Facebook

Researchers Reportedly Exposed Facebook Quiz Data On 3 Million Users (newscientist.com) 19

According to a report from New Scientist, researchers exposed quiz data on over three million Facebook users via an insecure website. The data includes answers to intimate questionnaires, and was held by academics from the University of Cambridge's Psychometrics Centre. While the breach isn't as severe as the Cambridge Analytica leak, it is distantly connected as the project previously involved Alexandr Kogan, the researcher at the center of the scandal. From the report: Facebook suspended myPersonality from its platform on April 7 saying the app may have violated its policies due to the language used in the app and on its website to describe how data is shared. More than 6 million people completed the tests on the myPersonality app and nearly half agreed to share data from their Facebook profiles with the project. All of this data was then scooped up and the names removed before it was put on a website to share with other researchers. The terms allow the myPersonality team to use and distribute the data "in an anonymous manner such that the information cannot be traced back to the individual user."

However, for those who were not entitled to access the data set because they didn't have a permanent academic contract, for example, there was an easy workaround. For the last four years, a working username and password has been available online that could be found from a single web search. Anyone who wanted access to the data set could have found the key to download it in less than a minute.

Google

Google Employees Resign in Protest Against Pentagon Contract (gizmodo.com) 469

Kate Conger, reporting for Gizmodo: It's been nearly three months since many Google employees -- and the public -- learned about the company's decision to provide artificial intelligence to a controversial military pilot program known as Project Maven, which aims to speed up analysis of drone footage by automatically classifying images of objects and people. Now, about a dozen Google employees are resigning in protest over the company's continued involvement in Maven.

The resigning employees' frustrations range from particular ethical concerns over the use of artificial intelligence in drone warfare to broader worries about Google's political decisions -- and the erosion of user trust that could result from these actions. Many of them have written accounts of their decisions to leave the company, and their stories have been gathered and shared in an internal document, the contents of which multiple sources have described to Gizmodo.

Security

Attention PGP Users: New Vulnerabilities Require You To Take Action Now (eff.org) 129

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. From a report: EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages. The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific).

In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication. Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.
Further reading: People Are Freaking Out That PGP Is 'Broken' -- But You Shouldn't Be Using It Anyway (Motherboard).
Google

Google Hasn't Stopped Reading Your Emails (theoutline.com) 186

An anonymous reader shares a report: If you're a Gmail user, your messages and emails likely aren't as private as you'd think. Google reads each and every one, scanning your painfully long email chains and vacation responders in order to collect more data on you. Google uses the data gleaned from your messages in order to inform a whole host of other products and services, NBC News reported Thursday.

Though Google announced that it would stop using consumer Gmail content for ad personalization last July, the language permitting it to do so is still included in its current privacy policy, and it without a doubt still scans users emails for other purposes. Aaron Stein, a Google spokesperson, told NBC that Google also automatically extracts keyword data from users' Gmail accounts, which is then fed into machine learning programs and other products within the Google family. Stein told NBC that Google also "may analyze [email] content to customize search results, better detect spam and malware," a practice the company first announced back in 2012.

Piracy

The Brazen Bootlegging of a Multibillion-Dollar Sports Network (nytimes.com) 63

What do you do when your multibillion dollar sports network has been stolen? For the last several days, executives at Qatar's beIN Sports, which functions as the ESPN of the Middle East, have been pondering the same question. For the last several months, live coverage of beIN Sports feed is being broadcast on nearly a dozen beoutQ channels, a bootlegging operation seemingly based in Saudi Arabia, whose roots lie in the bitter political dispute between Qatar and a coalition of countries led by its largest neighbors, Saudi Arabia and the United Arab Emirates. From a report: The coalition countries have subjected Qatar to a punishing blockade over the past year. Those countries last year accused Qatar of supporting terrorism and criticized its relationship with Iran, an ally of Syrian leader Bashar al-Assad. They enacted an embargo, cut off diplomatic ties and set up the blockade of the energy-rich emirate, closing Qatar's access to many of the region's ports and much of its airspace. Qatar has denied the allegations and has claimed it has assisted the United States in its war on terrorism.

