China

China's VPN Developers Face Crackdown (bbc.com) 55

China recently launched a crackdown on the use of software which allows users to get around its heavy internet censorship. Now as the BBC reports, developers are facing growing pressure. From the report: The three plain-clothes policemen tracked him down using a web address. They came to his house and demanded to see his computer. They told him to take down the app he was selling on Apple's App Store, and filmed it as it was happening. His crime was to develop and sell a piece of software that allows people to get round the tough restrictions that limit access to the internet in China. A virtual private network (VPN) uses servers abroad to provide a secure link to the internet. It's essential in China if you want to access parts of the outside world like Facebook, Gmail or YouTube, all of which are blocked on the mainland. "They insisted they needed to see my computer," the software developer, who didn't want us to use his name, told us during a phone interview. "I said this is my private stuff. How can you search as you please?" No warrant was produced and when he asked them what law he had violated they didn't say. Initially he refused to co-operate but, fearing detention, he relented. Then they told him what they wanted: "If you take the app off the shelf from Apple's App Store then this will be all over." 'Sorry, I can't help you with that'. Up until a few months ago his was a legal business. Then the government changed the regulations. VPN sellers need a licence now.
Crime

UK Wants To Criminalize Re-Identification of Anonymized User Data (bleepingcomputer.com) 120

An anonymous reader writes: European countries are currently implementing new data protection laws. Recently, despite leaving the European Union, the United Kingdom has expressed intent to implement the law called General Data Protection Regulation. As an extension, the UK wants to to ban re-identification (with a penalty of unlimited fines), the method of reversing anonymization, or pointing out the weakness of the used anonymisation process. One famous example was research re-identifying Netflix users from published datasets. By banning re-identification, UK follows the lead of Australia which is considering enacting similarly controversial law that can lead to making privacy research difficult or impossible. Privacy researchers express concerns about the effectiveness of the law that could even complicate security, a view shared by privacy advocates.
Movies

Disney Ditching Netflix Keeps Piracy Relevant (torrentfreak.com) 263

Yesterday, Disney announced its intent to pull its movies from Netflix and start its own streaming service. This upset many users across the web as the whole appeal of the streaming model becomes diluted when there are too many "Netflixes." TorrentFreak argues that "while Disney expects to profit from the strategy, more fragmentation is not ideal for the public" and that the move "keeps piracy relevant." From the report: Although Disney's decision may be good for Disney, a lot of Netflix users are not going to be happy. It likely means that they need another streaming platform subscription to get what they want, which isn't a very positive prospect. In piracy discussions, Hollywood insiders often stress that people have no reason to pirate, as pretty much all titles are available online legally. What they don't mention, however, is that users need access to a few dozen paid services, to access them all. In a way, this fragmentation is keeping the pirate ecosystems intact. While legal streaming services work just fine, having dozens of subscriptions is expensive, and not very practical. Especially not compared to pirate streaming sites, where everything can be accessed on the same site.
Privacy

Disney Sued For Allegedly Spying On Children Through 42 Gaming Apps (washingtonpost.com) 40

schwit1 shares a report from The Washington Post (Warning: may be paywalled; alternative source): The Walt Disney Co. secretly collects personal information on some of their youngest customers and shares that data illegally with advertisers without parental consent, according to a federal lawsuit filed late last week in California. The class-action suit targets Disney and three other software companies -- Upsight, Unity and Kochava -- alleging that the mobile apps they built together violate the law by gathering insights about app users across the Internet, including those under the age of 13, in ways that facilitate "commercial exploitation."

The plaintiffs argue that Disney and its partners violated COPPA, the Children's Online Privacy Protection Act, a federal law designed to protect the privacy of children on the Web. The lawsuit, filed in U.S. District Court for the District of Northern California, seeks an injunction barring the companies from collecting and disclosing the data without parental consent, as well as punitive damages and legal fees. The lawsuit alleges that Disney allowed the software companies to embed trackers in apps such as "Disney Princess Palace Pets" and "Where's My Water? 2." Once installed, tracking software can then "exfiltrate that information off the smart device for advertising and other commercial purposes," according to the suit. Disney should not be using those software development companies, said Jeffrey Chester, the executive director of the Center for Digital Democracy. "These are heavy-duty technologies, industrial-strength data and analytic companies whose role is to track and monetize individuals," Chester said. "These should not be in little children's apps."
Disney responded to the lawsuit, saying: "Disney has a robust COPPA compliance program, and we maintain strict data collection and use policies for Disney apps created for children and families. The complaint is based on a fundamental misunderstanding of COPPA principles, and we look forward to defending this action in court."
The Internet

