An anonymous reader quotes a report from BleepingComputer: A team of researchers from universities across the U.S. has identified different fingerprinting techniques that can track users when they use different browsers installed on the same machine. Named "cross-browser fingerprinting" (CBF), this practice relies on new technologies added to web browsers in recent years, some of which had been previously considered unreliable for cross-browser tracking and only used for single browser fingerprinting. These new techniques rely on making browsers carry out operations that use the underlying hardware components to process the desired data. For example, making a browser apply an image to the side of a 3D cube in WebGL provides a similar response in hardware parameters for all browsers. This is because the GPU card is the one carrying out this operation and not the browser software. According to the three-man research team led by Assistant Professor Yinzhi Cao from the Computer Science and Engineering Department at Lehigh University, the following browser features could be (ab)used for cross-browser fingerprinting operations: [Screen Resolution, Number of CPU Virtual Cores, AudioContext, List of Fonts, Line, Curve, and Anti-Aliasing, Vertex Shader, Fragment Shader, Transparency via Alpha Channel, Installed Writing Scripts (Languages), Modeling and Multiple Models, Lighting and Shadow Mapping, Camera and Clipping Planes.] Researchers used all these techniques together to test how many users they would be able to pin to the same computer. For tests, researchers used browsers such as Chrome, Firefox, Edge, IE, Opera, Safari, Maxthon, UC Browser, and Coconut. Results showed that CBF techniques were able to correctly identify 99.24% of all test users. Previous research methods achieved only a 90.84% result.
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
To combat the robot revolution, the European Parliament's legal affairs committee has proposed that robots be equipped with emergency "kill switches" to prevent them from causing excessive damage. Legislators have also suggested that robots be insured and even be made to pay taxes. "A growing number of areas of our daily lives are increasingly affected by robotics," said Mady Delvaux, the parliamentarian who authored the proposal. "To ensure that robots are and will remain in the service of humans, we urgently need to create a robust European legal framework." CNNMoney reports: The proposal calls for a new charter on robotics that would give engineers guidance on how to design ethical and safe machines. For example, designers should include "kill switches" so that robots can be turned off in emergencies. They must also make sure that robots can be reprogrammed if their software doesn't work as designed. The proposal states that designers, producers and operators of robots should generally be governed by the "laws of robotics" described by science fiction writer Isaac Asimov. The proposal also says that robots should always be identifiable as mechanical creations. That will help prevent humans from developing emotional attachments. "You always have to tell people that robot is not a human and a robot will never be a human," said Delvaux. "You must never think that a robot is a human and that he loves you." The report cites the example of care robots, saying that people who are physically dependent on them could develop emotional attachments. The proposal calls for a compulsory insurance scheme -- similar to car insurance -- that would require producers and owners to take out insurance to cover the damage caused by their robots. The proposal explores whether sophisticated autonomous robots should be given the status of "electronic persons." This designation would apply in situations where robots make autonomous decisions or interact with humans independently. It would also saddle robots with certain rights and obligations -- for example, robots would be responsible for any damage they cause. If advanced robots start replacing human workers in large numbers, the report recommends the European Commission force their owners to pay taxes or contribute to social security.
An anonymous reader quotes a report from Schneier on Security: President Obama has changed the rules regarding raw intelligence, allowing the NSA to share raw data with the U.S.'s other 16 intelligence agencies. The new rules significantly relax longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These include collecting satellite transmissions, phone calls and emails that cross network switches abroad, and messages between people abroad that cross domestic network switches. The change means that far more officials will be searching through raw data. Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people. Here are the new procedures. This rule change has been in the works for a while. Here are two blog posts from April discussing the then-proposed changes.
An anonymous reader shares a TechCrunch report: The Arizona attorney general is soliciting outside legal counsel to pursue a consumer fraud lawsuit against the beleaguered blood testing startup Theranos, according to a document posted on the state's procurement website. AZ's AG has so far declined to comment on any action, but the document contends Theranos may have defrauded customers in the state and the office is now seeking proposals to assist it in possible legal action "against Theranos, Inc. and its closely related subsidiaries for violations of the Arizona Consumer Fraud Act arising out of Theranos Inc.'s long-running scheme of deceptive acts and misrepresentations relating to the capabilities and operation of Theranos blood testing equipment." Theranos ran its consumer portion of the business in Arizona and even worked with the state government to change laws allowing consumers to request blood tests without a doctor's permission. But, as the document cites, a myriad bad test results, including those raised in a series of Wall street Journal articles, raised concerns with the attorney general's office.
