aggregator

Apple Forced To Add iPhone and MacBook Repairability Scores To Comply With French Law

Slashdot - Your Rights Online - 2 godzin 52 min ago
Apple has added iPhone and MacBook repairability scores to its online store in France to comply with a new French law that came into effect this year. From a report: MacGeneration reports that the rating takes into account features like how easily a device can be disassembled and the availability of repair manuals and spare parts. Links to each product's final score, with details for how they were calculated, are available on this support page. The ratings for Apple's products vary between products and generations. Its iPhone 12 lineup all have scores of six out of 10 for example, while the previous year's iPhone 11s are rated lower at between 4.5 and 4.6. The improvement, according to the detailed scoring assessment, is due to the newer iPhones being easier to dismantle than the previous year's models, and spare parts being cheaper compared to the cost of the phone itself. There's less of a spread between the company's different MacBook models, whose scores range from 5.6 to 7.

Read more of this story at Slashdot.

Apple Mail and Hidden Tracking Images

Slashdot - Your Rights Online - 4 godzin 27 min ago
John Gruber, writing at DaringFireball: In my piece yesterday about email tracking images ("spy pixels" or "spy trackers"), I complained about the fact that Apple -- a company that rightfully prides itself for its numerous features protecting user privacy -- offers no built-in defenses for email tracking. A slew of readers wrote to argue that Apple Mail does offer such a feature: the option not to load any remote resources at all. It's a setting for Mail on both Mac and iOS, and I know about it -- I've had it enabled for years. But this is a throwing-the-baby-out-with-bath-water approach. What Hey offers -- by default -- is the ability to load regular images automatically, so your messages look "right", but block all known images from tracking sources (which are generally 1 x 1 px invisible GIFs). Typical users are never going to enable Mail's option not to load remote content. It renders nearly all marketing messages and newsletters as weird-looking at best, unreadable at worst. And when you get a message whose images you do want to see, when you tell Mail to load them, it loads all of them -- including trackers. Apple Mail has no knowledge of spy trackers at all, just an all-or-nothing ability to turn off all remote images and load them manually. Mail's "Load remote content in messages" option is a great solution to bandwidth problems -- remember to turn it on the next time you're using Wi-Fi on an airplane, for example. It's a terrible solution to tracking. No one would call it a good solution to tracking if Safari's only defense were an option not to load any images at all until you manually click a button in each tab to load them all. But that's exactly what Apple offers with Mail. "Don't get me started on how predictable this entire privacy disaster was, once we lost the war over whether email messages should be plain text only or could contain embedded HTML. Effectively all email clients are web browsers now, yet don't have any of the privacy protection features actual browsers do," he adds.

Read more of this story at Slashdot.

Biden Lifts Trump-Era Ban Blocking Legal Immigration To US

Slashdot - Your Rights Online - Pt, 2021-02-26 19:00
President Joe Biden has lifted a freeze on green cards issued by his predecessor during the pandemic that lawyers said was blocking most legal immigration to the United States. From a report: Former President Donald Trump last spring halted the issuance of green cards until the end of 2020 in the name of protecting the coronavirus-wracked job market -- a reason that Trump gave to achieve many of the cuts to legal immigration that had eluded him before the pandemic. Trump on Dec. 31 extended those orders until the end of March. Trump had deemed immigrants a "risk to the U.S. labor market" and blocked their entry to the United States in issuing Proclamation 10014 and Proclamation 10052. Biden stated in his proclamation Wednesday that shutting the door on legal immigrants "does not advance the interests of the United States." "To the contrary, it harms the United States, including by preventing certain family members of United States citizens and lawful permanent residents from joining their families here. It also harms industries in the United States that utilize talent from around the world," Biden stated in his proclamation. Most immigrant visas were blocked by the orders, according to immigration lawyers. As many as 120,000 family-based preference visas were lost largely because of the pandemic-related freeze in the 2020 budget year, according to the American Immigrant Lawyers Association.

