aggregator

Google-backed Groups Criticize Apple's New Warnings on User Tracking

Slashdot - Your Rights Online - Pt, 2020-07-03 18:00
A group of European digital advertising associations on Friday criticized Apple's plans to require apps to seek additional permission from users before tracking them across other apps and websites. From a report: Apple last week disclosed features in its forthcoming operating system for iPhones and iPads that will require apps to show a pop-up screen before they enable a form of tracking commonly needed to show personalized ads. Sixteen marketing associations, some of which are backed by Facebook and Google, faulted Apple for not adhering to an ad-industry system for seeking user consent under European privacy rules. Apps will now need to ask for permission twice, increasing the risk users will refuse, the associations argued. Facebook and Google are the largest among thousands of companies that track online consumers to pick up on their habits and interests and serve them relevant ads. Apple said the new feature was aimed at giving users greater transparency over how their information is being used. In training sessions at a developer conference last week, Apple showed that developers can present any number of additional screens beforehand to explain why permission is needed before triggering its pop-up.

Read more of this story at Slashdot.

LinkedIn Says iOS Clipboard Snooping After Every Key Press is a Bug, Will Fix

Slashdot - Your Rights Online - Pt, 2020-07-03 17:01
A LinkedIn spokesperson told ZDNet this week that a bug in the company's iOS app was responsible for a seemingly privacy-intrusive behavior spotted by one of its users on Thursday. From a report: The issue was discovered using the new beta version of iOS 14. For iOS 14, set to be officially released in the fall, Apple has added a new privacy feature that shows a quick popup that lets users know when an app has read content from their clipboard. Using this new mechanism, users spotted last week how Chinese mobile app TikTok was reading content from their clipboard at regular short intervals. TikTok said the feature was part of a fraud detection mechanism and that the company never stole the clipboard content, but promised to remove the behavior anyway, to put users' minds at ease. This week, users continued experimenting with this new iOS 14 clipboard access detection system. Yesterday, a developer from the portfolio-building portal Urspace.io discovered a similar mechanism in the LinkedIn iOS app. In a video shared on Twitter, the Urspace developer showed how LinkedIn's app was reading the clipboard content after every user key press, even accessing the shared clipboard feature that allows iOS apps to read content from a user's macOS clipboard.

Read more of this story at Slashdot.

Inside the Plot To Kill the Open Technology Fund

Slashdot - Your Rights Online - Pt, 2020-07-03 05:30
An anonymous reader quotes a report from VICE News: [The Open Technology Fund is a U.S. government-funded nonprofit, which is part of the umbrella group called the U.S. Agency for Global Media (USAGM), which also controls Radio Free Asia and Voice of America.] OTF's goal is to help oppressed communities across the globe by building the digital tools they need and offering training and support to use those tools. Its work has saved countless lives, and every single day millions of people use OTF-assisted tools to communicate and speak out without fear of arrest, retribution, or even death. The fund has helped dissidents raise their voices beyond China's advanced censorship network, known as the Great Firewall; helped citizens in Cuba to access news from sources other than the state-sanctioned media; and supported independent journalists in Russia so they could work without fear of a backlash from the Kremlin. Closer to home, the tools that OTF has funded, including the encrypted messaging app Signal, have allowed Black Lives Matter protesters to organize demonstrations across the country more securely. But now all of that is under threat, after Michael Pack, a Trump appointee and close ally of Steve Bannon, took control of USAGM in June. Pack has ousted the OTF's leadership, removed its bipartisan board, and replaced it with Trump loyalists, including Bethany Kozma, an anti-transgender activist. One reason the OTF managed to gain the trust of technologists and activists around the world is because, as its name suggests, it invested largely in open-source technology. By definition, open-source software's source code is publicly available, meaning it can be studied, vetted, and in many cases contributed to by anyone in the world. This transparency makes it possible for experts to study code to see if it has, for example, backdoors or vulnerabilities that would allow for governments to compromise the software's security, potentially putting users at risk of being surveilled or identified. Now, groups linked to Pack and Bannon have been pressing for the funding of closed-source technology, which is antithetical to the OTF's work over the last eight years. Pack is being pressed to fund Freegate and Ultrasurf, "two little-known apps that allow users to circumvent internet censorship in repressive regimes but currently have very small user bases inside China," reports Vice. "These apps are not widely trusted by internet freedom experts and activists, according to six experts who spoke to VICE News. That the OTF would pivot its funding from trusted, open-source tech to more obscure, closed-source tech has alarmed activists around the world and has resulted in open revolt among OTF's former leadership." More than half a dozen experts who spoke to VICE News "said the apps' code is out of date, dangerously vulnerable to compromise, and lacks the user base to allow it to effectively scale even if they secured government funding."

