Former Uber Exec Joe Sullivan Found Guilty of Concealing 2016 Data Breach

Slashdot - Your Rights Online - Śr, 2022-10-05 23:28
According to the New York Times, former chief security officer of Uber, Joe Sullivan, has been found guilty of hiding a 2016 data breach from authorities and obstructing an investigation by the FTC into the company's security practices. The breach affected more than 57 million Uber riders and drivers. From the report: Mr. Sullivan was deposed by the F.T.C. as it investigated a 2014 breach of Uber's online systems. Ten days after the deposition, he received an email from a hacker who claimed to have found another security vulnerability in its systems. Mr. Sullivan learned that the hacker and an accomplice had downloaded the personal data of about 600,000 Uber drivers and additional personal information associated with 57 million riders and drivers, according to court testimony and documents. The hackers pressured Uber to pay them at least $100,000. Mr. Sullivan's team referred them to Uber's bug bounty program, a way of paying "white hat" researchers to report security vulnerabilities. The program capped payouts at $10,000, according to court testimony and documents. Mr. Sullivan and his team paid the hackers $100,000 and had them sign a nondisclosure agreement. During his testimony, one of the hackers, Vasile Mereacre, said he was trying to extort money from Uber. Uber did not publicly disclose the incident or inform the F.T.C. until a new chief executive, Dara Khosrowshahi, joined in the company in 2017. The two hackers pleaded guilty to the hack in October 2019. States typically require companies to disclose breaches if hackers download personal data and a certain number of users are affected. There is no federal law requiring companies or executives to reveal breaches to regulators. Federal prosecutors argued that Mr. Sullivan knew that revealing the new hack would extend the F.T.C. investigation and hurt his reputation and that he concealed the hack from the F.T.C. Mr. Sullivan did not reveal the 2016 hack to Uber's general counsel, according to court testimonies and documents. He did discuss the breach with another Uber lawyer, Craig Clark. Mr. Sullivan did not reveal the 2016 hack to Uber's general counsel, according to court testimonies and documents. He did discuss the breach with another Uber lawyer, Craig Clark. Like Mr. Sullivan, Mr. Clark was fired by Mr. Khosrowshahi after the new Uber chief executive learned about the details of the breach. Mr. Clark was given immunity by federal prosecutors in exchange for testifying against Mr. Sullivan. Mr. Clark testified that Mr. Sullivan told the Uber security team that they needed to keep the breach secret and that Mr. Sullivan changed the nondisclosure agreement signed by the hackers to make it falsely seem that the hack was white-hat research. Mr. Sullivan said he would discuss the breach with Uber's "A Team" of top executives, according to Mr. Clark's testimony. He shared the matter with only one member of the A Team: then chief executive Travis Kalanick. Mr. Kalanick approved the $100,000 payment to the hackers, according to court documents. The case is "believed to be the first time a company executive faced criminal prosecution over a hack," notes the report. "The way responsibilities are divided up is going to be impacted by this. What's documented is going to be impacted by this The way bug bounty programs are designed is going to be impacted by this," said Chinmayi Sharma, a scholar in residence at the Robert Strauss Center for International Security and Law and a lecturer at the University of Texas at Austin School of Law.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Fraud, Scam Cases Increasing on P2P Payment Service Zelle, Senate Report Finds

Slashdot - Your Rights Online - Śr, 2022-10-05 16:40
Incidents of fraud and scams are occurring more often on the popular peer-to-peer payment service Zelle, according to a report issued Monday by the office of Sen. Elizabeth Warren, giving the public its first glimpse into the growing problems at Zelle. From a report: The report also found that the large banks that partly own Zelle have been reluctant to compensate customers who have been victims of fraud or scams. For instance, less than half of the money customers reported being sent via Zelle without authorization was being reimbursed. Warren, D-Massachusetts, a long-time critic of the big banks, requested data on fraud and scams on Zelle from seven banks starting in April. The report cites data from four banks that tallied 192,878 cases worth collectively $213.8 million in 2021 and the first half of 2022 where a customer claimed they had been fraudulently tricked into making a payment. In only roughly 3,500 cases did those banks reimburse the customer, the report found. Further, in the cases where it's clear funds had been taken out of customers' accounts without authorization, only 47% of those dollars were ever reimbursed. Since being launched in June 2017, Zelle has become a popular way for bank customers to send money to friends and family. Almost $500 billion in funds were sent via Zelle in 2021, according to Early Warning Services, the company that operates Zelle. Zelle is the banking industry's answer to the growing popularity of peer-to-peer payment services like PayPal, Venmo and the Cash App. The service allows a bank customer to instantaneously send money to a person via their email or phone number, and it will go from one bank account to another. More than 1,700 banks and credit unions offer the service. But the service has also grown more popular with scammers and criminals. Once money is sent via Zelle, it requires a bank's intervention to attempt to get that money back.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Google To Pay $85 Million To End Arizona Consumer-Privacy Suit