Now, one month before the start of the World Cup, the world's most-watched sporting event and beIN's signature property, the audacious piracy operation is positioned to illicitly deliver the tournament's 64 games to much of the Middle East. Qatar, despite abundant resources, has been powerless to stop it. Decoder boxes embossed with the beoutQ logo have for months been available across Saudi Arabia and are now for sale in other Arab-speaking countries. A one-year subscription costs $100. A Bangladeshi worker reached by phone at Sharif Electronics in Jeddah this week said his shop has been selling the boxes for three months. "Many people buy them," he said.

Portables (Apple)

Class Action Suit Filed Against Apple Over the Keyboards in MacBook Pro and MacBook Laptops (theoutline.com) 217

On Friday, Apple was hit with a class action lawsuit over the butterfly-switch keyboards, found on the current generation MacBook Pro and MacBook lineups, that have plagued its customers since they were released in 2015. The suit, filed in the Northern District Court of California, alleges that Apple "promoted and sold laptops it knew were defective in that they contain a keyboard that is substantially certain to fail prematurely," The Outline reports, and that selling these computers not only directly to its customers but also to third party retailers constitutes a violation of good faith. From the report: The Outline was the first outlet to substantially cover the magnitude of the issue, writing that Apple Geniuses responsible for diagnosing and repairing these Apple computers would benevolently attribute dead keys and double-spacing spacebars to a "piece of dust" stuck under the keyboard. Under Apple's warranty, Geniuses might offer to replace the entire top case of the computer, a process that takes about a week. Out of warranty, it costs about $700 to replace this part on a MacBook Pro. Apple has declined repeatedly to comment on the issue, but directs sufferers to a support page that instructs users how to tilt the computer at an angle, blow canned air under the malfunctioning keys, light candles arranged in the shape of a pentagram, and recite an incantation to Gaia in hopes of fixing their machines. Earlier this month, users kickstarted a petition on Change.org that calls on Apple to recall MacBook Pro units released since late 2016 over the defective keyboard. The petition has garnered about 20,000 signatures. Widely respected iOS developer and Apple commentator Marco Arment tweeted on the news, "We can't know for sure that Apple knew the 2016 keyboards were defective and sold them anyway. But it's hard to see how they couldn't have known. They were released 18 months earlier in the 12" MacBook, and those had the same problems with high failure rates from the start."
The Courts

Illinois To Sue EPA For Exempting Foxconn Plant From Pollution Controls (reuters.com) 127

Last week, Reuters reported that "Illinois' Attorney General said she plans to sue the EPA for allowing a proposed Foxconn plant in neighboring Wisconsin to operate without stringent pollution controls." From the report: On Tuesday, the EPA identified 51 areas in 22 states that do not meet federal air quality requirements for ozone, a step toward enforcing the standards issued in 2015. An exempted area was Racine County, Wisconsin, just north of the Illinois border that is known to have heavily polluted air, where Taiwan-based Foxconn is building a $10 billion liquid-crystal display plant. Pollution monitoring data show the county's ozone levels exceed the 70 parts per billion (ppb) limit. If Racine County had been designated a "non-attainment" area, it would have required Foxconn to install stringent pollution control equipment.

Attorney General Lisa Madigan said she would file a lawsuit in the District of Columbia Circuit Court of Appeals challenging the EPA's ozone designations, saying its failure to name Racine County a "non-attainment" area puts people at risk. "Despite its name, the Environmental Protection Agency now operates with total disregard for the quality of our air and water, and in this case, the U.S. EPA is putting a company's profit ahead of our natural resources and the public's health," Madigan said in a statement.

Government

North Korea Announces Plans To Dismantle Nuclear Test Site (npr.org) 216

The Associated Press is reporting North Korea has announced plans to dismantle its nuclear test site between May 23 and 25. The dismantling will occur before President Trump is scheduled to meet with Kim Jong-un in Singapore on June 12. NPR reports: Reuters reports that Punggye-ri nuclear test site has been the location of all of North Korea's six known nuclear tests. At the site, there's a system of tunnels under the mountain Mount Mantap. Journalists from the United States, South Korea, China, Russia and Britain will be invited to watch a special ceremony in which all of the tunnels at the testing ground will be destroyed and observation and research facilities and guard units will be taken down. The North Korean government will provide journalists with a charter flight from Beijing to Wosnan, North Korea. From there, a train will take them to the test site in the northeast part of the country.