Read more of this story at Slashdot.

New Free Speech Site Gets in a Tangle Over<nobr> <wbr></nobr>... Free Speech

Slashdot - Your Rights Online - Pt, 2020-07-03 00:41
The social network bills itself as a 'no censorship' bastion -- but it's already had to remind users what is and isn't allowed. From a report: In recent weeks, Donald Trump has started having his tweets factchecked and published with disclaimers when they contain misleading information. Katie Hopkins, the woman who once compared migrants to cockroaches and called for a "final solution" in relation to Muslims, has been banned from Twitter. And a subreddit called r/The_Donald has been banned after Reddit updated its hate speech guidelines -- Reddit said in a statement that "mocking people with physical disabilities" and "describing a racial minority as sub-human and inferior to the racial majority" will not be allowed. And so, naturally, people are asking where on earth they are supposed to go to get their daily dose of "free speech." Enter Parler, the new, supposedly unbiased free-speech social network that suggests, when you join, you follow people such as Rand Paul, Hopkins and Rudy Giuliani. Other rightwing politicians such as Ted Cruz and Devin Nunes are on it. So too are the much-overlooked members of the Trump family Eric and Lara, commentators such as Candace Owens, and Donald Trump's campaign manager, Brad Parscale. A glance at Parler might lead you to think that the platform is just a benign, more boring version of Twitter. Megyn Kelly is on Parler telling you she doesn't like Mary Trump's new book; Eric Trump is posting boring statements such as "Another great day for the market (amazing how the media and left have been very quiet about this incredible recovery)" -- which reminds you of why Don Jr is the more popular brother; the Daily Caller is retweeting (re-parlering?) a bunch of articles that look like they belong on the Onion. But since the platform's selling point is that it provides a safe space for people who want to use hate speech, the ugliness is there if you want to find it: Hopkins is equating Black Lives Matter protests with "thuggery" and posting comments such as "Our white girls pay the price. Every time" in a post about illegal immigration in Scotland. Andrew Torba -- who tried to make his own alternative free-speech network for those exiled from Twitter -- has called it a magnet for "Z-list Maga celebrities." His website, Gab, quickly became popular with extremists including antisemites and neo-Nazis -- including the Pittsburgh synagogue suspect Robert Bowers, who announced his intentions for mass murder on the platform. Torba's experience shows that regulating free speech on a platform that allows hate speech to run rampant is rife with its own challenges. After the attack in Pittsburgh, Gab was forced offline for a brief period after being dropped by its server, GoDaddy, who said that encouraging violence was in breach of its terms of service.

Read more of this story at Slashdot.

Facebook Says 5,000 App Developers Got User Data After Cutoff Date

Slashdot - Your Rights Online - Cz, 2020-07-02 19:39
Social media giant Facebook disclosed on Wednesday a new user privacy incident. The company said that it continued sharing user data with approximately 5,000 developers even after their application's access expired. From a report: The incident is related to a security control that Facebook added to its systems following the Cambridge Analytica scandal of early 2018. Responding to criticism that it allowed app developers too much access to user information, Facebook added at the time a new mechanism to its API that prevented apps from accessing a user's data if the user did not use the app for more than 90 days. However, Facebook said that it recently discovered that in some instances, this safety mechanism failed to activate and allowed some apps to continue accessing user information even past the 90-day cutoff date. Konstantinos Papamiltiadis, VP of Platform Partnerships at Facebook, said engineers fixed the issue on the same day they found it.

Read more of this story at Slashdot.