Slashdot - Your Rights Online - Śr, 2022-10-05 15:00
An anonymous reader quotes a report from Bloomberg: Alphabet's Google will pay $85 million to resolve a consumer privacy suit by Arizona claiming the technology giant surreptitiously collects data on users' whereabouts for targeted advertising. The settlement comes as Google is facing similar complaints by a group of state attorneys general, including Texas, Indiana and Washington D.C., in their respective state courts, over user location data. Arizona accused Google in a May 2020 complaint of violating the state's Consumer Fraud Act by gathering location data even after users opt out of a feature that records location history through other settings such as "Web amp; App Activity." Google, in its defense, had argued that the state consumer protection law requires that alleged fraud is connected to a sale or advertisement. In January, an Arizona state judge denied Google's request to dismiss the case. The settlement represents the largest amount per individual user Google has paid in "a privacy and consumer-fraud lawsuit of this kind," Attorney General Mark Brnovich's office said in a statement on Tuesday. "I am proud of this historic settlement that proves no entity, not even big tech companies, is above the law." Meanwhile, a Google spokesperson said Arizona's suit was based on old product policies that the company changed years ago. "We provide straightforward controls and auto delete options for location data, and are always working to minimize the data we collect," they said. "We are pleased to have this matter resolved and will continue to focus our attention on providing useful products for our users."pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Rightsholders Asked Google To Remove Six Billion 'Pirate' Links

Slashdot - Your Rights Online - Śr, 2022-10-05 05:30
An anonymous reader quotes a report from TorrentFreak: Over the past decade, rightsholders have asked [Google] to remove six billion links to alleged copyright-infringing content. The majority of these requests were indeed removed or put on a preemptive blacklist. The six billion links were reported by 326,575 copyright holders who identified 4,041,845 separate domain names. These domains also include many false positives, including websites of The White House, the FBI, Disney, Netflix, the New York Times, and even TorrentFreak. Overall, we can say that a relatively small number of rightsholders are responsible for a disproportionate number of takedown requests. The ten most active senders reported nearly 2.5 billion URLs, more than 40% of the total. Similarly, as we previously highlighted, most of the removed URLs belong to a small group of websites. Just 400 domains are responsible for 41% of all links removed by Google over the years. Google continues to remove more than a million URLs per day but the trend started to change a few years ago. The frequency at which new links were reported started to decline. At the same time, Google started to cooperate more with rightsholders. For example, Google began to accept takedown notices for links that are not indexed by the search engine yet. These links, which are also counted in the six billion figure, are put on a preemptive blocklist. That prevents the links from being added to search results in the future. Google also actively demotes pirate sites in its search results when it receives an unusually high number of takedown requests for a domain. In addition, the search engine chose to voluntarily comply with third-party site-blocking orders by removing entire domain names from its index. These proactive anti-piracy measures have started to improve the relationship between Google and rightsholders. And it wouldn't be a surprise to see this trend continue going forward.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="'Pirate'"img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

