aggregator

Twitch Sues Troll Streamers Who Flooded Site With Violent Videos and Pornography

Slashdot - Your Rights Online - 15 godzin 51 min ago
An anonymous reader quotes Bloomberg: Twitch Interactive, the livestreaming platform owned by Amazon.com, has sued anonymous trolls who flooded the site last month with pornography, violent content and copyrighted movies and television shows... Twitch says it works to remove offensive posts and ban the accounts of the users who post them, but that the videos quickly reappear, apparently posted by bots, while other bots work to drive users to the impermissible content. Twitch temporarily suspended new creators from streaming after a May 25 attack by trolls. The company said that if it learns the identities of the anonymous streamers who have abused its terms of service -- named in the lawsuit as "John and Jane Does 1-100" -- it will ask the court to prohibit their using the platform and order them to pay restitution and damages.

Read more of this story at Slashdot.

A New Hidden Way of Web Browser Profiling, Identification and Tracking

Slashdot - Your Rights Online - 16 godzin 47 min ago
Researchers from Austria's Graz University of Technology "have devised an automated system for browser profiling using two new side channel attacks that can help expose information about software and hardware," reports The Register. The researchers recently presented a paper titled "JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits," which The Register says "calls into question the effectiveness of anonymized browsing and browser privacy extensions... " Long-time Slashdot reader Artem S. Tashkinov shared their report: One of the side-channel attacks developed for JavaScript Template Attacks involve measuring runtime differences between two code snippets to infer the underlying instruction set architecture through variations in JIT compiler behavior. The other involves measuring timing differences in the memory allocator to infer the allocated size of a memory region. The boffins' exploration of the JavaScript environment reveals not only the ability to fingerprint via browser version, installed privacy extension, privacy mode, operating system, device microarchitecture, and virtual machine, but also the properties of JavaScript objects. And their research shows there are far more of these than are covered in official documentation. This means browser fingerprints have the potential to be far more detailed -- have more data points -- than they are now. The Mozilla Developer Network documentation for Firefox, for example, covers 2,247 browser properties. The researchers were able to capture 15,709. Though not all of these are usable for fingerprinting and some represent duplicates, they say they found about 10,000 usable properties for all browsers.

Read more of this story at Slashdot.

Researcher Publishers 7 Million (Still Public) Venmo Transactions on GitHub

Slashdot - Your Rights Online - N, 2019-06-16 23:44
Remember the outrage last year when a researcher discovered that for Venmo's 40 million users, all transactions are "public" by default and broadcast on Venmo's API? More than a year later, computer science student Dan Salmon has demonstrated that it's still incredibly easy to download millions of transactions through Venmo's developer API without obtaining user permissions (without even using the Venmo app). He proved this by downloading 7 million of them," TechCrunch reports: Dan Salmon said he scraped the transactions during a cumulative six months to raise awareness and warn users to set their Venmo payments to private... Using that data, anyone can look at an entire user's public transaction history, who they shared money with, when, and in some cases for what reason -- including illicit goods and substances. "There's truly no reason to have this API open to unauthenticated requests," he told TechCrunch. "The API only exists to provide like a scrolling feed of public transactions for the home page of the app, but if that's your goal then you should require a token with each request to verify that the user is logged in." He published the scraped data on his GitHub page.

Read more of this story at Slashdot.

Michigan Town Approves Fiber Internet Despite Intense Lobbying

Slashdot - Your Rights Online - N, 2019-06-16 20:34
Long-time Slashdot reader Proudrooster writes: Fiber Internet is coming to Traverse City, Michigan in the hopes of attracting high tech startups and helping the city become a high-tech hub. Even in the face of intense lobbying by [commercial high-speed internet provider] Charter, The Mackinaw Center for Public Policy, and a barrage of pop up ads opposing it, the project is moving ahead into phase one. It was more than apparent that Charter did everything it could to try and sow fear, uncertainty, and doubt to try and kill this project as other incumbent providers have done across the USA. [Citation needed -- though Traverse City officials did report high-powered anonymous lobbying.] Kudos to the board of Traverse City Light and Power and the residents of Traverse City for being brave and making this investment in their community. Even though the decision is not finalized, the network may be an open network, allowing customers to purchase from a variety of providers. This project will undoubtedly be watched nationwide and possibly serve as a new model for other community fiber builds.

Read more of this story at Slashdot.