Read more of this story at Slashdot.

Valve Has To Provide Some Steam Sales Data To Apple, Judge Says

Slashdot - Your Rights Online - Pt, 2021-02-26 06:30
A US magistrate judge has ordered Valve to provide sales data to Apple in response to a subpoena issued amid Apple's continuing legal fight with Epic Games. From a report: In addition to some aggregate sales data for the entirety of Steam, Valve will only have to provide specific, per-title pricing and sales data for "436 specific apps that are available on both Steam and the Epic Games Store," according to the order. That's a significant decrease from the 30,000+ titles Apple for which Apple originally requested data. In resisting the subpoena, Valve argued that its Steam sales data was irrelevant to questions about the purely mobile app marketplaces at issue in the case. Refocusing the request only on games available on both Steam and the Epic Games Store makes it more directly relevant to the questions of mobile competition in the case, Judge Thomas Hixson writes in his order. "Recall that in these related cases, [Epic] allege that Apple's 30% commission on sales through its App Store is anti-competitive and that allowing iOS apps to be sold through other stores would force Apple to reduce its commission to a more competitive level," Hixson writes in the order. "By focusing... on 436 specific games that are sold in both Steam and Epic's store, Apple seeks to take discovery into whether the availability of other stores does in fact affect commissions in the way [Epic] allege." The California judge overseeing Apple's attempts to drag Valve into an ongoing beef with Epic Games admitted that Apple "salted the Earth with subpoenas, so don't worry, it's not just you."

Read more of this story at Slashdot.

Facebook Is Considering Facial Recognition For Its Upcoming Smart Glasses

Slashdot - Your Rights Online - Pt, 2021-02-26 00:55
Facebook is discussing building facial recognition into its upcoming smart glasses product and has been weighing the legal implications of the controversial technology, Buzzfeed News reported citing remarks from executives at an internal meeting Thursday. From a report: During a scheduled companywide meeting, Andrew Bosworth, Facebook's vice president of augmented and virtual reality, told employees that the company is currently assessing whether or not it has the legal capacity to offer facial recognition on devices that are reportedly set to launch later this year. Nothing had been decided, he said, and he noted that current state laws may make it impossible for Facebook to offer people the ability to search for others based on pictures of their face. "Face recognition ... might be the thorniest issue, where the benefits are so clear, and the risks are so clear, and we don't know where to balance those things," Bosworth said in response to an employee question about whether people would be able to "mark their faces as unsearchable" when smart glasses become a prevalent technology. The unnamed worker specifically highlighted fears about the potential for "real-world harm," including "stalkers."

Read more of this story at Slashdot.

A New Browser Extension Blocks Any Websites that Use Google, Facebook, Microsoft, or Amazon

Slashdot - Your Rights Online - Śr, 2021-02-24 13:57
The Economic Security Project is trying to make a point about big tech monopolies by releasing a browser plugin that will block any sites that reach out to IP addresses owned by Google, Facebook, Microsoft, or Amazon. From a report: The extension is called Big Tech Detective, and after using the internet with it for a day (or, more accurately, trying and failing to use), I'd say it drives home the point that it's almost impossible to avoid these companies on the modern web, even if you try. Currently, the app has to be side-loaded onto Chrome, and the Economic Security Project expects that will remain the case. It's also available to side-load onto Firefox. By default, it just keeps track of how many requests are sent, and to which companies. If you configure the extension to actually block websites, you'll see a big red popup if the website you're visiting sends a request to any of the four. That popup will also include a list of all the requests so you can get an idea of what's being asked for.

Read more of this story at Slashdot.