Maybe Americans Don't Need Fast Home Internet Service, FCC Suggests (arstechnica.com) 377

An anonymous reader shares an excerpt from a report via Ars Technica: Americans might not need a fast home Internet connection, the Federal Communications Commission suggests in a new document. Instead, mobile Internet via a smartphone might be all people need. The suggestion comes in the FCC's annual inquiry into broadband availability. Section 706 of the Telecommunications Act requires the FCC to determine whether broadband (or more formally, "advanced telecommunications capability") is being deployed to all Americans in a reasonable and timely fashion. If the FCC finds that broadband isn't being deployed quickly enough to everyone, it is required by law to "take immediate action to accelerate deployment of such capability by removing barriers to infrastructure investment and by promoting competition in the telecommunications market."

The FCC found during George W. Bush's presidency that fast Internet service was being deployed in a reasonable and timely fashion. But during the Obama administration, the FCC determined repeatedly that broadband isn't reaching Americans fast enough, pointing in particular to lagging deployment in rural areas. These analyses did not consider mobile broadband to be a full replacement for a home (or "fixed") Internet connection via cable, fiber, or some other technology. Last year, the FCC updated its analysis with a conclusion that Americans need home and mobile access. Because home Internet connections and smartphones have different capabilities and limitations, Americans should have access to both instead of just one or the other, the FCC concluded under then-Chairman Tom Wheeler.
The report goes on to add that with Republican Ajit Pai as chairman of the FCC, "the FCC seems poised to change that policy by declaring that mobile broadband with speeds of 10Mbps downstream and 1Mbps upstream is all one needs." Furthermore, "In doing so, the FCC could conclude that broadband is already being deployed to all Americans in a reasonable and timely fashion, and thus the organization would take fewer steps to promote deployment and competition."
Privacy

Prison Time For Manager Who Hacked Ex-Employer's FTP Server, Email Account (bleepingcomputer.com) 37

Catalin Cimpanu, writing for BleepingComputer: Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company's FTP server and the email account of one of his former colleagues. Needham did all the hacking after he left his former employer, Allen & Hoshall (A&H), a design and engineering firm for which he worked until 2013. Needham left to create his own company named HNA Engineering together with a business partner. HNA is also a design and engineering firm. According to court documents obtained by Bleeping Computer, between May 2014 and March 2016, Needham hacked into the email account of one of his former co-workers. From this account, the FBI says Needham took sensitive business information, company fee structures, marketing plans, project proposals, and lists of credentials for A&H's FTP server. A&H rotated its FTP credentials every six months, but Needham acquired new logins from his former colleague's email account.
Privacy

In Less Than Five Years, 45 Billion Cameras Will Be Watching Us (fastcompany.com) 85

An anonymous reader writes: It was a big deal for many when Apple added a second camera to the back of the iPhone 7 Plus last year. In five years, that will be considered quaint. By then, smartphones could sport 13 cameras, allowing them to capture 360-degree, 3D video; create complex augmented reality images onscreen; and mimic with digital processing the optical zoom and aperture effects of an SLR. That's one of the far-out, but near-term, predictions in a new study by LDV Capital, a VC firm that invests in visual technologies such as computer vision. It polled experts at its own portfolio companies and beyond to predict that by 2022, the total number of cameras in the world will reach about 45 billion. Jaw-dropping as that figure is, it doesn't seem so crazy when you realize that today there are already about 14 trillion cameras in the world, according to data from research firms such as Gartner. Next to phones, other camera-hungry products will include robots (including autonomous cars), security cameras, and smart home products like the new Amazon Echo Show, according to LDV. UPDATE: Story has been updated to reflect the updates made to The Fast Company article. The outreach figures are 45 billion cameras by 2022, not trillion.
Canada

An Image Site Is Victimizing Countless Women and Little Can Be Done (vice.com) 271