America Planted Malware In Russia's Power Grid, Says NYT

Slashdot - Your Rights Online - N, 2019-06-16 19:34
"The U.S. military's Cyber Command has gotten more aggressive than ever against Russia in the past year, placing 'potentially crippling malware' in systems that control the country's electrical grid," according to CNET, citing a report in the New York Times: Made possible by little-noticed legal authority granted last summer by Congress, Cyber Command's strategy shift from a defensive to offensive posture is meant in part as a warning shot, but it's also designed to enable paralysing cyberattacks in the event of a conflict, The New York Times said Saturday, quoting unnamed officials... [T]he recent moves appear to have taken place under a military authorization bill Congress passed in 2018 that gives the go-ahead for "clandestine military activity" in cyberspace to "deter, safeguard or defend against attacks or malicious cyberactivities against the United States...." The Times said Cyber Command is concerned Russia could trigger selective power outages in key states during the 2020 election and that it needs a way to discourage such attacks. But the agency and the U.S. have to consider their moves carefully in this international game of cyberchess. "The question now is whether placing the equivalent of land mines in a foreign power network is the right way to deter Russia," the Times report says. "While it parallels Cold War nuclear strategy, it also enshrines power grids as a legitimate target...." In related news, Bloomberg reported Friday that a Russia-linked hacking group that shut down an oil and gas facility in Saudi Arabia in 2017 has been probing utilities in the U.S. since late last year.

Read more of this story at Slashdot.

Massive Electrical Failure Cuts Power To Nearly All Of Argentina On Election Day -- and Uruguay

Slashdot - Your Rights Online - N, 2019-06-16 17:34
Iwastheone quotes the BBC: A massive electrical failure has left almost all of Argentina and Uruguay without power, according to a major Argentine electricity provider. Authorities say the cause of the blackout is still unclear. Argentine media said the power cut occurred shortly after 07:00 [03:00 PST, 11:00 BST], causing trains to be halted and failures with traffic signalling. It came as people in parts of Argentina were preparing to go to the polls for local elections. "A massive failure in the electrical interconnection system left all of Argentina and Uruguay without power," electricity supply company Edesur said in a tweet. Alejandra Martinez, a spokeswoman for the company, described the power cut as unprecedented. "This is the first time something like this has happened across the entire country." Argentina's energy secretary, Gustavo Lopetegui, said the cause of the power failure had not yet been determined. The Ministry of Civil Protection estimated that parts of the service could be restored in about seven or eight hours. Edesur said that power had been restored over 75,00 clients in parts of Buenos Aires and local media reported that two airports were operating on generators in the capital. Uruguay's energy company, UTE, said in a series of tweets that power had been restored to coastal areas and to areas north of Rio Negro. The combined population of Argentina and Uruguay is about 48 million people.... Tierra del Fuego in the far south is the only area that remains unaffected because it is not connected to the power grid. "Local media have been showing voters casting their ballots in the dark, with mobile phones being used as lanterns."

Read more of this story at Slashdot.

Do Google and Facebook Threaten Our 'Ambient Privacy'?

Slashdot - Your Rights Online - N, 2019-06-16 13:34
This week Pinboard founder Maciej Ceglowski (also a web developer and social critic) asked readers of his blog to consider an emerging threat to ambient privacy. He defines it as "the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the small details of our daily lives should pass by unremembered." Until recently, ambient privacy was a simple fact of life. Recording something for posterity required making special arrangements, and most of our shared experience of the past was filtered through the attenuating haze of human memory. Even police states like East Germany, where one in seven citizens was an informer, were not able to keep tabs on their entire population. Today computers have given us that power. Authoritarian states like China and Saudi Arabia are using this newfound capacity as a tool of social control. Here in the United States, we're using it to show ads. But the infrastructure of total surveillance is everywhere the same, and everywhere being deployed at scale.... Because our laws frame privacy as an individual right, we don't have a mechanism for deciding whether we want to live in a surveillance society. Congress has remained silent on the matter, with both parties content to watch Silicon Valley make up its own rules. The large tech companies point to our willing use of their services as proof that people don't really care about their privacy. But this is like arguing that inmates are happy to be in jail because they use the prison library. Confronted with the reality of a monitored world, people make the rational decision to make the best of it. That is not consent... Our discourse around privacy needs to expand to address foundational questions about the role of automation: To what extent is living in a surveillance-saturated world compatible with pluralism and democracy? What are the consequences of raising a generation of children whose every action feeds into a corporate database? What does it mean to be manipulated from an early age by machine learning algorithms that adaptively learn to shape our behavior? That is not the conversation Facebook or Google want us to have. Their totalizing vision is of a world with no ambient privacy and strong data protections, dominated by the few companies that can manage to hoard information at a planetary scale. They correctly see the new round of privacy laws as a weapon to deploy against smaller rivals, further consolidating their control over the algorithmic panopticon.