Firefox's Total Cookie Protection Aims To Stop Tracking Between Multiple Sites

Slashdot - Your Rights Online - Wt, 2021-02-23 17:13
As part of its war on web tracking, Mozilla is adding a new tool to Firefox aimed at stopping cookies from keeping tabs on you across multiple sites. From a report: The "Total Cookie Protection" feature is included in the web browser's latest release -- alongside multiple picture-in-picture views -- and essentially works by keeping cookies isolated between each site you visit. Or, in Mozilla's words: "By creating a separate cookie jar for every website." Firefox's new feature pares with last month's network partitioning tool, which works by splitting the Firefox browser cache on a per-website basis to prevent tracking across the web, itself targeted at blocking more stubborn "supercookies." According to Mozilla, these types of cookies are more difficult to delete and block as they are stored in obscure parts of the browser, including in Flash storage, ETags, and HSTS flags. Both tools are available as part of Firefox's enhanced tracking protection suite in "strict mode" on desktop and Android.

Read more of this story at Slashdot.

Google Finally Adds iOS Privacy Labels To Gmail

Slashdot - Your Rights Online - Wt, 2021-02-23 11:25
Google today quietly added App Privacy labels to its Gmail app, marking the first of its major apps to receive the privacy details aside from YouTube. From a report: Though App Privacy information has been added to Gmail, Google has done so server side and has yet to issue an update to the Gmail app. It has been two months since the Gmail app last saw an update. Earlier in February, the Gmail app was displaying warnings about the app being out of date as it has been so long since new security features were added, but Google eliminated that messaging without pushing an update to the app. Apple has been enforcing App Privacy labels since December, and Google has been slow to support the feature. Google said in early January that it would add privacy data to its app catalog "this week or next week," but by January 20, most apps still had not been updated with the App Privacy. Google has since been adding App Privacy labels to apps like YouTube and some of its smaller apps, but of major apps like Google Search, Google Photos, and Google Maps, Gmail is the first to get the new labeling.

Read more of this story at Slashdot.

Clubhouse Chats Are Breached, Raising Concerns Over Security

Slashdot - Your Rights Online - Pn, 2021-02-22 21:12
A week after popular audio chatroom app Clubhouse said it was taking steps to ensure user data couldn't be stolen by malicious hackers or spies, at least one attacker has proven the platform's live audio can be siphoned. From a report: An unidentified user was able to stream Clubhouse audio feeds this weekend from "multiple rooms" into their own third-party website, said Reema Bahnasy, a spokeswoman for Clubhouse. While the company says it's "permanently banned" that particular user and installed new "safeguards" to prevent a repeat, researchers contend the platform may not be in a position to make such promises. Users of the invitation-only iOS app should assume all conversations are being recorded, the Stanford Internet Observatory, which was first to publicly raise security concerns on Feb. 13, said late Sunday. "Clubhouse cannot provide any privacy promises for conversations held anywhere around the world," said Alex Stamos, director of the SIO and Facebook's former security chief. Stamos and his team were also able to confirm that Clubhouse relies on a Shanghai-based startup called Agora to handle much of its back-end operations. While Clubhouse is responsible for its user experience, like adding new friends and finding rooms, the platform relies on the Chinese company to process its data traffic and audio production, he said.

Read more of this story at Slashdot.

Apple Is Going To Make It Harder to Hack iPhones With Zero-Click Attacks

Slashdot - Your Rights Online - Pn, 2021-02-22 19:03
Apple is going to make one of the most powerful types of attacks on iPhones much harder to pull off in an upcoming update of iOS. From a report: The company quietly made a new change in the way it secures the code running in its mobile operating system. The change is in the beta version of the next iOS version, 14.5, meaning it is currently slated to be added to the final release. Several security researchers who specialize in finding vulnerabilities in and crafting exploits for iOS believe this new mitigation will make it much harder for hackers to take control of an iPhone with a technique known as a zero-click (or 0-click) exploit, which allows a hacker to take over an iPhone with no interaction from the target. Apple also told Motherboard it believes the changes will impact 0-click attacks. "It will definitely make 0-clicks harder. Sandbox escapes too. Significantly harder," a source who develops exploits for government customers told Motherboard, referring to "sandboxes" which isolate applications from each other in an attempt to stop code from one program interacting with the wider operating system. Motherboard granted multiple exploit developers anonymity to speak more candidly about sensitive industry issues. Like the name suggests, zero-click attacks allow hackers to break into a target without needing the victim to interact with anything, such as a malicious phishing link. This means that the attack is generally harder for the targeted user to detect. These are generally very sophisticated attacks. These attacks may now become much rarer, according to several security researchers who look for vulnerabilities in iOS.