'The Onion' Files a Supreme Court Brief

Slashdot - Your Rights Online - Śr, 2022-10-05 00:00
An anonymous reader quotes a report from the New York Times: A man who was arrested over a Facebook parody aimed at his local police department is trying to take his case to the Supreme Court. He has sought help from an unlikely source, which filed a friend-of-the-court brief on Monday. "Americans can be put in jail for poking fun at the government?" the brief asked. "This was a surprise to America's Finest News Source and an uncomfortable learning experience for its editorial team." The source is, of course, The Onion. Or, as the satirical website described itselfin the brief (PDF),"the single most powerful and influential organization in human history." The Parma, Ohio, area man in question, Anthony Novak, spent four days in jail over a Facebook page he created in 2016 that mocked his local police department. He was charged with using a computer to disrupt police functions, but a jury found him not guilty. Mr. Novak says his civil rights were violated, and he is trying to sue the city for damages. A federal judge dismissed the lawsuit earlier this year, saying that the police had qualified immunity, and an appeals court upheld that decision. Now the high court is reviewing his request to take up the matter. One of Mr. Novak's lawyers, Patrick Jaicomo, said in an interview Monday that last month he contacted Jordan LaFlure, the managing editor of The Onion, which is based in Chicago, to make him aware of the case and see if he would be interested in helping raise attention. "They heard the story, and they were like, 'Oh my god, this is something that could really put all of our people in the crosshairs if we rub someone the wrong way with one of our stories,'" Mr. Jaicomo said. [...] On Tuesday, a lawyer representing Parma, Richard Rezie, said that the courts had dismissed Mr. Novak's lawsuit as groundless and agreed that his rights had not been violated. The judges "did not base their opinions on parody, freedom of speech, or the need for a disclaimer," Mr. Rezie said, adding that Mr. Novak "went beyond mimicry" when he reproduced a police warning about his fake page, but claimed that the Parma site was the fake and his was the "official" page. "Falsely copying an official warning along with a claim to be the authentic Facebook page is not parody," Mr. Rezie said, adding that Mr. Novak also deleted comments from readers who realized his page was fake. In Mr. Jaicomo's view, The Onion's brief used parody itself to make the point that parody is important and protected speech. "The Onion cannot stand idly by in the face of a ruling that threatens to disembowel a form of rhetoric that has existed for millennia, that is particularly potent in the realm of political debate, and that, purely incidentally, forms the basis of The Onion's writers' paychecks," the brief said. It pointed to The Onion's history of blatantly ridiculous headlines: "Fall Canceled After 3 Billion Seasons." "Children, Creepy Middle-Aged Weirdos Swept Up in Harry Potter Craze." "Kitten Thinks of Nothing but Murder All Day." A footnote reads "See Mar-a-Lago Assistant Manager Wondering if Anyone Coming to Collect Nuclear Briefcase from Lost and Found, The Onion, Mar. 27, 2017." The brief also said that the case posed a threat to The Onion's business model. "This was only the latest occasion on which the absurdity of actual events managed to eclipse what The Onion's staff could make up," it said. "Much more of this, and the front page of The Onion would be indistinguishable from The New York Times."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="'The+Onion'"img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

VLC-Developer VideoLAN Sends Legal Notice To Indian Ministries Over Ban

Slashdot - Your Rights Online - Wt, 2022-10-04 18:00
VideoLAN, the developer and operator of popular media player VLC, has filed a legal notice to India's IT and Telecom ministries, alleging that the Indian bodies failed to notify the software developer prior to blocking the website and did not afford it a chance for an explanation. From a report: Indian telecom operators have been blocking VideoLAN's website, where it lists links to downloading VLC, since February of this year, VideoLan president and lead developer Jean-Baptiste Kempf told TechCrunch in an earlier interview. India is one of the largest markets for VLC. "Most major ISPs [internet service providers] are banning the site, with diverse techniques," he said of the blocking in India. The telecom operators began blocking the VideoLan website on February 13 of this year, when the site saw a drop of 80% in traffic from the South Asian market, he said. Now, VideoLAN, in assistance with local advocacy group Internet Freedom Foundation, is using legal means to get answers and redressal. It has sought a copy of the blocking order for banning VideoLAN website in India and an opportunity to defend the case through a virtual hearing. In the notice, VideoLAN argues that the way Indian ministries have enforced the ban on the website, they violate their own local laws.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Apple Loses Second Bid To Challenge Qualcomm Patents At US Supreme Court

Slashdot - Your Rights Online - Wt, 2022-10-04 04:02
The U.S. Supreme Court on Monday again declined to hear Apple's bid to revive an effort to cancel three Qualcomm smartphone patents despite the settlement of the underlying dispute between the two tech giants. Reuters reports: The justices left in place a lower court's decision against Apple after similarly turning away in June the company's appeal of a lower court ruling in a closely related case challenging two other Qualcomm patents. Qualcomm sued Apple in San Diego federal court in 2017, arguing that its iPhones, iPads and Apple Watches infringed a variety of mobile-technology patents. That case was part of a broader global dispute between the tech giants. Apple challenged the validity of the patents at issue in this case at the U.S. Patent and Trademark Office's Patent Trial and Appeal Board. The companies settled their underlying fight in 2019, signing an agreement worth billions of dollars that let Apple continue using Qualcomm chips in iPhones. The settlement included an Apple license to thousands of Qualcomm patents, but allowed the patent-board proceedings to continue. The board upheld the patents in 2020, and Apple appealed to the patent-specialist U.S. Court of Appeals for the Federal Circuit. Cupertino, California-based Apple argued it had proper legal standing to appeal because San Diego-based Qualcomm could sue again after the license expires, potentially as soon as 2025. A Federal Circuit three-judge panel, in a 2-1 ruling, dismissed the case last year for a lack of standing, finding that Apple's risk of being sued again was speculative and the challenge would not affect its payment obligations under the settlement. Qualcomm has again argued that Apple has not shown a concrete injury to justify the appeal, just like in the "materially identical" case that the high court rejected.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Bruce Willis Denies Selling Rights To His Face