Read more of this story at Slashdot.

Security Cameras + AI = Dawn of Non-Stop Robot Surveillance

Slashdot - Your Rights Online - N, 2019-06-16 06:34
AmiMoJo shared this post from one of the ACLU's senior technology policy analysts about what happens when security cameras get AI upgrades: [I]magine that all that video were being watched -- that millions of security guards were monitoring them all 24/7. Imagine this army is made up of guards who don't need to be paid, who never get bored, who never sleep, who never miss a detail, and who have total recall for everything they've seen. Such an army of watchers could scrutinize every person they see for signs of "suspicious" behavior. With unlimited time and attention, they could also record details about all of the people they see -- their clothing, their expressions and emotions, their body language, the people they are with and how they relate to them, and their every activity and motion... The guards won't be human, of course -- they'll be AI agents. Today we're publishing a report on a $3.2 billion industry building a technology known as "video analytics," which is starting to augment surveillance cameras around the world and has the potential to turn them into just that kind of nightmarish army of unblinking watchers.... Many or most of these technologies will be somewhere between unreliable and utterly bogus. Based on experience, however, that often won't stop them from being deployed -- and from hurting innocent people... We are still in the early days of a revolution in computer vision, and we don't know how AI will progress, but we need to keep in mind that progress in artificial intelligence may end up being extremely rapid. We could, in the not-so-distant future, end up living under armies of computerized watchers with intelligence at or near human levels. These AI watchers, if unchecked, are likely to proliferate in American life until they number in the billions, representing an extension of corporate and bureaucratic power into the tendrils of our lives, watching over each of us and constantly shaping our behavior... Policymakers must contend with this technology's enormous power. They should prohibit its use for mass surveillance, narrow its deployments, and create rules to minimize abuse. They argue that the threat is just starting to emerge. "It is as if a great surveillance machine has been growing up around us, but largely dumb and inert -- and is now, in a meaningful sense, 'waking up.'"

Read more of this story at Slashdot.

News Industry Argues Google and Facebook 'Rob Journalism of Its Revenue', Seek Government Help

Slashdot - Your Rights Online - N, 2019-06-16 01:34
This week USA Today's former editor-in-chief argued that "Tech overlords Google and Facebook have used monopoly to rob journalism of its revenue," in an op-ed shared by schwit1: Over the past decade, the news business has endured a bloodbath, with tens of thousands of journalists losing their jobs amid mass layoffs. The irony is, more people than ever are consuming news... Why the disconnect? Look no further than a new study by the News Media Alliance, which found that in 2018, Google made $4.7 billion off of news content -- almost as much as every news organization in America combined made from digital ads last year. Yet Google paid a grand total of zero for the privilege. News industry revenue, meanwhile, has plunged... Google and Facebook command about 60% of all U.S. digital advertising revenue, and have siphoned off billions of dollars that once were the lifeblood of the news media. Let's be perfectly clear: Journalism's primary revenue source has been hijacked. It's time that news providers are compensated for the journalism they produce. That's why passage of the bipartisan Journalism Competition and Preservation Act is crucial... Toward that end, "News industry officials, including Atlanta Journal-Constitution Editor Kevin Riley, testified Tuesday on Capitol Hill in favor of legislation they say would help recover advertising revenue lost in recent years to tech behemoths such as Google and Facebook." The bipartisan bill would provide a four-year reprieve from federal antitrust laws, allowing print and digital publishers to collectively bargain with tech companies about how their content is used -- and what share of ad dollars they'll receive.... Federal antitrust laws bar news organizations from banding together to negotiate more favorable terms from social media and search sites. And individual outlets are deterred from acting alone, according to Chavern's group, because large tech companies could tank a news organization's traffic by demoting or excluding its stories from searches. The bill's proponents say it could help turn the tide for an industry that's been harmed over the past two decades by declining print subscriptions and ad revenue streams that have dried up and increasingly headed online. As tech sites' share of advertising revenue has grown -- Google's skyrocketed from $3.8 billion in 2005 to $52.4 billion in 2017 -- U.S. newspapers have watched their's nosedive from more than $49 billion to $16.5 billion during the same 12-year period, according to the Pew Research Center.