Read more of this story at Slashdot.

Silicon Valley-backed Groups Sue Maryland To Kill Country's First-Ever Online Advertising Tax

Slashdot - Your Rights Online - Pt, 2021-02-19 03:30
Top lobbying groups backed by Amazon, Facebook, Google and other technology giants sued Maryland on Thursday, seeking to scuttle a new state tax on their massive online-advertising revenue -- and stop other local governments from following its lead. From a report: The legal challenge contends that Maryland's first-in-the-nation tax is unfair, unconstitutional and incompatible with federal laws that prohibit state policymakers from instituting levies specifically targeting online services. The lawsuit is backed by a broad coalition of businesses nationwide through a series of trade groups, including the U.S. Chamber of Commerce and the Internet Association, a Washington-based organization that counts Silicon Valley's most prominent companies among its members. It carries great legal and political significance at a time when lawmakers well beyond Maryland's borders are starting to eye the tech industry's eye-popping pandemic profits as a potential source of much-needed new revenue. "In light of the current pandemic and economic uncertainty, increasing taxes on services used by small businesses to keep themselves running is a particularly poor and ill-timed policy," Caroline Harris, the vice president for tax policy at the U.S. Chamber, said in a statement. In the complaint, which was filed in U.S. District Court in Maryland, the tech giants and their political allies argue that the state's online advertising tax suffers from "many infirmities" and, as a result, threatens to "raise costs for consumers and make it more difficult for businesses to connect with potential customers."

Read more of this story at Slashdot.

Biden To Order Review of US Reliance on Overseas Supply Chains For Semiconductors, Rare Earths

Slashdot - Your Rights Online - Cz, 2021-02-18 18:44
President Joe Biden will direct his administration to conduct a review of key U.S. supply chains including semiconductors, high-capacity batteries, medical supplies and rare earth metals. From a report: The assessment, which will be led by members of both Biden's economic and national security teams, will analyze the "resiliency and capacity of the American manufacturing supply chains and defense industrial base to support national security [and] emergency preparedness," according to a draft of an executive order seen by CNBC. The text of the executive order is being finalized and the ultimate language could vary from the current draft. The White House also plans to review gaps in domestic manufacturing and supply chains that are dominated by or run through "nations that are or are likely to become unfriendly or unstable." Though the order does not mention China, the directive is likely in large part an effort by the administration to determine how reliant the U.S. economy and military are on a critical group of Chinese exports. Biden said earlier this month that his White House is gearing up for "extreme competition" with China. The pending executive order is one of the administration's first tangible efforts to evaluate and shore up American business and defense interests through a thorough review of where, and from which countries, it receives key raw materials. Some of the commodities and components listed in the order included rare earth metals, a group of minerals used in the production of a variety of advanced technologies, including computer screens, state-of-the-art weapons and electric vehicles.

Read more of this story at Slashdot.

US Charges Three North Koreans in $1.3 Billion Hacking Spree

Slashdot - Your Rights Online - Śr, 2021-02-17 19:00
The United States has charged three North Korean computer programmers with a massive hacking spree that stole more than $1.3 billion in money and cryptocurrency, the Department of Justice said Wednesday. From a report: Officials added that a Canadian-American citizen has pleaded guilty to laundering some of the alleged hackers' money. The indictment alleges that Jon Chang Hyok, 31, Kim Il, 27, and Park Jin Hyok, 36, stole money while working for North Korea's military intelligence services. Park had previously been charged in a complaint unsealed in 2018.