The AP also reports that at a ruling party meeting last month, North Korea announced the plan to close the nuclear testing ground, along with a commitment to suspend all tests of nuclear devices and ICBMs. At that same meeting, however, North Korea said it has been performing a kind of nuclear test classified as "subcritical." The "subcritical" experiments give scientists an opportunity to test weapons without causing an actual nuclear chain reaction and explosion.

Cellphones

US Appeals Court Rules Border Agents Need Suspicion To Search Cellphones (reason.com) 116

On Thursday, a federal appeals court ruled that U.S. border agents need some sort of reason to believe a traveler has committed a crime before searching their cellphone. Slashdot reader Wrath0fb0b shares an analysis via Reason, written by Fourth Amendment scholar Orin Kerr: Traditionally, searches at the border don't require any suspicion on the theory that the government has a strong sovereign interest in regulating what enters and exits the country. But there is caselaw indicating that some border searches are so invasive that they do require some kind of suspicion. In the new case, Kolsuz (PDF), the Fourth Circuit agrees with the Ninth Circuit that at least some suspicion is required for a forensic search of a cell phone seized at the border. This is important for three reasons. First, the Fourth Circuit requires suspicion for forensic searches of cell phones seized at the border. Second, it clarifies significantly the forensic/manual distinction, which has always been pretty uncertain to me. Third, it leaves open that some suspicion may be required for manual searches, too.

But wait, that's not all. In fact, I don't think it's the most important part of the opinion. The most important part of the opinion comes in a different section, where the Fourth Circuit adds what seems to be a new and important limit on the border search exception: a case-by-case nexus requirement to the government interests that justify the border search exception. Maybe I'm misreading this passage, but it strikes me as doing something quite new and significant. It scrutinizes the border search that occurred to see if the government's cause for searching in this particular case satisfied "a 'nexus' requirement" of showing sufficient connection between the search and "the rationale for the border search exception," requiring a link between the "predicate for the search and the rationale for the border exception." In other words, the Fourth Circuit appears to be requiring the government to identify the border-search-related interest justifying that particular search in order to rely on the border search exception.
"The analysis is interesting throughout, and it would be a fairly large limitation on digital searches conducted at the border, both in requiring some articulable suspicion for digital searches and in the requirement to justify the relationship between the search and the border inspection," writes Wrath0fb0b.
Privacy

The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too (thedailybeast.com) 35

An anonymous reader quotes a report from The Daily Beast: Securus Technologies' programs are used in thousands of prisons and detention centers nationwide to track calls to inmates, but the company's offerings are also capable of tracking and geolocating people's cellphones without any warrant or oversight, The New York Times reports. Securus obtains location information though data from major cellphone providers the same way marketers do. It also advertises the technology to law-enforcement agencies as a tool to find murder suspects, missing people, and those at-large -- but the feature can easily be abused for access to millions of cellphone users.

One Missouri sheriff used the service at least 11 times between 2014 and 2017, and secretly tracked state highway patrol members and a judge, prosecutors said. While the company said it "required customers to upload a legal document" to certify the location lookup, the Federal Communications Commission claims Securus did not "conduct any review of surveillance requests" -- giving law enforcement tracking power without verification of approval or oversight.

Government

Trump White House Quietly Cancels NASA Research Verifying Greenhouse Gas Cuts (sciencemag.org) 289

Paul Voosen, reporting for Science magazine: You can't manage what you don't measure. The adage is especially relevant for climate-warming greenhouse gases, which are crucial to manage -- and challenging to measure. In recent years, though, satellite and aircraft instruments have begun monitoring carbon dioxide and methane remotely, and NASA's Carbon Monitoring System (CMS), a $10-million-a-year research line, has helped stitch together observations of sources and sinks into high-resolution models of the planet's flows of carbon. Now, President Donald Trump's administration has quietly killed the CMS, Science has learned.

The move jeopardizes plans to verify the national emission cuts agreed to in the Paris climate accords, says Kelly Sims Gallagher, director of Tufts University's Center for International Environment and Resource Policy in Medford, Massachusetts. "If you cannot measure emissions reductions, you cannot be confident that countries are adhering to the agreement," she says. Canceling the CMS "is a grave mistake," she adds.