One Out of Every 142 Passwords is '123456'

Slashdot - Your Rights Online - Cz, 2020-07-02 18:48
In one of the biggest password re-use studies of its kind, an analysis of more than one billion leaked credentials has discovered that one out of every 142 passwords is the classic "123456" string. From a report: The study, carried out last month by computer engineering student Ata Hakcil, analyzed username and password combinations that leaked online after data breaches at various companies. These "data dumps" have been around for more than half a decade, and have been piling up as new companies are getting hacked. The data dumps are easily available online, on sites like GitHub or GitLab, or freely distributed via hacking forums and file-sharing portals. Over the years, tech companies have been collecting these data dumps. For example, Google, Microsoft, and Apple, have collected leaked credentials to create in-house alert systems that warn users when they're utilizing a "weak" or "common" password.

Read more of this story at Slashdot.

How Police Secretly Took Over a Global Phone Network for Organized Crime

Slashdot - Your Rights Online - Cz, 2020-07-02 16:48
Police monitored a hundred million encrypted messages sent through Encrochat, a network used by career criminals to discuss drug deals, murders, and extortion plots. From a report: Something wasn't right. Starting earlier this year, police kept arresting associates of Mark, a UK-based alleged drug dealer. Mark took the security of his operation seriously, with the gang using code names to discuss business on custom, encrypted phones made by a company called Encrochat. For legal reasons, Motherboard is referring to Mark using a pseudonym. Because the messages were encrypted on the devices themselves, police couldn't tap the group's phones or intercept messages as authorities normally would. On Encrochat, criminals spoke openly and negotiated their deals in granular detail, with price lists, names of customers, and explicit references to the large quantities of drugs they sold, according to documents obtained by Motherboard from sources in and around the criminal world. Maybe it was a coincidence, but in the same time frame, police across the UK and Europe busted a wide range of criminals. In mid-June, authorities picked up an alleged member of another drug gang. A few days later, law enforcement seized millions of dollars worth of illegal drugs in Amsterdam. It was as if the police were detaining people from completely unrelated gangs simultaneously. "[The police] all over it aren't they," the dealer wrote in one of the messages obtained by Motherboard. "My heads still baffled how they got on all my guys." Unbeknownst to Mark, or the tens of thousands of other alleged Encrochat users, their messages weren't really secure. French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months. Investigators then shared those messages with agencies around Europe. Only now is the astonishing scale of the operation coming into focus: It represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever, with Encrochat users spreading beyond Europe to the Middle East and elsewhere. French, Dutch, and other European agencies monitored and investigated "more than a hundred million encrypted messages" sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands, a team of international law enforcement agencies announced Thursday. As dealers planned trades, money launderers washed their proceeds, and even criminals discussed their next murder, officers read their messages and started taking suspects off the street.

Read more of this story at Slashdot.

New Mac Ransomware Is Even More Sinister Than It Appears

Slashdot - Your Rights Online - Cz, 2020-07-02 15:00
An anonymous reader quotes a report from Wired: The threat of ransomware may seem ubiquitous, but there haven't been too many strains tailored specifically to infect Apple's Mac computers since the first full-fledged Mac ransomware surfaced only four years ago. So when Dinesh Devadoss, a malware researcher at the firm K7 Lab, published findings on Tuesday about a new example of Mac ransomware, that fact alone was significant. It turns out, though, that the malware, which researchers are now calling ThiefQuest, gets more interesting from there. In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or "second stage," attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy. Though ThiefQuest is packed with menacing features, it's unlikely to infect your Mac anytime soon unless you download pirated, unvetted software. Thomas Reed, director of Mac and mobile platforms at the security firm Malwarebytes, found that ThiefQuest is being distributed on torrent sites bundled with name-brand software, like the security application Little Snitch, DJ software Mixed In Key, and music production platform Ableton. K7's Devadoss notes that the malware itself is designed to look like a "Google Software Update program." So far, though, the researchers say that it doesn't seem to have a significant number of downloads, and no one has paid a ransom to the Bitcoin address the attackers provide. [...] Given that the malware is being distributed through torrents, seems to focus on stealing money, and still has some kinks, the researchers say it was likely created by criminal hackers rather than nation state spies looking to conduct espionage.