An anonymous reader shares a GeekWire report: Amazon just made a big statement about its continued growth aspirations, announcing that it plans to add another 100,000 full-time jobs in the U.S. over the next 18 months, an increase of more than 55 percent in its domestic workforce. The growth would push Amazon's U.S. workforce to more than 280,000 people by mid 2018. Amazon said in an announcement that the jobs will be available to people "all across the country and with all types of experience, education and skill levels -- from engineers and software developers to those seeking entry-level positions and on-the-job training."
An anonymous reader shares a Motherboard report: Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products. The breach is the latest chapter in a growing trend of hackers taking matters into their own hands, and stealing information from companies that specialize in surveillance or hacking technologies. Cellebrite is an Israeli company whose main product, a typically laptop-sized device called the Universal Forensic Extraction Device (UFED), can rip data from thousands of different models of mobile phones. That data can include SMS messages, emails, call logs, and much more, as long as the UFED user is in physical possession of the phone.
Some deals are too good to be true. And, for Amazon, they will cost the company. From a report on Recode: A Canadian enforcement agency announced today that Amazon Canada will pay a $1 million fine for what could be construed as misleading pricing practices. The investigation centered on the practice of Amazon displaying its prices compared to higher "list prices" -- suggested manufacturer prices (MSRPs) designed as marketing gimmicks to make people think they are getting a deal, even though it's often the case that no shopper ever pays that price. "The Bureau's investigation concluded that these claims created the impression that prices for items offered on www.amazon.ca were lower than prevailing market prices," Canada's Competition Bureau said in a statement. "The Bureau determined that Amazon relied on its suppliers to provide list prices without verifying that those prices were accurate."
An anonymous reader quotes a report from The Verge: Just a week and a half before he is set to leave office, FCC Chairman Tom Wheeler has issued a new report stating that the zero-rated video services offered by ATT and Verizon may violate the FCC's Open Internet Order. Assembled by the FCC's Wireless Telecommunications Bureau, the report focuses on sponsored data programs, which allow companies to pay carriers to exempt exempt their data from customers' data caps. According to the report, many of those packages simply aren't playing fair. "While observing that ATT provided incomplete responses to staff inquires," Wheeler wrote to Senators, "the report states that the limited information available supports a conclusion that ATT offers Sponsored Data to third-party content providers at terms and conditions that are effectively less favorable than those it offers to its affiliate, DirecTV." In theory, sponsored data should be an even playing field, with providers bearing the costs and making the same charges regardless of who's footing the bill. But according to the report, ATT treats the DirectTV partnership very differently from an unaffiliated sponsored data system, giving the service a strong advantage over competitors. "ATT appears to view the network cost of Sponsored Data for DIRECTV Now as effectively de minimis," the report concludes. While ATT still bears some cost for all that free traffic, it's small enough that the carrier doesn't seem to care. The report raises similar concerns regarding Verizon's Go90 program, although it concludes Verizon's program may be less damaging. Notably, the letter does not raise the same concerns about T-Mobile's BingeOn video deal, since it "charges all edge providers the same zero rate for participating."
Tulsa_Time quotes a report from Phys.Org: Could flashing the "peace" sign in photos lead to fingerprint data being stolen? Research by a team at Japan's National Institute of Informatics (NII) says so, raising alarm bells over the popular two-fingered pose. Fingerprint recognition technology is becoming widely available to verify identities, such as when logging on to smartphones, tablets and laptop computers. But the proliferation of mobile devices with high-quality cameras and social media sites where photographs can be easily posted is raising the risk of personal information being leaked, reports said. The NII researchers were able to copy fingerprints based on photos taken by a digital camera three meters (nine feet) away from the subject.
An anonymous reader writes: The latest Adobe Acrobat Reader security update (15.023.20053), besides delivering security updates, also secretly installs the Adobe Acrobat extension in the user's Chrome browser. There is no mention of this "special package" on Acrobat's changelog, and surprise-surprise, the extension comes with anonymous data collection turned on by default. Bleeping Computer reports: "This extension allows users to save any web page they're on as a PDF file and share it or download it to disk. The extension is also Windows-only, meaning Mac and Linux Chrome users will not receive it. The extension requests the following permissions: Read and change all your data on the websites you visit; Manage your downloads; Communicate with cooperating native applications. According to Adobe, extension users 'share information with Adobe about how [they] use the application. The information is anonymous and will help us improve product quality and features,' Adobe also says. 'Since no personally identifiable information is collected, the anonymous data will not be meaningful to anyone outside of Adobe.'"