Businesses

Xiaomi Sued For Alleged Patent Infringement Ahead of Blockbuster IPO (reuters.com) 23

An anonymous reader shares a report: Chinese smartphone maker Coolpad said its unit has sued three group firms of Xiaomi, which last week filed for a Hong Kong IPO that could be worth up to $10 billion, for patent infringement. Coolpad said in a statement late on Thursday its subsidiary, Yulong Computer Telecommunication Scientific (Shenzhen) filed a lawsuit against Xiaomi Telecom Technology, Xiaomi Technology and Xiaomi Factory in a court in Jiangsu province for using its patent without authorization. Yulong demanded that the Xiaomi companies should immediately stop production and sale of some smartphone models, including the Mi MIX2, Coolpad said.
Google

Does Gmail's New 'Confidential Mode' Make It Easier to Phish? (vortex.com) 82

Gmail's new confidential mode lets its users create "expiration dates" for emails, or require recipients to provide an SMS passcode. (And Google also claims they've removed the option to forward, copy, download or print messages.)

But Slashdot reader Lauren Weinstein warns that Google is also opening up a new vector for phishing emails: The problem arises since non-Gmail users cannot directly receive Gmail confidential mode messages. Instead...when a Gmail user wants to send a non-Gmail user such a message, the non-Gmail user is instead sent a link, that when clicked takes them to Google's servers where they can read the confidential mode message in their browser.

The potential risks for any service that operates in this way are obvious. Those of us working on Internet security and privacy have literally spent many years attempting to train users to avoid clicking on "to read the message, click here" links in emails that they receive. Criminals have simply become too adept at creating fraudulent emails that lead to phishing and malware sites.

Australia

Australia To Ban Cash Purchases Over $10,000 (theguardian.com) 272

Long-time Slashdot reader skegg writes: Last night was federal budget night in Australia, and one of the announcements means Australians will face a crackdown on cash-in-hand payments in an attempt by the government to reduce money laundering and tax evasion. The government has turned its attention to the "black economy" in an attempt to raise billions of extra dollars and intends to limit cash payments for purchase goods and services to $10,000.
The financial services minister argues that currently the status quo "gives some businesses an unfair competitive advantage."
Encryption

Lawmakers Move To Block Government From Ordering Digital 'Back Doors' (thehill.com) 87

A bipartisan group of House lawmakers have introduced legislation that would block the federal government from requiring technology companies to design devices with so-called "back doors" to allow law enforcement to access them. From a report: The bill represents the latest effort by lawmakers in Congress to wade into the battle between federal law enforcement officials and tech companies over encryption, which reached a boiling point in 2015 as the FBI tussled with Apple over a locked iPhone linked to the San Bernardino terror attack case.

Top FBI and Justice Department officials have repeatedly complained that they have been unable to access devices for ongoing criminal investigations because of encryption. FBI Director Christopher Wray has suggested that devices could be designed to allow investigators to access them, though he insists the bureau is not looking for a "back door." The bipartisan bill introduced Thursday would prohibit federal agencies from requiring or requesting that firms "design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product" by the government.

AI

The White House Has Set Up a Task Force To Help Further the Country's AI Development (theverge.com) 43

The White House has set up a new task force dedicated to US artificial intelligence efforts, the Trump administration announced today during an event with technology executives, government leaders, and AI experts. From a report: The news and the event, which was organized by the federal government, are both moves to further the country's AI development, as other regions like Europe and Asia ramp up AI investment and R&D as well. The administration will be further investing in AI, deputy CTO of the White House's Office of Science and Technology Policy Michael Kratsios said at the event.

"To realize the full potential of AI for the American people, it will require the combined efforts of industry, academia, and government," Kratsios said, according to FedScoop. According to the Trump administration, the federal government has increased its investment in unclassified R&D for AI by 40 percent since 2015. In his speech, Kratsios highlighted ways the US could improve AI advancement, such as robotics startups in Pittsburgh that are models for how to spur job growth in areas hurt by workplace automation. Startups like those now hire engineers, scientists, bookkeepers, and administrators, he said, and are evidence that AI does not necessarily mean massive unemployment is on the horizon.
Further reading: The White House says a new AI task force will protect workers and keep America first (MIT Tech Review).
Google

Google Executive Addresses Horrifying Reaction To Uncanny AI Tech (bloomberg.com) 205