Read more of this story at Slashdot.

US Secures World Stock of Key COVID-19 Drug Remdesivir

Slashdot - Your Rights Online - Cz, 2020-07-02 09:00
The U.S. has bought up virtually all the stocks of remdesivir, perhaps the most closely watched experimental drug to treat COVID-19. The Guardian reports: Remdesivir, the first drug approved by licensing authorities in the U.S. to treat Covid-19, is made by Gilead and has been shown to help people recover faster from the disease. The first 140,000 doses, supplied to drug trials around the world, have been used up. The Trump administration has now bought more than 500,000 doses, which is all of Gilead's production for July and 90% of August and September. "President Trump has struck an amazing deal to ensure Americans have access to the first authorised therapeutic for Covid-19," said the U.S. health and human services secretary, Alex Azar. "To the extent possible, we want to ensure that any American patient who needs remdesivir can get it. The Trump administration is doing everything in our power to learn more about life-saving therapeutics for Covid-19 and secure access to these options for the American people." The drug, which was trialled in the Ebola epidemic but failed to work as expected, is under patent to Gilead, which means no other company in wealthy countries can make it. The cost is around $3,200 per treatment of six doses, according to the US government statement. The deal was announced as it became clear that the pandemic in the U.S. is spiralling out of control. Anthony Fauci, the country's leading public health expert and director of the National Institute of Allergy and Infectious Diseases, told the Senate the U.S. was sliding backwards.

Read more of this story at Slashdot.

Uncovered: 1,000 Phrases That Incorrectly Trigger Alexa, Siri, and Google Assistant

Slashdot - Your Rights Online - Cz, 2020-07-02 00:02
An anonymous reader quotes a report from The Wall Street Journal: As Alexa, Google Home, Siri, and other voice assistants have become fixtures in millions of homes, privacy advocates have grown concerned that their near-constant listening to nearby conversations could pose more risk than benefit to users. New research suggests the privacy threat may be greater than previously thought. The findings demonstrate how common it is for dialog in TV shows and other sources to produce false triggers that cause the devices to turn on, sometimes sending nearby sounds to Amazon, Apple, Google, or other manufacturers. In all, researchers uncovered more than 1,000 word sequences -- including those from Game of Thrones, Modern Family, House of Cards, and news broadcasts -- that incorrectly trigger the devices. "The devices are intentionally programmed in a somewhat forgiving manner, because they are supposed to be able to understand their humans," one of the researchers, Dorothea Kolossa, said. "Therefore, they are more likely to start up once too often rather than not at all." When devices wake, the researchers said, they record a portion of what's said and transmit it to the manufacturer. The audio may then be transcribed and checked by employees in an attempt to improve word recognition. The result: fragments of potentially private conversations can end up in the company logs. The research paper, titled "Unacceptable, where is my privacy?," hasn't yet been published, although a brief write-up of the findings can be found here.

Read more of this story at Slashdot.

Zoom Misses Its Own Deadline To Publish Its First Transparency Report

Slashdot - Your Rights Online - Śr, 2020-07-01 23:25
How many government demands for user data has Zoom received? We won't know until "later this year," an updated Zoom blog post now says. From a report: The video conferencing giant previously said it would release the number of government demands it has received by June 30. But the company said it's missed that target and has given no firm new date for releasing the figures. It comes amid heightened scrutiny of the service after a number of security issues and privacy concerns came to light following a massive spike in its user base, thanks to millions working from home because of the coronavirus pandemic. In a blog post today reflecting on the company's turnaround efforts, chief executive Eric Yuan said the company has "made significant progress defining the framework and approach for a transparency report that details information related to requests Zoom receives for data, records or content. We look forward to providing the fiscal [second quarter] data in our first report later this year," he said. Transparency reports offer rare insights into the number of demands or requests a company gets from the government for user data. These reports are not mandatory, but are important to understand the scale and scope of government surveillance.

Read more of this story at Slashdot.