Slashdot - Your Rights Online - Wt, 2022-10-04 02:45
Last week, a number of outlets reported that Bruce Willis sold his face to a deepfake company called Deepcake, allowing a "digital twin" of himself to be created for use on screen. The only problem is that it's apparently not true. According to the BBC, the actor's agent said that he had "no partnership or agreement" with the company and a representative of Deepcake said only Willis had the rights to his face From the report: On 27 September, the Daily Mail reported that a deal had been struck between Willis and Deepcake. "Two-time Emmy winner Bruce Willis can still appear in movies after selling his image rights to Deepcake," the story reads. The story was picked up by the Telegraph and a series of other media outlets. "Bruce Willis has become the first Hollywood star to sell his rights to allow a 'digital twin' of himself to be created for use on screen." said the Telegraph. But that doesn't appear to be the case. What is true is that a deepfake of Bruce Willis was used to create an advert for Megafon, a Russian telecoms company, last year. The tech used in the advert was created by Deepcake, which describes itself as an AI company specializing in deepfakes. Deepcake told the BBC it had worked closely with Willis' team on the advert. "What he definitely did is that he gave us his consent (and a lot of materials) to make his Digital Twin," they said. The company says it has a unique library of high-resolution celebrities, influencers and historical figures. On its website, Deepcake promotes its work with an apparent quote from Mr Willis: "I liked the precision of my character. It's a great opportunity for me to go back in time. "The neural network was trained on content of Die Hard and Fifth Element, so my character is similar to the images of that time." A representative from Deepcake said in a statement: "The wording about rights is wrong... Bruce couldn't sell anyone any rights, they are his by default."pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

FCC Threatens To Block Calls From Carriers For Letting Robocalls Run Rampant

Slashdot - Your Rights Online - Wt, 2022-10-04 01:20
The Federal Communications Commission is threatening to block calls from voice service providers that have yet to take meaningful action against illegal robocalls. The Verge reports: On Monday, the FCC announced that it was beginning the process to remove providers from the agency's Robocall Mitigation Database for failing to fully implement STIR/SHAKEN anti-robocall protocols into their networks. If the companies fail to meet these requirements over the next two weeks, compliant providers will be forced to block their calls. "This is a new era. If a provider doesn't meet its obligations under the law, it now faces expulsion from America's phone networks. Fines alone aren't enough," FCC Chairwoman Jessica Rosenworcel said in a statement on Monday. "Providers that don't follow our rules and make it easy to scam consumers will now face swift consequences." The FCC's orders target seven carriers, including Akabis, Cloud4, Global UC, Horizon Technology Group, Morse Communications, Sharon Telephone Company, and SW Arkansas Telecommunications and Technology. "These providers have fallen woefully short and have now put at risk their continued participation in the U.S. communications system," Loyaan A. Egal, FCC acting chief of the enforcement standards, said in a Monday statement. "While we'll review their responses, we will not accept superficial gestures given the gravity of what is at stake."pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

High Court Will Hear Social Media Terrorism Lawsuits

Slashdot - Your Rights Online - Pn, 2022-10-03 17:20
The Supreme Court said Monday it will hear two cases seeking to hold social media companies financially responsible for terrorist attacks. From a report: Relatives of people killed in terrorist attacks in France and Turkey had sued Google, Twitter, and Facebook. They accused the companies of helping terrorists spread their message and radicalize new recruits. The court will hear the cases this term, which began Monday, with a decision expected before the court recesses for the summer, usually in late June. The court did not say when it would hear arguments, but the court has already filled its argument calendar for October and November. One of the cases the justices will hear involves Nohemi Gonzalez, a 23-year-old U.S. citizen studying in Paris. The Cal State Long Beach student was one of 130 people killed in Islamic State group attacks in November 2015. The attackers struck cafes, outside the French national stadium and inside the Bataclan theater. Gonzalez died in an attack at La Belle Equipe bistro. Gonzalez's relatives sued Google, which owns YouTube, saying the platform had helped the Islamic State group by allowing it to post hundreds of videos that helped incite violence and recruit potential supporters. Gonzalez's relatives said that the company's computer algorithms recommended those videos to viewers most likely to be interested in them.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Meta Ordered To Pay $175 Million For Copying Green Beret Veteran's App