Read more of this story at Slashdot.

FBI Issues Search Warrant To 8chan For IP Address of Shooter, Commenters

Slashdot - Your Rights Online - So, 2019-06-15 18:34
An anonymous reader quotes the Daily Beast: The online forum where alleged Chabad of Poway shooter John Earnest shared a livestream of the shooting was served a search warrant in April for the IP and metadata information on Earnest's posts, as well as those who commented on them. The warrant served to 8chan said the people who responded to Earnest's comments could be "potential witnesses, co-conspirators and/or individuals who are inspired" by his posting about the shooting. Similarly, according to the FBI agent who penned the warrant, there was evidence that Earnest himself was "inspired and/or educated" by other individuals posting on the forum.

Read more of this story at Slashdot.

Caterpillar Takes Tiny 'Cat & Cloud' Coffee Shop To Court Over Trademark

Slashdot - Your Rights Online - So, 2019-06-15 17:34
"Caterpillar Inc. is trying to stop a tiny cafe from using the word cat," reports Fast Company. Long-time Slashdot reader UnknowingFool writes: Caterpillar wishes to cancels the coffee shop's trademark claiming that the trademark on shop's apparel and footwear is too similar to theirs and would cause confusion for consumers. For reference, the coffee shop's t-shirts and merchandise feature a cat and a cloud. This is not the first time Caterpillar has made dubious trademark claims on "Cat" or "Caterpillar". "Another small business faces a crazy legal challenge from a big company that should know better..." writes Inc. "There are literally hundreds of trademarks listed that include the word cat and that are intended for clothing. Without having a trademark or license, technically Cat & Cloud wouldn't be able to sell that merchandise without permission (whether from Caterpillar or one of the many other companies with cat-related trademarks for clothing)." The coffee shop responded by setting up a GoFundMe campaign (which is now "trending" and has so far raised $12,482) for their legal defense. They're arguing that Caterpillar's efforts "would effectively set the precedent for them to OWN the word 'cat', making it un-useable by any business in the US."

Read more of this story at Slashdot.

Cellebrite Says It Can Unlock Any iPhone For Cops

Slashdot - Your Rights Online - So, 2019-06-15 12:00
An anonymous reader quotes a report from Wired: On Friday afternoon, the Israeli forensics firm and law enforcement contractor Cellebrite publicly announced a new version of its product known as a Universal Forensic Extraction Device or UFED, one that it's calling UFED Premium. In marketing that update, it says that the tool can now unlock any iOS device cops can lay their hands on, including those running iOS 12.3, released just a month ago. Cellebrite claims UFED Premium can extract files from many recent Android phones as well, including the Samsung Galaxy S9. No other law enforcement contractor has made such broad claims about a single product, at least not publicly. The move signals not only another step in the cat and mouse game between smartphone makers and the government-sponsored firms that seek to defeat their security, but also a more unabashedly public phase of that security face-off. "Cellebrite is proud to introduce #UFED Premium! An exclusive solution for law enforcement to unlock and extract data from all iOS and high-end Android devices," the company wrote on its Twitter feed for the UFED product. On a linked web page, the company says the new tool can pull forensic data off any iOS device dating back to iOS 7, and Android devices not just from Samsung but Huawei, LG, and Xiaomi.

Read more of this story at Slashdot.

Prenda Copyright Troll Sentenced To 14 Years

Slashdot - Your Rights Online - So, 2019-06-15 04:10
JustAnotherOldGuy shares a report from Boing Boing: For years, Paul Hansmeier terrorized internet users through his copyright trolling racket Prenda Law, evading the law through shell companies and fraud, until, finally, he was brought to justice and pleaded guilty last August. Now, Hansmeier has been sentenced to 14 years in prison and must pay $1.5 million in restitution to his victims -- the same people he accused of being copyright infringers and then bullied into paying "settlement" fees to avoid being dragged through expensive litigation. Any Prenda Law victim can contact the Minnesota DA to apply for compensation. Prenda's tactics included identity theft, entrapment (uploading their own files to The Pirate Bay in order to generate downloads that they could threaten people over), and several kinds of fraud. Hansmeier and his co-defendant, John Steele, were indicted for money laundering, perjury, mail and wire fraud. Both men entered into plea agreements.