Allison Tierney, reporting for Vice: An international anonymous photo-sharing site where people post explicit photos without consent is playing host to the victimization of countless women. In the Canadian section of Anon-IB alone, there are currently over a hundred threads -- often organized by region, city, or calling out for nudes of a specific woman to be posted publicly. "Hamilton hoes," "Nanaimo Thread!," and "Markham wins" are some titles of Canadian threads. (Language used on the site equates the word "win" with sexually explicit photos of women.) Many major Canadian cities are represented on the site, and some threads even focus on women from specific schools. While it's a crime to share an "intimate image" of a person without their consent in Canada, sites that host this kind of activity don't necessarily fall under this. "[In terms of organizing content], is it criminal? No. Is it illegal? No," Toronto-based lawyer Jordan Donich, of Donich Law, told VICE. "It's a newer version of an older problem -- sites like these have been around for a long time." Anon-IB is not a new site; its current domain was registered to a "private person" in 2015 and ends in an ".ru." However, the site was initially up several years before 2015, going offline briefly in 2014.
Google

Google May Be In Trouble For Firing James Damore (inc.com) 1019

Google fired engineer James Damore after he wrote a 10-page document about "Google's Ideological Echo Chamber." taustin writes from a report via Inc. about the potential legal trouble the company may face from firing the "anti-diversity" engineer: Whether Demore is right or wrong, whether one agrees with him or not, Google may have legal trouble for firing him. Employees are protected by federal law when they discuss working conditions with other employees (and this was an internal memo). His memo could be considered whistleblowing, which is also protected (and it is very clear that he was fired as retribution). And, in California, political opinions are protected in the work place as well. Just because one side is wrong doesn't mean the other side is right.
Earth

Leaked Federal Climate Report Finds Link Between Climate Change, Human Activity (washingtonpost.com) 450

An anonymous reader shares a report from The New York Times (Warning: source may be paywalled; alternative source): The average temperature in the United States has risen rapidly and drastically since 1980, and recent decades have been the warmest of the past 1,500 years, according to a sweeping federal climate change report awaiting approval by the Trump administration. The draft report by scientists from 13 federal agencies, which has not yet been made public, concludes that Americans are feeling the effects of climate change right now. It directly contradicts claims by President Trump and members of his cabinet who say that the human contribution to climate change is uncertain, and that the ability to predict the effects is limited. "Evidence for a changing climate abounds, from the top of the atmosphere to the depths of the oceans," a draft of the report states. A copy of it was obtained by The New York Times. The authors note that thousands of studies, conducted by tens of thousands of scientists, have documented climate changes on land and in the air. "Many lines of evidence demonstrate that human activities, especially emissions of greenhouse (heat-trapping) gases, are primarily responsible for recent observed climate change," they wrote. The report was completed this year and is a special science section of the National Climate Assessment, which is congressionally mandated every four years. The National Academy of Sciences has signed off on the draft report, and the authors are awaiting permission from the Trump administration to release it. "The report concludes that even if humans immediately stopped emitting greenhouse gases into the atmosphere, the world would still feel at least an additional 0.50 degrees Fahrenheit (0.30 degrees Celsius) of warming over this century compared with today," reports The New York Times. "The projected actual rise, scientists say, will be as much as 2 degrees Celsius." Given the Trump administration's stance on climate change, some of the scientists who worked on the report are concerned that the report will be suppressed.
Security

The Man Who Wrote the Password Rules Regrets Doing So (gizmodo.com) 239

New submitter cdreimer writes: According to a report in The Wall Street Journal (Warning: source may be paywalled, alternative source), the author behind the U.S. government's password requirements regrets wasting our time on changing passwords so often. From the report: "The man who wrote the book on password management has a confession to make: He blew it. Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of 'NIST Special Publication 800-63. Appendix A.' The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers -- and to change them regularly. The document became a sort of Hammurabi Code of passwords, the go-to guide for federal agencies, universities and large companies looking for a set of password-setting rules to follow. The problem is the advice ended up largely incorrect, Mr. Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess, he laments. Changing Pa55word!1 to Pa55word!2 doesn't keep the hackers at bay. Also off the mark: demanding a letter, number, uppercase letter and special character such as an exclamation point or question mark -- a finger-twisting requirement." "Much of what I did I now regret," Bill Burr told The Wall Street Journal. "In the end, [the list of guidelines] was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree."
The Military