Slashdot - Your Rights Online - N, 2022-10-02 18:16
Meta, the parent company of Facebook and Instagram, was found by a federal jury in Austin, Texas, to have infringed on two patents held by Voxer, a walkie talkie messaging app founded by a former Army Green Beret. The social media giant was ordered to pay nearly $175 million in damages. Military Times reports: Voxer launched the app in 2011, which was named Best Overall App in the First Annual Silicon Valley Business App Awards in 2013. In 2012, Facebook approached Voxer about a potential collaboration that led to Voxer sharing its patents and proprietary information with the company. "When early meetings did not result in an agreement, Facebook identified Voxer as a competitor although Facebook had no live video or voice product at the time," court filings read. "Facebook revoked Voxer's access to key components of the Facebook platform and launched Facebook Live in 2015 followed by Instagram Live in 2016. Both products incorporate Voxer's technologies and infringe its patents." The Texas jury found that Facebook Live and Instagram Live incorporated two pieces of Voxer's technologies that involve streaming media over networks. Meta countered in court filings that "Facebook has prioritized live video messaging since the launch of Facebook Live and Instagram Live, with one report identifying Facebook Live as Facebook's 'top priority.'" In a statement to TechCrunch, Meta said the social media company will continue to press the issue through the courts. "We believe the evidence at trial demonstrated that Meta did not infringe Voxer's patents," Meta's spokesperson said in the statement. "We intend to seek further relief, including filing an appeal."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="'"img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Pentagon Is Far Too Tight With Its Security Bug Bounties

Slashdot - Your Rights Online - N, 2022-10-02 17:15
Discovering and reporting critical security flaws that could allow foreign spies to steal sensitive US government data or launch cyberattacks via the Department of Defense's IT systems doesn't carry a high reward. The Register reports: The Pentagon, in its most recent week-long Hack US program conducted with HackerOne, paid out $75,000 in bug bounties and another $35,000 in bonuses and awards to ethical hackers who disclosed critical- and high-severity vulnerabilities in Uncle Sam's networks. [...] According to bug bounty platform HackerOne and the DoD, the Hack US initiative received 648 submissions from 267 security researchers who uncovered 349 security holes. Information disclosure flaws were the most commonly reported vulnerabilities, followed by improper access controls and SQL injection. The Pentagon didn't say how many bug hunters received rewards, or how much they each earned. However, in announcing the contest earlier this year, it pledged to pay $500 or more for high-severity flaws, $1,000 for critical holes, and as much as $5,000 for specific achievements, such as $3,000 for the best finding for * Meanwhile, Microsoft paid $13.7 million in bug rewards spread out over 335 researchers last year, with a $200,000 Hyper-V Bounty payout as its biggest prize. And Google awarded $8.7 million during 2021. [...] It's also worth noting that the DoD's pilot vulnerability disclosure program, which ended in April, didn't pay any monetary rewards. So at least Hack US, with its paid (albeit measly) bug bounties, is a step up from that. "The most successful bug bounty programs strike an even balance between monetary and social benefits," Google's Eduardo Vela, who leads the Product Security Response Team, told The Register. "For bug hunters, there must be a monetary incentive to get them to participate -- but, there's also value in creating a space where folks can get together, connect with one another, and hack as a team. Bringing together the top bug hunters requires both -- one without the other is not enough."pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

In a First, US Appoints a Diplomat For Plants and Animals

Slashdot - Your Rights Online - N, 2022-10-02 12:10
For the first time, the United States is designating a special diplomat to advocate for global biodiversity amid what policymakers here and overseas increasingly recognize as an extinction crisis. The Washington Post reports: Monica Medina is taking on a new role as special envoy for biodiversity and water resources, the State Department announced Wednesday. She currently serves as the department's assistant secretary for oceans and international environmental and scientific affairs. The appointment underscores the Biden administration's desire to protect land and waters not just at home but to also conserve habitats abroad. "There's a direct connection between biodiversity loss and instability in a lot of parts of the world," Medina said in a recent phone interview. "It's not just about nature for nature's sake. I think it is about people." Before the Biden administration, Medina was an adjunct professor at Georgetown's Walsh School of Foreign Service and worked as general counsel of the National Oceanic and Atmospheric Administration, among other government roles. She is the wife of White House Chief of Staff Ron Klain. Her appointment comes weeks ahead of a major biodiversity conference in mid-December in Montreal. The aim of the U.N. Convention on Biological Diversity -- also known as COP-15 -- is for nations to reverse the loss of species by adopting an international framework for conserving biodiversity. The effort is akin to the climate talks in 2015 that yielded the Paris agreement. What the United States wants out of the conference: For nations to commit to conserving 30 percent of their land and water area. "We are looking for ways to reach that goal, because that's what scientists tell us we need in order to have a healthy planet," Medina said. One big hurdle: Defining what, exactly, counts as land and water conserved? "That is part of the discussion, is what counts," she said. Is the United States doing its part? President Biden set a goal of conserving nearly a third of the nation's land and waters by 2030. Protecting ecosystems such as forests and peatlands will help keep climate-warming carbon out of the atmosphere in the first place, noted Medina. "It's a crisis that we face that's interwoven with the climate crisis, but also independent and important on its own," she said. "If we can solve the biodiversity crisis, we're a long way along the way to solving the climate crisis."pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