The most talked-about product from Google's developer conference earlier this week -- Duplex -- has drawn concerns from many. At the conference Google previewed Duplex, an experimental service that lets its voice-based digital assistant make phone calls and write emails. In a demonstration on stage, the Google Assistant spoke with a hair salon receptionist, mimicking the "ums" and "hmms" pauses of human speech. In another demo, it chatted with a restaurant employee to book a table. But outside Google's circles, people are worried; and Google appears to be aware of the concerns. From a report: "Horrifying," Zeynep Tufekci, a professor and frequent tech company critic, wrote on Twitter about Duplex. "Silicon Valley is ethically lost, rudderless and has not learned a thing." As in previous years, the company unveiled a feature before it was ready. Google is still debating how to unleash it, and how human to make the technology, several employees said during the conference. That debate touches on a far bigger dilemma for Google: As the company races to build uncanny, human-like intelligence, it is wary of any missteps that cause people to lose trust in using its services.

Scott Huffman, an executive on Google's Assistant team, said the response to Duplex was mixed. Some people were blown away by the technical demos, while others were concerned about the implications. Huffman said he understands the concerns. Although he doesn't endorse one proposed solution to the creepy factor: Giving it an obviously robotic voice when it calls. "People will probably hang up," he said.

[...] Another Google employee working on the assistant seemed to disagree. "We don't want to pretend to be a human," designer Ryan Germick said when discussing the digital assistant at a developer session earlier on Wednesday. Germick did agree, however, that Google's aim was to make the assistant human enough to keep users engaged. The unspoken goal: Keep users asking questions and sharing information with the company -- which can use that to collect more data to improve its answers and services.

Businesses

FCC Says Net Neutrality Rules Will End On June 11 (reuters.com) 103

The Federal Communications Commission said in a notice Thursday that landmark 2015 U.S. open-internet rules will cease on June 11. From a report: The FCC in December repealed the Obama-era "net neutrality" rules, allowing internet providers to block or slow websites as long as they disclose the practice. The FCC said the new rules will take effect 30 days from Friday. An FCC spokeswoman confirmed the new rules will take effect on June 11. A group of states and others have sued to try to block the new rules from taking effect. The revised rules were a win for internet service providers like AT&T and Comcast but are opposed by internet firms like Facebook and Alphabet.
Businesses

ZTE Shuts Down Main Business Operations After US Ban (techcrunch.com) 134

An anonymous reader quotes a report from TechCrunch: ZTE wasn't kidding around when it suggested that a U.S. Department of Commerce order would "severely impact" its survival. It's hard to image a successful path around the seven-year ban on the sale of U.S. products to the company imposed after it reportedly failed to sufficiently reprimand staff for flouting Iranian sanctions. Earlier today, in fact, the Chinese smartphone/telecom manufacturer announced that it had ceased its main business operations as it attempts to figure out the best way forward. "As a result of the Denial Order, the major operating activities of the company have ceased," the company wrote in an exchange filing spotted by Reuters. "As of now, the company maintains sufficient cash and strictly adheres to its commercial obligations subject in compliance with laws and regulations."
Government

Trump Administration Approves 10 New Drone Projects Around the Country (theverge.com) 53

An anonymous reader quotes a report from The Verge: Just over six months after President Trump announced the creation of a program meant to spur the development of drone trials around the country, the Department of Transportation has announced the first 10 winners. Among those selected, three state transportation agencies, two US cities, and two universities will work with private companies like FedEx and CNN on trials that will see drones used for tasks like package delivery, journalism, healthcare, and more.

Formally known as the Unmanned Aircraft Systems Integration Pilot, the program encourages U.S. cities and states to partner with companies on drone trials that expand how the aircraft are used around the country. This includes, in some cases, allowing drones to fly over crowds, beyond the pilot's line of sight, and at night -- situations that are usually prohibited unless the person flying obtains an official waiver from the FAA. The goal with the program is to accelerate potential commercial applications for drone use. One of the 10 selections is Florida's Lee County Mosquito Control District. The small government agency will use drones to help control mosquito populations by searching for hard-to-find pockets of larvae at a faster rate than inspectors can on foot, while also reducing the risk of being bitten. The Choctaw Nation of Oklahoma will work on flying drones beyond a pilot's line of sight as part of a partnership with CNN.
Furthermore, North Carolina's DOT was selected to test the food drone delivery service, Tennessee's Memphis-Shelby County Airport Authority was chosen to test deliveries in partnership with FedEx, and the City of Reno, Nevada was picked to work with Flirtey, a company focused on using drones to deliver medical supplies.

Slashdot Top Deals