China's Influence Via WeChat Is 'Flying Under the Radar' of Most Western Democracies

Slashdot - Your Rights Online - Śr, 2020-07-01 18:04
China's WeChat, like most social networks, is a haven for disinformation and "fake news". Less well-known, at least in the West, is its role in mobilising Chinese diaspora communities to support particular political policies or people, according to a report. schwit1 shares the report: These activities are coordinated through a system known as the United Front, a network of party and state agencies that are responsible for influencing purportedly independent groups outside the Chinese Communist Party. At the very top, the United Front Work Department is led by China's fourth most senior political leader, Wang Yang. President Xi Jinping and his family have been involved in United Front work for decades. "Where United Front really works their biggest magic is actually on social media WeChat," says Maree Ma, general manager of Vision Times, a leading Chinese-language Australian media outlet. WeChat's private groups are capped at 500 members, but according to Ma, there's "hundreds" of United Front organisations in Australia, each of them with many of these groups.

Read more of this story at Slashdot.

Supreme Court Says Generic Domains Like Booking.com Can Be Trademarked

Slashdot - Your Rights Online - Śr, 2020-07-01 15:00
An anonymous reader quotes a report from Ars Technica: The U.S. Patent and Trademark Office erred by finding the term booking.com was too generic for trademark protection, the Supreme Court ruled on Tuesday. Trademark law prohibits anyone from registering generic terms that describe a class of products or services. Anyone can start a store company called "The Wine Company," but they can't use trademark law to stop others from using the same name. When the online travel giant Bookings Holdings sought to trademark its booking.com domain name almost a decade ago, the U.S. Patent and Trademark Office concluded that the same rule applied. Booking Holdings challenged this decision in court. The company pointed to survey data showing that consumers associated the phrase "booking.com" with a specific website as opposed to a generic term for travel websites. Both the trial and appeals courts sided with booking.com, finding that booking.com was sufficiently distinctive to merit its own trademark -- even if the generic word "booking" couldn't be trademarked on its own. Trademark law declines to protect generic terms in an effort to promote competition. If a company could trademark a word like "booking" or "wine," it could interfere with competitors who want to accurately describe their products in the marketplace. That would give companies that trademark generic terms an unfair advantage. But an opinion by Justice Ruth Bader Ginsburg (and joined by seven other justices) found that this wasn't a serious concern for dot-com trademarks. A company like Travelocity or Expedia might describe itself as "a booking website," but it would never describe itself as "a booking.com." Ginsburg notes that the rules of the domain-name system ensure that only one company can use a name like booking.com, so consumers are likely to understand that "booking.com" refers to a particular website -- it's not a generic term for booking websites in general.

Read more of this story at Slashdot.

National Mask Mandate Could Save 5 Percent of GDP, Economists Say

Slashdot - Your Rights Online - Wt, 2020-06-30 22:10
An anonymous reader quotes a report from The Washington Post: After a late-spring lull, daily coronavirus cases in the United States have again hit record highs, driven by resurgent outbreaks in states such as Florida, Arizona and California. Hospitals in Houston are already on the brink of being overwhelmed, and public health experts worry the pandemic's body count will soon again be climbing in tandem with the daily case load. The dire situation has raised the specter of another round of state-level stay-at-home orders to halt the pandemic's spread and caused a number of governors to pause or reverse their ongoing reopening plans. Against this backdrop, a team of economists at investment bank Goldman Sachs has published an analysis suggesting more painful shutdowns could be averted if the United States implements a nationwide mask mandate. "A face mask mandate could potentially substitute for lockdowns that would otherwise subtract nearly 5% from GDP," the team, led by the company's chief economist, Jan Hatzius, writes. It's worth noting the authors of the report are economists and not public health experts. Their primary motivation is to protect the economic interests of Goldman Sachs's investors, which is why they're interested in the effects of federal policy on gross domestic product. But their findings are in line with a number of other published studies on the efficacy of masks. The Goldman Sachs report notes the United States is a global outlier with respect to face mask use, which is widespread in Asia and currently mandated in many European countries. Though the Centers for Disease Control and Prevention "recommends" the use of masks in public and 20 states plus the District of Columbia have implemented their own mandates, there is no binding national policy, with wide regional variations in mask use around the country. "We estimate that statewide mask mandates gradually raise the percentage of people who 'always' or 'frequently' wear masks by around 25 [percentage points] in the 30+ days after signing," the authors write. "Our numerical estimates are that cumulative cases grow 17.3% per week without a mask mandate but only 7.3% with a mask mandate, and that cumulative fatalities grow 29% per week without a mask mandate but only 16% with a mask mandate."

