspicious :)" After Epic Games founder Tim Sweeney applauded Valve's privacy-minded policy change, Galyonkin responded with his own opinion on why so much data was open on Steam in the first place: "This was always a compromise between being able to play with other people and privacy," he wrote in response. "It seems they moved towards privacy now."
Advertising

Zuckerberg: Facebook Doesn't Use Your Mic For Ad Targeting (engadget.com) 257

During today's joint hearing before the Senate Judiciary and Commerce Committees, CEO Mark Zuckerberg fully denied the idea that Facebook listens in on your conversations via microphones to display relevant ads. Engadget reports: Senator Gary Peters (D-MI) asked him to answer "yes or no" whether Facebook used audio from personal devices to fill out its ad data, and Zuckerberg said no. The CEO explained that users can upload videos with audio in them, but not the kind of background spying that you've probably heard people talk about. Peters: "I have heard constituents say Facebook is mining audio from their mobile devices for the purpose of ad targeting. This speaks to the lack of trust we are seeing. I understand there are technical and logistical issues for that to happen. For the record, I hear it all the time, does Facebook use audio obtained from mobile devices to enrich personal information about its users?"

Zuckerberg: "We do not. Senator, Let me be clear on this. You are talking about the conspiracy theory passed around that we listen to what is going on on your microphone and use that. We do not do that. We do allow people to take videos on their device and share those. Videos also have audio. We do, while you are taking a video, record that and use that to make the service better by making sure that you have audio. That is pretty clear."
Facebook

Facebook Data Collected By Quiz App Included Private Messages (nytimes.com) 30

In addition to the public profile data of up to 87 million Facebook users, political data firm Cambridge Analytica also reportedly harvested people's private messages, too (Warning: source may be paywalled; alternative source). The New York Times reports: On Monday, Facebook began informing people whose data may have been compromised by Cambridge Analytica through an app developed by the researcher Aleksandr Kogan. In its notifications, Facebook said that while the information harvested was largely limited to what was on people's public profiles, "a small number of people" also shared information from their Facebook timeline, posts and messages. Facebook did not specify how many people's messages were gathered and said it was taking as broad a view as possible when notifying people that their data may have been taken.
Businesses

Apple Must Pay Patent Troll More Than $500 Million In iMessage Case (bloomberg.com) 75

A federal court in Texas today has ordered Apple to pay $502.6 million to a patent troll called VirnetX, the latest twist in a dispute now in its eighth year. "VirnetX claimed that Apple's FaceTime, VPN on Demand and iMessage features infringe four patents related to secure communications, claims that Apple denied," reports Bloomberg. From the report: The dispute has bounced between the district court, patent office and Federal Circuit since 2010. There have been multiple trials, most recently one involving earlier versions of the Apple devices. A jury in that case awarded $302 million that a judge later increased to $439.7 million. Kendall Larsen, CEO of VirnetX, said the damages, which were based on sales of more than 400 million Apple devices, were "fair." "The evidence was clear," Larsen said after the verdict was announced. "Tell the truth and you don't have to worry about anything." For VirnetX, the jury verdict in its favor could be a short-lived victory. The Patent Trial and Appeal Board has said the patents are invalid, in cases that are currently before the U.S. Court of Appeals for the Federal Circuit in Washington. The Federal Circuit, which handles all patent appeals, declined to put this trial on hold, saying it was so far along that a verdict would come before a final validity decision.
Democrats

Democratic Senators Propose 'Privacy Bill of Rights' To Prevent Websites From Sharing Or Selling Sensitive Info Without Opt-In Consent (arstechnica.com) 136

Democratic Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) today proposed a "privacy bill of rights" that would prevent Facebook and other websites from sharing or selling sensitive information without a customer's opt-in consent. The proposed law would protect customers' web browsing and application usage history, private messages, and any sensitive personal data such as financial and health information. Ars Technica reports: Markey teamed with Sen. Richard Blumenthal (D-Conn.) to propose the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act. You can read the full legislation here. "Edge providers" refers to websites and other online services that distribute content over consumer broadband networks. Facebook and Google are the dominant edge providers when it comes to advertising and the use of customer data to serve targeted ads. No current law requires edge providers to seek customers' permission before using their browsing histories to serve personalized ads. The online advertising industry uses self-regulatory mechanisms in which websites let visitors opt out of personalized advertising based on browsing history, and websites can be punished by the Federal Trade Commission (FTC) if they break their privacy promises.

The Markey/Blumenthal bill's stricter opt-in standard would require edge providers to "obtain opt-in consent from a customer to use, share, or sell the sensitive customer proprietary information of the customer." Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service. The FTC and state attorneys general would be empowered to enforce the new opt-in requirements. The bill would require edge providers to notify users about all collection, use, and sharing of their information. The bill also requires edge providers "to develop reasonable data security practices" and to notify customers about data breaches that affect them.