TikTok Tracks You Across the Web, Even If You Don't Use the App

Slashdot - Your Rights Online - N, 2022-10-02 05:33
An anonymous reader quotes a report from Consumer Reports: A Consumer Reports investigation finds that TikTok, one of the country's most popular apps, is partnering with a growing number of other companies to hoover up data about people as they travel across the internet. That includes people who don't have TikTok accounts. These companies embed tiny TikTok trackers called "pixels" in their websites. Then TikTok uses the information gathered by all those pixels to help the companies target ads at potential customers, and to measure how well their ads work. To look into TikTok's use of online tracking, CR asked the security firm Disconnect to scan about 20,000 websites for the company's pixels. In our list, we included the 1,000 most popular websites overall, as well as some of the biggest sites with domains ending in ".org," ".edu," and ".gov." We wanted to look at those sites because they often deal with sensitive subjects. We found hundreds of organizations sharing data with TikTok. If you go to the United Methodist Church's main website, TikTok hears about it. Interested in joining Weight Watchers? TikTok finds that out, too. The Arizona Department of Economic Security tells TikTok when you view pages concerned with domestic violence or food assistance. Even Planned Parenthood uses the trackers, automatically notifying TikTok about every person who goes to its website, though it doesn't share information from the pages where you can book an appointment. (None of those groups responded to requests for comment.) The number of TikTok trackers we saw was just a fraction of those we observed from Google and Meta. However, TikTok's advertising business is exploding, and experts say the data collection will probably grow along with it. After Disconnect researchers conducted a broad search for TikTok trackers, we asked them to take a close look at what kind of information was being shared by 15 specific websites. We focused on sites where we thought people would have a particular expectation of privacy, such as advocacy organizations and hospitals, along with retailers and other kinds of companies. Disconnect found that data being transmitted to TikTok can include your IP address, a unique ID number, what page you're on, and what you're clicking, typing, or searching for, depending on how the website has been set up. What does TikTok do with all that information? "Like other platforms, the data we receive from advertisers is used to improve the effectiveness of our advertising services," says Melanie Bosselait, a TikTok spokesperson. The data "is not used to group individuals into particular interest categories for other advertisers to target." If TikTok receives data about someone who doesn't have a TikTok account, the company only uses that data for aggregated reports that they send to advertisers about their websites, she says. There's no independent way for consumers or privacy researchers to verify such statements. But TikTok's terms of service say its advertising customers aren't allowed to send the company certain kinds of sensitive information, such as data about children, health conditions, or finances. "We continuously work with our partners to avoid inadvertent transmission of such data," TikTok's Bosselait says. What can you do to protect your personal information? Consumer Reports recommends using privacy-protecting browser extensions like Disconnect, changing your browser's privacy settings to block trackers, and trying a more private browser like Firefox and Brave.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="'"img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Covert CIA Websites Could Have Been Found By an 'Amateur,' Research Finds

Slashdot - Your Rights Online - N, 2022-10-02 00:22
An anonymous reader quotes a report from the Guardian: The CIA used hundreds of websites for covert communications that were severely flawed and could have been identified by even an "amateur sleuth," according to security researchers. The flaws reportedly led to the death of more than two dozen US sources in China in 2011 and 2012 and also reportedly led Iran to execute or imprison other CIA assets. The new research was conducted by security experts at the Citizen Lab at the University of Toronto, which started investigating the matter after it received a tip from reporter Joel Schectmann at Reuters. The group said it was not publishing a full detailed technical report of its findings to avoid putting CIA assets or employees at risk. But its limited findings raise serious doubts about the intelligence agency's handling of safety measures. Using just a single website and publicly available material, Citizen Lab said it identified a network of 885 websites that it attributed "with high confidence" as having been used by the CIA. It found that the websites purported to be concerned with news, weather, healthcare and other legitimate websites. "Knowing only one website, it is likely that while the websites were online, a motivated amateur sleuth could have mapped out the CIA network and attributed it to the US government," Citizen Lab said in a statement. The websites were active between 2004 and 2013 and were probably not used by the CIA recently, but Citizen Lab said a subset of the websites were sill linked to active intelligence employees or assets, including a foreign contractor and a current state department employee. Citizen Lab added: "The reckless construction of this infrastructure by the CIA reportedly led directly to the identification and execution of assets, and undoubtedly risked the lives of countless other individuals. Our hope is that this research and our limited disclosure process will lead to accountability for this reckless behavior." CIA spokesperson Tammy Kupperman Thorp said: "CIA takes its obligations to protect the people who work with us extremely seriously and we know that many of them do so bravely, at great personal risk. The notion that CIA would not work as hard as possible to safeguard them is false."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="'Amateur%2C'"img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Danish Pirate Site Blocking Updated, Telecoms Group Publishes All Domains