Read more of this story at Slashdot.

Google Removes 25 Android Apps Caught Stealing Facebook Credentials

Slashdot - Your Rights Online - Wt, 2020-06-30 16:10
Google has removed this month 25 Android apps from the Google Play Store that were caught stealing Facebook credentials. From a report: Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same. According to a report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors, wallpaper apps, flashlight applications, file managers, and mobile games. The apps offered a legitimate functionality, but they also contained malicious code. Evina researchers say the apps contained code that detected what app a user recently opened and had in the phone's foreground. If the app was Facebook, the malicious app would overlay a web browser window on top of the official Facebook app and load a fake Facebook login page (see image below: blue bar = actual Facebook app, black bar = phishing page).

Read more of this story at Slashdot.

With DOJ Charges, Former VC Mike Rothenberg Could Now Be Facing Serious Jail Time

Slashdot - Your Rights Online - Wt, 2020-06-30 03:30
Connie Loizos writing via TechCrunch: While some in Silicon Valley might prefer to forget about investor Mike Rothenberg roughly four years after his young venture firm began to implode, his story is still being written, and the latest chapter doesn't bode well for the 36-year-old. While Rothenberg earlier tangled with the Securities and Exchange Commission and lost, it was a civil matter, if one that could haunt him for the rest of his life. Now, the U.S. Department of Justice has brought two criminal wire fraud charges against him, charges that he made two false statements to a bank and money laundering charges, all of which could result in a very long time in prison depending on how things play out. How long, exactly? The DOJ says the the two bank fraud charges and the two false statements to a bank charges "each carry a maximum of 30 years in prison, not more than five years supervised release, and a $1,000,000 fine," while the money laundering charges "carry a penalty of imprisonment of not more than ten years, not more than three years of supervised release, and a fine of not more than twice the amount of the criminally derived property involved in the transaction at issue." The damage done in the brief life of Rothenberg's venture outfit -- even while understood in broad strokes by industry watchers -- is rather breathtaking. As laid out by the DOJ, Rothenberg raised and managed four funds from the time he founded his firm, Rothenberg Ventures, in 2012, through 2016, and his criminal activities began almost immediately...

Read more of this story at Slashdot.

1 Killed, 2 Shot Outside Amazon Warehouse In Jacksonville

Slashdot - Your Rights Online - Pn, 2020-06-29 23:52
A 20-year-old man was killed and two others injured when two suspects opened fire outside an Amazon warehouse in Jacksonville. From a report: According to JSO, the man who was killed was targeted by the shooters who fled from the scene in a silver car. JSO is now searching for three suspects, including the driver of the getaway car. The 20-year-old victim was standing in line for job applications with about six others outside of the facility when the suspects began firing, JSO said. JSO believes the suspects knew the victim. "We're trying to determine what the motive was why they were after this victim. We have about 10 eyewitnesses that were both inside and outside of the facility," said JSO Assistant Chief Brian Kee. "This does not appear to be a workplace violent incident that you would normally associate with workplace violence or mass shootings." A 29-year-old man was grazed in the arm and a 22-year-old man was grazed in the foot during the shooting. Both were treated and did not require hospitalization, JSO said. People claiming to be family members of Amazon employees at the facility said on social media that employees were placed on lockdown inside. A woman who said she witnessed the shooting and asked not to be identified said she was just feet away from the man who was killed. "As I started to go back inside the Amazon doors, I turned my head slightly to the right, I saw the gunman standing right there with a gun in his hand and next thing you know he just started shooting," she said. "He just let off about five or six rounds. I stood there in complete shock because I couldn't believe what was actually happening in front of my face." Developing...

Read more of this story at Slashdot.