North Korea Now Making Missile-Ready Nuclear Weapons, US Analysts Say (washingtonpost.com) 338

schwit1 shares a report from The Washington Post: North Korea has successfully produced a miniaturized nuclear warhead that can fit inside its missiles, crossing a key threshold on the path to becoming a full-fledged nuclear power, U.S. intelligence officials have concluded in a confidential assessment. The new analysis completed last month by the Defense Intelligence Agency comes on the heels of another intelligence assessment that sharply raises the official estimate for the total number of bombs in the communist country's atomic arsenal. The U.S. calculated last month that up to 60 nuclear weapons are now controlled by North Korean leader Kim Jong Un. Some independent experts believe the number of bombs is much smaller. "The IC [intelligence community] assesses North Korea has produced nuclear weapons for ballistic missile delivery, to include delivery by ICBM-class missiles," the assessment states, in an excerpt read to The Washington Post. "It is not yet known whether the reclusive regime has successfully tested the smaller design, although North Korea officially last year claimed to have done so," reports The Washington Post.
Businesses

US To Review Qualcomm's Complaints About Apple iPhone Patents (reuters.com) 35

U.S. trade officials have agreed to investigate Qualcomm's allegations that Apple Inc infringed on patents with its iPhone7 and other devices, the U.S. International Trade Commission said on Tuesday. From a report: The ITC will make its decision "at the earliest practicable time" and will set a target date for completing its investigation within the next 45 days, the commission said in a statement. Qualcomm filed the complaint in early July, asking U.S. trade regulators to ban certain models of the iPhone that contain so-called broadband modem chips, which help phones connect to wireless data networks, that were not made by Qualcomm. Apple began using broadband modem chips made by Intel Corp in the iPhone 7. Qualcomm has not alleged that Intel chips violate its patents but says the way Apple uses them in the iPhone does.
Businesses

Top VPN Provider Accused of Sharing Customer Traffic With Online Advertisers (bleepingcomputer.com) 55

Catalin Cimpanu, reporting for BleepingComputer: On Monday, the Center for Democracy & Technology (CDT) -- a US-based privacy group -- filed a complaint with the US Federal Trade Commission (FTC) accusing one of today's largest VPN providers of deceptive trade practices. In a 14-page complaint, the CDT accuses AnchorFree -- the company behind the Hotspot Shield VPN -- of breaking promises it made to its users by sharing their private web traffic with online advertisers for the purpose of improving the ads shown to its users. In its complaint to the FTC, the CDT is not accusing Anchor Free of secretly injecting ads, as users are well aware of this practice, but of not respecting promises made to its customers. More specifically, the CDT says that AnchorFree does not respect a pledge made in marketing materials that it won't track or sell customer information.
The Internet

Indian ISPs Appear To Be Blocking Access To Internet Archive (bit.ly) 24

An anonymous reader writes: Several Internet service providers in India have blocked access to Internet Archive -- a non-profit organisation that runs Wayback Machine, a massive archive of webpages dating back to over a decade -- Indian outlet NDTV reported Tuesday. Some subscribers of Airtel, Aircel, and Act Internet, among other carriers, are seeing a DoT notification when they attempt to access Internet Archive. The notification reads, 'Your requested URL has been blocked as per the directions received from Department of Telecommunications, Government of India.' Popularly known as time-warping tool, Internet Archive's Way Back Machine has made copies of over three billion pages over the years. In the age of ephemeral media, Way Back Machine has become a cultural phenomenon, serving as a permanent registrar of popular websites and other webpages.
Privacy

Game of Thrones Hackers Demand Ransom (bbc.com) 70

An anonymous reader shares a report: Hackers who have leaked Game of Thrones scripts and other data from entertainment company HBO have released a note demanding a ransom payment. In a new dump, they also published a script for the as yet unbroadcast fifth episode of the current series. Company documents and video episodes of other HBO shows were also shared. The hackers claim to have 1.5TB of data in total, but HBO has said it does not believe its email system has been compromised. Documents in the latest leak were marked "HBO is falling," according to the Wired news site, and included legal information, employment agreements and other company files. The Associated Press reports that some documents appeared to contain personal contact information for Game of Thrones actors.
Security

Forget the Russians: Corrupt, Local Officials Are the Biggest Threat To Elections (securityledger.com) 287

chicksdaddy writes: Do you think that shadowy Russian hackers are the biggest threat to the integrity of U.S. elections? Think again. It turns out the bad actors in U.S. elections may be a lot more "Senator Bedfellow" than "Fancy Bear," according to Bev Harris, the founder of Black Box Voting. "It's money," Harris told The Security Ledger. "There's one federal election every four years, but there are about 100,000 local elections which control hundreds of billions of dollars in contract signings." Those range from waste disposal and sanitation to transportation."There are 1,000 convictions every year for public corruption," Harris says, citing Department of Justice statistics. "Its really not something that's even rare in the United States." We just don't think that corruption is a problem, because we rarely see it manifested in the ways that most people associate with public corruption, like violence or having to pay bribes to receive promised services, Harris said. But it's still there.