An anonymous reader shares with us a report from The Daily Beast: When former Microsoft employees complained of the horrific pornography and murder films they had to watch for their jobs, the software giant told them to just take more smoke breaks, a new lawsuit alleges. Members of Microsoft's Online Safety Team had "God-like" status, former employees Henry Soto and Greg Blauert allege in a lawsuit filed on Dec. 30. They "could literally view any customer's communications at any time." Specifically, they were asked to screen Microsoft users' communications for child pornography and evidence of other crimes. But Big Brother didn't offer a good health care plan, the Microsoft employees allege. After years of being made to watch the "most twisted" videos on the internet, employees said they suffered severe psychological distress, while the company allegedly refused to provide a specially trained therapist or to pay for therapy. The two former employees and their families are suing for damages from what they describe as permanent psychological injuries, for which they were denied worker's compensation. "Microsoft applies industry-leading, cutting-edge technology to help detect and classify illegal images of child abuse and exploitation that are shared by users on Microsoft Services," a Microsoft spokesperson wrote in an email. "Once verified by a specially trained employee, the company removes the image, reports it to the National Center for Missing and Exploited Children, and bans the users who shared the images from our services. We have put in place robust wellness programs to ensure the employees who handle this material have the resources and support they need." But the former employees allege neglect at Microsoft's hands.
An anonymous reader quotes a report from The Verge: Microsoft is working on a new Windows 10 feature that will automatically lock and secure a PC when the operating system detects someone has moved away from the machine. The feature is labelled as Dynamic Lock in recent test builds of Windows 10, and Windows Central reports that Microsoft refers to this as "Windows Goodbye" internally. Microsoft currently uses special Windows Hello cameras to let Windows 10 users log into a PC with just their face. Big corporations teach employees to use the winkey+L combination to lock machines when they're idle, but this new feature will make it an automatic process. It's not clear exactly how Microsoft will detect inactivity, but it's possible the company could use Windows Hello-compatible machines or detect idle activity and lock the machine accordingly. Windows can already be configured to do this after a set time period, but it appears Microsoft is streamlining this feature into a simple setting for anyone to enable. Microsoft is planning to deliver Dynamic Lock as part of the Windows 10 Creators Update, expected to arrive in April.
Federal regulators criticized several Wall Street banks over the handling of a $1.15 billion loan they helped arrange for Uber this past summer, reports Reuters, citing people with knowledge of the matter. From the report: Led by Morgan Stanley, the banks helped the ride-sharing network tap the leveraged loan market in July for the first time, persuading institutional investors to focus on its lofty valuation and established markets rather than its losses in countries such as China and India. The Federal Reserve and the Office of the Comptroller of the Currency (OCC), which are trying to reign in risky lending across Wall Street, took issue with the way in which the banks carved out Uber's more mature operations from the rest of the business, the people said.
An anonymous reader quotes a report from Network World: The Orange County Weekly reports that Best Buy's "Geek Squad" repair technicians routinely search devices brought in for repair for files that could earn them $500 reward as FBI informants. This revelation came out in a court case, United States of America v. Mark A. Rettenmaier. Rettenmaier is a prominent Orange County physician and surgeon who took his laptop to the Mission Viejo Best Buy in November 2011 after he was unable to start it. According to court records, Geek Squad technician John "Trey" Westphal found an image of "a fully nude, white prepubescent female on her hands and knees on a bed, with a brown choker-type collar around her neck." Westphal notified his boss, who was also an FBI informant, who alerted another FBI informant -- as well as the FBI itself. The FBI has pretty much guaranteed the case will be thrown out by its behavior, this illegal search aside. According to Rettenmaier's defense attorney, agents conducted two additional searches of the computer without obtaining necessary warrants, lied to trick a federal magistrate judge into authorizing a search warrant for his home, then tried to cover up their misdeeds by initially hiding records. Plus, the file was found in the unallocated "trash" space, meaning it could only be retrieved by "carving" with sophisticated forensics tools. Carving (or file carving) is defined as searching for files or other kinds of objects based on content, rather than on metadata. It's used to recover old files that have been deleted or damaged. To prove child pornography, you have to prove the possessor knew what he had was indeed child porn. There has been a court case where files found on unallocated space did not constitute knowing possession because it's impossible to determine who put the file there and how, since it's not accessible to the user under normal circumstances.