Slashdot - Your Rights Online - So, 2022-10-01 20:18
Rights Alliance and ISPs have agreed to update their code of conduct to block pirate sites more quickly in Denmark. When one ISP receives an instruction to block a domain, a new process will see other ISPs follow in less than seven days. Meanwhile, Denmark's Telecommunications Industry Association is publishing files that reveal precisely which domains are being blocked. TorrentFreak reports: Both Rights Alliance and Teleindustrien (Telecommunications Industry Association in Denmark) have published copies of the new Code of Conduct but neither explain how the new system will work. Indeed, the CoC contains a paragraph that explains that a section detailing the individual steps, procedures and criteria, has been withheld "in order to achieve the purpose of the agreement." Given that Denmark's blocking program is DNS-based, it's trivial for ISPs to modify local DNS entries to redirect pirate site visitors to Share With Care (SWC), a portal designed to encourage pirates back on to the legal path of authorized content services. Somewhat intrigued by the apparent need for secrecy, we took a closer look at Teleindustrien and to our surprise, found the complete opposite. It appears that when ISPs are ordered to block domains for any reason, Teleindustrien goes public with three things: the laws under which the blocking was ordered, who ordered the blocking, and which domains were blocked in response. For example, the telecoms industry group details recent blocks associated with the Ukraine conflict (including and and publishes the domains to an easily downloadable .csv file -- perfect for ISPs looking to implement DNS blocking. Another .csv file is published for gambling site domains deemed illegal in Denmark, 183 according to the latest batch. The data relating to Denmark's pirate site blocking program reveals how quickly it has expanded over the years. In 2017, Danish ISPs were blocking around 100 pirate sites, a figure that jumped to 478 in 2020. The latest .csv file containing the list of blocked piracy domains is dated September 27, 2022. It contains 892 URLs -- some of them domains in their own right and others representing sub-domains on various sites dedicated to unblocking. It's unclear how the new streamlining provisions in the revised Code of Conduct can beat pulling a plain text file from a website but Teleindustrian also provides the data in PDF format (PDF) for the Adobe fans out there.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

House Democrats Debut New Bill To Limit US Police Use of Facial Recognition

Slashdot - Your Rights Online - So, 2022-10-01 02:02
An anonymous reader quotes a report from TechCrunch: Dubbed the Facial Recognition Act, the bill would compel law enforcement to obtain a judge-authorized warrant before using facial recognition. By adding the warrant requirement, law enforcement would first have to show a court it has probable cause that a person has committed a serious crime, rather than allowing largely unrestricted use of facial recognition under the existing legal regime. The bill also puts other limits on what law enforcement can use facial recognition for, such as immigration enforcement or peaceful protests, or using a facial recognition match as the sole basis for establishing probable cause for someone's arrest. If passed, the bill would also require law enforcement to annually test and audit their facial recognition systems, and provide detailed reports of how facial recognition systems are used in prosecutions. It would also require police departments and agencies to purge databases of photos of children who were subsequently released without charge, whose charges were dismissed or were acquitted. [...] The bill has so far received glowing support from privacy advocates, rights groups and law enforcement-adjacent groups and organizations alike. Woodrow Hartzog, a law professor at Boston University, praised the bill for strengthening baseline rules and protections across the U.S. "without preempting more stringent limitations elsewhere."pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