Read more of this story at Slashdot.

Spy Pixels In Emails Have Become Endemic

Slashdot - Your Rights Online - Śr, 2021-02-17 18:06
AmiMoJo writes: The use of "invisible" tracking tech in emails is now "endemic", according to a messaging service that analysed its traffic at the BBC's request. Hey's review indicated that two-thirds of emails sent to its users' personal accounts contained a "spy pixel", even after excluding for spam. Its makers said that many of the largest brands used email pixels, with the exception of the "big tech" firms. Defenders of the trackers say they are a commonplace marketing tactic. And several of the companies involved noted their use of such tech was mentioned within their wider privacy policies. Emails pixels can be used to log: if and when an email is opened, how many times it is opened, what device or devices are involved, the user's rough physical location, deduced from their internet protocol (IP) address - in some cases making it possible to see the street the recipient is on. This information can then be used to determine the impact of a specific email campaign, as well as to feed into more detailed customer profiles. Hey's co-founder David Heinemeier Hansson says they amount to a "grotesque invasion of privacy". And other experts have also questioned whether companies are being as transparent as required under law about their use.

Read more of this story at Slashdot.

New York Sues Amazon, Saying It Inadequately Protected Workers From Covid-19

Slashdot - Your Rights Online - Śr, 2021-02-17 17:00
New York's attorney general, Letitia James, sued Amazon on Tuesday evening, arguing that the company provided inadequate safety protection for workers in New York City during the pandemic and retaliated against employees who raised concerns over the conditions. From a report: The case focuses on two Amazon facilities: a large warehouse on Staten Island and a delivery depot in Queens. Ms. James argues that Amazon failed to properly clean its buildings, conducted inadequate contact tracing for known Covid-19 cases, and "took swift retaliatory action" to silence complaints from workers. "Amazon's extreme profits and exponential growth rate came at the expense of the lives, health and safety of its frontline workers," Ms. James argued in the complaint, filed in New York Supreme Court. Kelly Nantel, a spokeswoman for Amazon, said the company cared "deeply about the health and safety" of its workers. "We don't believe the attorney general's filing presents an accurate picture of Amazon's industry-leading response to the pandemic," Ms. Nantel said. Last week, Amazon preemptively sued Ms. James in federal court in an attempt to stop her from bringing the charges. The company argued that workplace safety was a matter of federal, not state, law.

Read more of this story at Slashdot.

Losses To Romance Scams Reached a Record $304 Million in 2020

Slashdot - Your Rights Online - Śr, 2021-02-17 05:30
The current COVID-19 pandemic and the subsequent stay-at-home and social distancing directives might have played a major role in romance scams losses reaching record levels in 2020, the US Federal Trade Commission said in a report last week. From a report: Total losses were estimated at a record $304 million, up about 50% from 2019, with the average loss last year being estimated at $2,500 per individual. "From 2016 to 2020, reported total dollar losses increased more than fourfold, and the number of reports nearly tripled," the agency said. The FTC believes that the 50% spike in extra losses recorded in 2020 can be attributed to the COVID-19 pandemic, which has limited people's ability to meet in person and has forced more users towards using online long-distance and impersonal communications, such as dating apps. In most cases, the ruse of these scams is that the targets of a romance scam have to send money back to the crooks.

Read more of this story at Slashdot.

270 Addresses Are Responsible for 55% of All Cryptocurrency Money Laundering

Slashdot - Your Rights Online - Pn, 2021-02-15 19:01
Criminals who keep their funds in cryptocurrency tend to launder funds through a small cluster of online services, blockchain investigations firm Chainalysis said in a report last week. From a report: This includes services like high-risk (low-reputation) crypto-exchange portals, online gambling platforms, cryptocurrency mixing services, and financial services that support cryptocurrency operations headquartered in high-risk jurisdictions. Criminal activity studied in this report included cryptocurrency addresses linked to online scams, ransomware attacks, terrorist funding, hacks, transactions linked to child abuse materials, and funds linked to payments made to dark web marketplaces offering illegal services like drugs, weapons, and stolen data. But while you'd expect that the money laundering resulting from such a broad spectrum of illegal activity to have taken place across a large number of services, Chainalysis reports that just a small group of 270 blockchain addresses have laundered around 55% of cryptocurrency associated with criminal activity.