MojoKid writes: When Microsoft first launched Windows 10, it was generally well-received but also came saddled with a number of privacy concerns. It has taken quite a while for Microsoft to respond to these concerns in a meaningful way, but the company is finally proving that it's taking things seriously by detailing some enhanced privacy features coming to a future Windows 10 build. Microsoft is launching what it calls a (web-based) privacy dashboard, which lets you configure anything and everything about information that might be sent to back to the mothership. You can turn all tracking off, or pick and choose, if certain criteria don't concern you too much, like location or health activity, for example. Also, for fresh installs, you'll be given more specific privacy options so that you can feel confident from the get-go about the information you're sending Redmond's way. If you do decide to send any information Microsoft's way, the company promises that it won't use your information for the sake of targeted advertising.
schwit1 quotes a report from Phys.Org: The Pentagon may soon be unleashing a 21st-century version of locusts on its adversaries after officials on Monday said it had successfully tested a swarm of 103 micro-drones. The important step in the development of new autonomous weapon systems was made possible by improvements in artificial intelligence, holding open the possibility that groups of small robots could act together under human direction. Military strategists have high hopes for such drone swarms that would be cheap to produce and able to overwhelm opponents' defenses with their great numbers. The test of the micro-drone swarm in October included 103 Perdix micro-drones measuring around six inches (16 centimeters) launched from three F/A-18 Super Hornet fighter jets, the Pentagon said in a statement.
An anonymous reader quotes a report from Apple Insider: Apple on Tuesday was granted a patent detailing technology that allows for ear speakers, cameras and even a heads-up display to hide behind an edge-to-edge screen, a design rumored to debut in a next-generation iPhone later this year. Awarded by the U.S. Patent and Trademark Office, Apple's U.S. Patent No. 9,543,364 for "Electronic devices having displays with openings" describes a method by which various components can be mounted behind perforations in a device screen that are so small as to be imperceptible to the human eye. This arrangement would allow engineers to design a smartphone or tablet with a true edge-to-edge, or "full face," display. With smartphones becoming increasingly more compact, there has been a push to move essential components behind the active -- or light-emitting -- area of incorporated displays. Apple in its patent suggests mounting sensors and other equipment behind a series of openings, or through-holes, in the active portion of an OLED or similar panel. These openings might be left empty or, if desired, filled with glass, polymers, radio-transparent ceramic or other suitable material. Positioning sensor inputs directly in line with said openings facilitates the gathering of light, radio waves and acoustic signals. Microphones, cameras, antennas, light sensors and other equipment would therefore have unimpeded access beyond the display layer. The design also accommodates larger structures like iPhone's home button. According to the document, openings are formed between pixels, suggesting a self-illuminating display technology like OLED is preferred over traditional LCD structures that require backlight and filter layers. Hole groupings can be arranged in various shapes depending on the application, and might be larger or smaller than the underlying component. If implemented into a future iPhone, the window-based HUD could be Apple's first foray into augmented reality. Apple leaves the mechanics unmentioned, but the system could theoretically go beyond AR and into mixed reality applications.
Volkswagen said it's closing in on a deal with U.S. authorities on a $4.3 billion settlement to resolve civil and criminal allegations stemming from its emissions-cheating scandal. From a report on Bloomberg: The agreement, which has yet to be finalized, would lead to a financial expense that exceeds current provisions, the German automaker said. It also includes a guilty plea to some criminal charges, strengthening compliance systems and installing an independent monitor for three years, the Wolfsburg, Germany-based automaker said Tuesday in a statement. VW's management and supervisory boards are scheduled to review the settlement today or Wednesday and may raise provisions related to the scandal, which currently total 18.2 billion euros ($19.2 billion). A final agreement also needs to be approved by U.S. courts. The U.S. Justice Department declined to comment on Volkswagen's statement.
Online messaging and email services such as WhatsApp, iMessage and Gmail will face tough new rules on how they can track users under a proposal presented by the European Union executive on Tuesday. From a report: The web players will have to guarantee the confidentiality of their customers' conversations and ask for their consent before tracking them online to serve them personalized ads. The proposal by the European Commission extends some rules that now only apply to telecom operators to web companies offering calls and messages using the internet, known as "Over-The-Top" (OTT) services, seeking to close a perceived regulatory gap between the telecoms industry and mainly U.S. Internet giants such as Facebook, Google and Microsoft.
In a Facebook post, Razer CEO Min-Liang Tan said two of their prototype laptops shown off at CES 2017 were stolen. "We treat theft/larceny, and if relevant to this case, industrial espionage, very seriously -- it is cheating, and cheating doesn't sit well with us," Tan wrote. "Penalties for such crimes are grievous and anyone who would do this clearly isn't very smart." Both items were prototype models of a laptop, called Project Valerie, that has three 4K displays. The Verge reports: Tan says that Razer is working with law enforcement and CES management to investigate. He's also asking show attendees to email firstname.lastname@example.org with any info they might have on what happened. A company representative added that a $25,000 reward is being offered for information leading to a conviction. The alleged theft occurred "after official show hours," says Allie Fried, director of global events communications for the Consumer Technology Association, which runs CES. "The security of our exhibitors, attendees and their products and materials are our highest priority," Fried wrote in an email to The Verge. "We look forward to cooperating with law enforcement and Razer as the incident is investigated."