MGM Paid Problem Gambler To Not Report Online Glitches

Slashdot - Your Rights Online - Pt, 2022-09-30 02:02
An anonymous reader quotes a report from the Associated Press: A New York City man is suing an Atlantic City casino, its parent company and its online betting partner, alleging he was repeatedly disconnected while gambling online, and was given payments to prevent him from reporting the malfunctions to New Jersey gambling regulators during a nine-month span in which he wagered over $29 million. Sam Antar says he is a compulsive gambler -- a fact he says was well-known to defendants in the case including the Borgata casino, MGM Resorts International, and its online partner Entain. In a lawsuit filed Wednesday in state Superior Court in Middlesex County, Antar accuses the defendants of fraud, racketeering and other transgressions. His lawsuit asserts that he experienced thousands of disconnections from the online platforms, often when he had a winning hand that was then wiped out. His lawyer, Christopher Gramiccioni, said Antar experienced a disconnection rate approaching 50% during the nine months covered by the lawsuit. He added Antar, 46, had lost "easily hundreds of thousands of dollars" during that time. "It's one thing if you have technical issues intermittently," said Gramiccioni, a former Monmouth County prosecutor. "It is quite another when you have them 50% of the time. The casino did not take corrective action as required. They kept doubling down and giving him $30,000 a month, feeding him extra money to try to avoid scrutiny by the regulatory agencies." In his lawsuit, Antar claims he alerted numerous employees and officials with the gambling companies to the fact that there was a serious, recurring problem with disconnections, but that they knowingly kept malfunctioning games available to the public because they were too profitable to take down. He says his complaints were made to local supervisors and VIP hosts, an online complaint portal, and even to the president of the casino and the CEO of its parent company. He also claims the companies paid him near-daily bonuses totaling $30,000 a month to keep him playing and to entice him not to report problems with the games to the New Jersey Division of Gaming Enforcement. [...] Antar said employees acknowledged problems with the system were affecting other customers as well. In a July 17, 2019 text and email conversation, Antar quotes one as telling him "other players are not getting anywhere near what you are getting" in terms of compensation for being kicked offline while gambling. "In 2013, Sam Antar was sentenced to 21 months in federal prison for taking $225,000 in a fraudulent investment scheme" to feed his compulsive gambling habit, notes the report.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

NSA Employee Leaked Classified Cyber Intel, Charged With Espionage

Slashdot - Your Rights Online - Pt, 2022-09-30 01:20
A former National Security Agency employee was arrested on Wednesday for spying on the U.S. government on behalf of a foreign government. Nextgov reports: Jareh Sebastian Dalke, 30, was arrested in Denver, Colorado after allegedly committing three separate violations of the Espionage Act. Law enforcement allege that the violations were committed between August and September of 2022, after he worked as a information systems security designer at the agency earlier that summer. Dalke allegedly used an encrypted email account to leak sensitive and classified documents he obtained while working at the NSA to an individual who claimed to have worked for a foreign government. The individual who received the documents was later revealed to be an undercover FBI agent. Dalke was arrested in September upon arriving at the location where he and the undercover agent agreed to exchange documentation for $85,000 in compensation. "Dalke told that individual that he had taken highly sensitive information relating to foreign targeting of U.S. systems, and information on U.S. cyber operations, among other topics," the press release from the Department of Justice reads. "To prove he had access to sensitive information, Dalke transmitted excerpts of three classified documents to the undercover FBI agent. Each excerpt contained classification markings." "Should Dalke be found guilty, his sentence could include the dealth penalty or any term of years up to life imprisonment," notes the report.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

UN Elects First Female Tech Agency Secretary-General

Slashdot - Your Rights Online - Pt, 2022-09-30 00:00
An anonymous reader quotes a report from the BBC: Doreen Bogdan-Martin has become the first woman to be elected as secretary-general of the International Telecommunication Union (ITU). The ITU is the main technology agency within the UN. Originally founded in 1865 to manage the first international telegraph networks, the ITU now has an important role in facilitating the use of radio, satellite and the internet. Ms Bogdan-Martin beat her Russian rival Rashid Ismailov by 139 votes to 25. The American will succeed Houlin Zhao, who has been in the role since 2014, when her term begins on January 1, 2023. She will be taking the reins of the oldest UN agency, which is responsible for many facets of international communications. These include assigning satellite orbits globally, co-ordinating technical standards, and improving infrastructure in the developing world. There had been concerns ahead of the election because Ms Bogdan-Martin's opponent had previously called for international regulation of the internet. In her previous role as director of the ITU's Telecommunication Development bureau, Ms Bogdan-Martin's remit included job creation, digital skills development, diversity, and gender equality. Her candidacy for the top job was endorsed by US President Joe Biden, who said she had the "integrity, experience, and vision necessary to transform the digital landscape." "She understands the importance of connecting every school to the internet and making sure every student can access virtual learning, providing women and girls the digital tools they need to succeed, and extending the benefits of online health and educational resources," he said in a statement. "Whether it's today's children or our children's children, we need to provide them with a strong and stable foundation for growth," Ms Bogdan-Martin said following her win. "The world is facing significant challenges -- escalating conflicts, a climate crisis, food security, gender inequalities, and 2.7 billion people with no access to the internet."pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p