Read more of this story at Slashdot.

After Researchers Raise Spying Concerns, Clubhouse Promises Blocks on Transmitting to Chinese Servers

Slashdot - Your Rights Online - Pn, 2021-02-15 13:34
"The developers of audio chat room app Clubhouse plan to add additional encryption to prevent it from transmitting pings to servers in China," reports The Verge, "after Stanford researchers said they found vulnerabilities in its infrastructure." In a new report, the Stanford Internet Observatory (SIO) said it confirmed that Shanghai-based company Agora Inc., which makes real-time engagement software, "supplies back-end infrastructure to the Clubhouse App." The SIO further discovered that users' unique Clubhouse ID numbers — not usernames — and chatroom IDs are transmitted in plaintext, which would likely give Agora access to raw Clubhouse audio. So anyone observing internet traffic could match the IDs on shared chatrooms to see who's talking to each other, the SIO tweeted, noting "For mainland Chinese users, this is troubling." The SIO researchers said they found metadata from a Clubhouse room "being relayed to servers we believe to be hosted in" the People's Republic of China, and found that audio was being sent to "to servers managed by Chinese entities and distributed around the world." Since Agora is a Chinese company, it would be legally required to assist the Chinese government locate and store audio messages if authorities there said the messages posed a national security threat, the researchers surmised... The company told SIO that it was going to roll out changes "to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers" and said it would hire an external security firm to review and validate the updates.

Read more of this story at Slashdot.

How the NSA-led US Cyber Command Wishes You a Happy Valentine's Day

Slashdot - Your Rights Online - Pn, 2021-02-15 01:58
Slashdot reader DevNull127 writes: The U.S. Cyber Command, headed by the National Security Agency's director, has been a part of America's Department of Defense since 2009. Today this unified combatant command wished its followers on Twitter a happy Valentine's Day, adding "As our gift to you, we present 12 crypto challenges designed by the information security community. "Love is in the air, find it if you can. #BeOurValentine #cryptochallenge #VDayGifts." They shared a link to the official U.S. Cyber Command Valentine's Day 2021 Cryptography Challenge Puzzles. There are 12 tricky puzzles in all — 3 .jpgs, 6 .pngs, 2 .mp3s and a .bmp file — and I couldn't solve a single one of 'em. Each one has a hint — though that hint is just the number of words in the answer, as well as its number of characters.

Read more of this story at Slashdot.

Why Some Amazon Delivery Drivers Hate Its Safety Monitoring App

Slashdot - Your Rights Online - Pn, 2021-02-15 00:52
Amazon is using AI cameras to monitor drivers of its delivery vans for safety issues — but also a second driver safety app on their phones. Though it's named Mentor, Mashable reports that "it doesn't seem to be helping..." CNBC talked to drivers who said the app mostly invades their privacy or miscalculates dangerous driving behavior. One driver said even though he didn't answer a ringing phone, the app docked points for using a phone while driving. Another worker was flagged for distracted driving at every delivery stop she made. The incorrect tracking has real consequences, ranging from restricted payouts and bonuses to job loss. The app gives a safety score which is used to rank drivers and compare them to colleagues. The App Store description calls this "a little friendly competition!" CNBC reports that one driver even created a YouTube video showing how Amazon's delivery van drivers could appease the app: by wrapping their cellphone in a sweater and then shoving it in their glovebox. Otherwise, "If your device moves at all, it's going to count against you."

Read more of this story at Slashdot.