Apple Declined To Implement 16 Web APIs in Safari Due To Privacy Concerns

Slashdot - Your Rights Online - Pn, 2020-06-29 16:56
Apple said last week that it declined to implement 16 new web technologies (Web APIs) in Safari because they posed a threat to user privacy by opening new avenues for user fingerprinting. Technologies that Apple declined to include in Safari because of user fingerprinting concerns include: Web Bluetooth - Allows websites to connect to nearby Bluetooth LE devices. Web MIDI API - Allows websites to enumerate, manipulate and access MIDI devices. Magnetometer API - Allows websites to access data about the local magnetic field around a user, as detected by the device's primary magnetometer sensor. Web NFC API - Allows websites to communicate with NFC tags through a device's NFC reader. Device Memory API - Allows websites to receive the approximate amount of device memory in gigabytes. Network Information API - Provides information about the connection a device is using to communicate with the network and provides a means for scripts to be notified if the connection type changes. Battery Status API - Allows websites to receive information about the battery status of the hosting device. Web Bluetooth Scanning - Allows websites to scan for nearby Bluetooth LE devices. Ambient Light Sensor - Lets websites get the current light level or illuminance of the ambient light around the hosting device via the device's native sensors. [...] The vast majority of these APIs are only implemented in Chromium-based browsers, and very few on Mozilla's platform. Apple claims that the 16 Web APIs above would allow online advertisers and data analytics firms to create scripts that fingerprint users and their devices.

Read more of this story at Slashdot.

America Pushes Europe to Reject Chinese Baggage Screening Tech

Slashdot - Your Rights Online - Pn, 2020-06-29 00:04
An anonymous reader quotes Engadget: The U.S. fight against Chinese technology appears to be extending to another category: the security screening you normally see at the airport or border. Wall Street Journal sources understand the National Security Council and other U.S. agencies are pushing European governments (including Germany, Greece and Italy) to avoid using baggage, cargo and passenger screening systems from Nuctech, a Chinese state-run company that already has a foothold in the continent. American officials are reportedly worried any connected devices could pass sensitive data like passenger info and shipping manifests to Chinese spies. Much like the claims against Huawei, there's no publicly available evidence of Nuctech forwarding data to Chinese surveillance systems. The U.S. Transportation Security Administration barred Nuctech from many U.S. airports in 2014 following a review, although the report is classified... The U.S. is supposedly asking European nations to replace Nuctech equipment with American equivalents — it stands to benefit if the Chinese company gets kicked out. That's a strong incentive to keep up the campaign, even if the surveillance claims are unwarranted.

Read more of this story at Slashdot.

Are Uber Drivers Employees? Uber Faces Two Big Court Challenges

Slashdot - Your Rights Online - N, 2020-06-28 17:34
Strider- (Slashdot reader #39,683) shares a story from Reuters: Canada's Supreme Court on Friday ruled in favor of a driver in a gig economy case that paves the way for a class action suit calling for Uber Technologies Inc to recognize drivers in Canada as company employees. UberEats driver David Heller had filed a class action suit, challenged by Uber, aiming to secure a minimum wage, vacation pay and other benefits like overtime pay. Drivers are now classified as independent contractors and do not have such benefits. A lower court had already ruled that Uber's contracts included an arbitration clause that was "invalid and unenforceable," Reuters, reports, and it was Uber's attempt to appeal of that ruling that was dismissed by Canada's Supreme Court in an 8-1 vote. Reuters notes that "The arbitration process, which must be conducted in the Netherlands where Uber has its international headquarters, costs about C$19,000 ($14,500)." Meanwhile, CNN also reports that Uber and Lyft "could soon be forced to reclassify their drivers in California as employees or cease operating in the state as part of an escalating legal battle over a new law impacting much of the on-demand economy." California Attorney General Xavier Becerra and a coalition of city attorneys intend to file for a preliminary injunction this week to force the two ride-hailing companies to comply with the new state law, according to a press release issued Wednesday... "It's time for Uber and Lyft to own up to their responsibilities and the people who make them successful: their workers," said Becerra in a statement concerning the injunction the state is intending to file. "Misclassifying your workers as 'consultants' or 'independent contractors' simply means you want your workers or taxpayers to foot the bill for obligations you have as an employer.

Read more of this story at Slashdot.