Twitter

Twitter Says It Will Comply With Honest Ads Act To Combat Russia Social Media Meddling (theverge.com) 47

An anonymous reader quotes a report from The Verge: Twitter today pledged to support a proposed Senate bill that would require technology platforms that sell advertising space to disclose the source of and amount of money paid for political ads. Called the Honest Ads Act, the bipartisan bill was first introduced back in October by Sen. Amy Klobuchar (D-MN), Sen. Mark Warner (D-VA), and Sen. John McCain (R-AZ). As part of its transparency efforts, Twitter says it's launched a new platform called the Ads Transparency Center, or ATC, that will "go beyond the requirements of the Honest Ads Act and eventually provide increased transparency to all advertisements on Twitter." Twitter says the platform will increase transparency for political and so-called issue ads, which target specific topics like immigration and gun control, by providing even more information on the origin of an ad that is required by the Honest Ads Act. "We have a dedicated team that is fully resourced to implementing the ATC and are committed to launching it this summer," the company states. "Twitter is moving forward on our commitment to providing transparency for online ads. We believe the Honest Ads Act provides an appropriate framework for such ads and look forward to working with bill sponsors and others to continue to refine and advance this important proposal."
Facebook

Facebook Launches Bug Bounty Program To Report Data Thieves (cnet.com) 66

Facebook on Tuesday launched a data abuse bug bounty program, just hours ahead of CEO Mark Zuckerberg's testimony to the Senate judiciary and commerce committees in Washington, DC. The bug bounty program is asking for people to report any apps that abuse data on Facebook, and it offers a reward based on how severe the abuse is. From a report: "While there is no maximum, high impact bug reports have garnered as much as $40,000 for people who bring them to our attention," Collin Greene, Facebook's head of product security, said in a post. The new program comes almost a month after the New York Times and the UK's Observer and Guardian papers revealed that Cambridge Analytica, a voter profiling firm, took advantage of a Facebook app to siphon off personal information on 87 million people. The scandal has fanned the flames of a backlash against Facebook by lawmakers and users.
Chrome

Biometric and App Logins Will Soon Be Pushed Across the Web (vice.com) 161

Soon, it will be much easier to log into more websites using a hardware key plugged into your laptop, a dedicated app, or even the fingerprint scanner on your phone. Motherboard: On Tuesday, a spread of organizations and businesses, including top browser vendors such as Microsoft and Google, announced a new standards milestone that will streamline the process for web developers to add extra login methods to their sites, potentially keeping consumers' accounts and data more secure. "For users, this will be a natural transition. People everywhere are already using their fingers and faces to 'unlock' their mobile phones and PCs, so this will be natural to them -- and more convenient," Brett McDowell, executive director at the FIDO Alliance, one of the organizations involved in setting up the standard, told Motherboard in an email.

"What they use today to 'unlock' will soon allow them to 'login' to all their favorite websites and a growing number of native apps that already includes Bank of America, PayPal, eBay and Aetna," he added. Passwords continue to be one of the weaker points in online security. A hacker may phish a target's password and log into their account, or take passwords from one data breach and use them to break into accounts on another site. The login standard, called Web Authentication (WebAuthn), will let potentially any website or online service use apps, security keys, or biometrics as a login method instead of a password, or use those alternative approaches as a second method of verification. The key here is making it easy and open for developers to use, and for it to work across all different brands of browsers. The functionality is already available in Mozilla's Firefox, and will be rolled out to Microsoft's Edge and Google Chrome in the new few months. Opera has committed to supporting WebAuthn as well.

Communications

Oregon Becomes Second State To Pass a Net Neutrality Law (katu.com) 91

An anonymous reader quotes a report from KATU: Oregon Gov. Kate Brown signed a bill Monday withholding state business from internet providers who throttle traffic, making the state the second to finalize a proposal aimed at thwarting moves by federal regulators to relax net neutrality requirements. The bill stops short of actually putting new requirements on internet service providers in the state, but blocks the state from doing business with providers that offer preferential treatment to some internet content or apps, starting in 2019. The move follows a December vote by the Federal Communications Commission repealing Obama-era rules that prohibited such preferential treatment, referred to generally as throttling, by providers like AT&T, Comcast, and Verizon. Brown's signature makes the state the second to enact such legislation, according to the National Conference of State Legislatures. It also stakes out the state's claim to a moderate approach, compared to others: Five weeks to the day before Brown, Washington State Gov. Jay Inslee signed a bill in his state to directly regulate providers there. The prohibition, which restricts with whom the state may contract for internet services, applies to cities and counties, but exempts areas with only a single provider.
China

China Removes Four News Apps From Smartphone Stores To Tighten Control (scmp.com) 52

The mobile apps for four popular news apps in China, including the most popular aggregator, Jinri Toutiao, were removed from a number of Chinese smartphone app stores following reports of a crackdown by the country's media watchdog, local media reported on Monday. From the report: Toutiao, with about 120 million daily active users, was not available on the app stores of smartphone manufacturers Xiaomi and Meizu on Monday afternoon. The apps for Tiantian Kuaibao, Netease News and Ifeng News were also not found on Xiaomi. China's authorities have asked several of the country's smartphone app stores to remove the four apps by 3pm on Monday as part of efforts to "regulate order in the broadcasting environment," according to Chinese news portal Sohu.com. The apps will be removed for between three days to three weeks, with Toutiao being offline for the longest period, according to the Sohu report. [...] China has shut down more than 13,000 websites in the last three years as Beijing sought to tighten its grip on the internet.

Slashdot Top Deals