How does the prevalence of public corruption touch election security? Exactly in the way you might think. "You don't know at any given time if the people handling your votes are honest or not," Harris said. "But you shouldn't have to guess. There should be a way to check." And in the decentralized, poorly monitored U.S. elections system, there often isn't. At the root of our current problem isn't (just) vulnerable equipment, it's also a shoddy "chain of custody" around votes, says Eric Hodge, the director of consulting at Cyber Scout, which is working with the Board of Elections in Kentucky and in other states to help secure elections systems. That includes where and how votes are collected, how they are moved and tabulated and then how they are handled after the fact, should citizens or officials want to review the results of an election. That lack of transparency leaves the election system vulnerable to manipulation and fraud, Harris and Hodge argue.

Patents

'Podcasting Patent' Is Totally Dead, Appeals Court Rules (arstechnica.com) 30

A federal appeals court affirmed the April 2015 inter partes review (IPR) ruling -- a process that allows anyone to challenge a patent's validity at the U.S. Patent and Trademark Office -- that invalidated the so-called "podcasting patent." "That process was held by a company called Personal Audio, which had threatened numerous podcasts with lawsuits in recent years," reports Ars Technica. From the report: Back in 2013, Personal Audio began sending legal demand letters to numerous podcasters and companies, like Samsung, in an apparent attempt to cajole them into a licensing deal, lest they be slapped with a lawsuit. Some of those efforts were successful: in August 2014, Adam Carolla paid about $500,000. As Personal Audio began to gain more public attention, the Electronic Frontier Foundation, however, stepped in and said that it would challenge Personal Audio's US Patent No. 8,112,504, which describes a "system for disseminating media content representing episodes in a serialized sequence." In the end, EFF raised over $76,000, more than double its initial target.

[T]he history of Personal Audio dates to the late 1990s, when founder Jim Logan created a company seeking to create a kind of proto-iPod digital music player. But his company flopped. Years later, Logan turned to lawsuits to collect money from those investments. He sued companies over both the "episodic content" patent, as well as a separate patent, which Logan and his lawyers said covered playlists. He and his lawyers wrung verdicts or settlements from Samsung and Apple.

Businesses

Can Elon Musk Be Weaned Off Government Support? (thehill.com) 270

mi shares an opinion piece written by Jenny Beth Martin via The Hill: A study published in 2015 by The Los Angeles Times revealed that just three of Musk's ventures -- SolarCity Corp. (which manufactured and installed solar energy systems before its 2016 merger with Tesla Motors Inc.), Tesla Motors Inc. (which manufactures electric vehicles), and Space Exploration Technologies Corp., known as SpaceX (which builds rocket ships) -- had received $4.9 billion in government subsidies to that point in time. By now, Musk's various ventures have sucked well over $5 billion from government coffers. Worse: in order to induce car buyers to spend their money on electric vehicles, the federal government offers a $7,500 rebate on the purchase price. Some states enhance that rebate with rebates of their own. In California, for instance, purchasers of electric vehicles get a state-funded rebate of $2,500 more.

Slashdot reader mi asks: "Why are you and I subsidizing Elon Musk's products and when will his businesses be able to compete on their own?"

Cellphones

Ask Slashdot: Are My Drone Apps Phoning Home? 132

Slashdot reader bitwraith noticed something suspicious after flying "a few cheap, ready-to-fly quadcopters" with their smartphone apps, including drones from Odyssey and Eachine. I often turn off my phone's Wi-Fi support before plugging it in to charge at night, only to discover it has mysteriously turned on in the morning. After checking the Wi-Fi Control History on my S7, it appears as though the various cookie-cutter apps for these drones wake up to phone home in the night after they are opened, while the phone is charging. I tried contacting the publisher of the Odyssey VR app, with no reply.

I would uninstall the app, but then how would I fly my drone? Why did Google grant permission to control Wi-Fi state implicitly to all apps, including these abusers? Are the apps phoning home to report my flight history?

The original submission asks about similar experiences from other drone-owning Slashdot users -- so leave your best answers in the comments. What's making this phone wake up in the night?

Are the drone apps phoning home?

Slashdot Top Deals