Read more of this story at Slashdot.

Texas Appeals Court Says Government Can't Be Sued For Copyright Piracy

Slashdot - Your Rights Online - So, 2019-06-15 03:30
sandbagger writes: Photographer Jim Olive's helicopter shot of Houston was used by the University of Houston on their website after they removed his watermark, a definite no-no particularly since the image was used for their school of business. The photographer then sent the university a bill for $41,000 -- $16,000 for the usage and $25,000 for removing his copyright credit. After the matter ended up in court, the university pushed for the case to be dismissed because the public institution has sovereign immunity, which protects state government entities from a variety of lawsuits and the appeals court agreed. The matter will likely go before the Supreme Court (in Allen v. Cooper) sometime in 2020. "Even if the government sets itself up as a competitor by producing a copyrighted work, there probably is not good reason to conclude automatically that the copyright has been 'taken,'" the three-judge panel cites in its ruling. "The copyright holder can still exclude all private competitors even as the government pirates the entirety of his work." "[W]e hold that the Olive's takings claim, which is based on a single act of copyright infringement by the University, is not viable," the ruling continues. "This opinion should not be construed as an endorsement of the University's alleged copyright infringement, and as discussed, copyright owners can seek injunctive relief against a state actor for ongoing and prospective infringement. Instead, in the absence of authority that copyright infringement by a state actor presents a viable takings claim [...] we decline to so hold." The National Press Photographers Association (NPPA) notes that the U.S. Congress passed the Copyright Remedy Clarification Act (CRCA) decades ago to prevent states from having governmental immunity from copyright claims, but some appeals courts have held that CRCA goes beyond Congress' powers and have therefore struck it down as unconstitutional.

Read more of this story at Slashdot.

UK Porn Block Is a 'Privacy Timebomb,' New Report Warns

Slashdot - Your Rights Online - So, 2019-06-15 01:30
New age restrictions on pornography that are set to come into effect in the UK next month are a "privacy timebomb," a new report by privacy watchdog Open Rights Group has warned. They say that the data protection in place to protect consumers is "vague, imprecise and largely a 'tick box' exercise." The Independent reports: The identity checks needed to stop under-18s from visiting pornographic websites will force any commercial provider of online pornography to carry out "robust" checks on their users to ensure they are adults. The age verification measures will be introduced on 15 July but a recent YouGov poll showed that 76 per cent of the British public is unaware of the ID checks being introduced. "With one month until rollout, the UK porn block is a privacy timebomb," the report stated. Estimates suggest around 20 million adults in the UK watch porn, meaning the scale of any privacy breaches could be vast. "Due to the sensitive nature of age verification data, there needs to be a higher standard of protection than the baseline which is offered by data protection legislation," said Open Rights Group executive director Jim Killock. "The BBFC's standard is supposed to deliver this. However, it is a voluntary standard, which offers little information about the level of data protection being offered and provides no means of redress if companies fail to live up to it." Mr Killock said the standard was therefore "pointless and misleading."

Read more of this story at Slashdot.

Retail Stores Use Bluetooth Beacons To Track Customers

Slashdot - Your Rights Online - So, 2019-06-15 00:10
In an opinion piece for The New York Times, writer Michael Kwet sheds some lights on the secret bluetooth surveillance devices retailers use to track your every move and better serve ads to you. Anonymous reader shares an excerpt from the report: Imagine you are shopping in your favorite grocery store. As you approach the dairy aisle, you are sent a push notification in your phone: "10 percent off your favorite yogurt! Click here to redeem your coupon." You considered buying yogurt on your last trip to the store, but you decided against it. How did your phone know? Your smartphone was tracking you. The grocery store got your location data and paid a shadowy group of marketers to use that information to target you with ads. Recent reports have noted how companies use data gathered from cell towers, ambient Wi-Fi, and GPS. But the location data industry has a much more precise, and unobtrusive, tool: Bluetooth beacons. These beacons are small, inobtrusive electronic devices that are hidden throughout the grocery store; an app on your phone that communicates with them informed the company not only that you had entered the building, but that you had lingered for two minutes in front of the low-fat Chobanis. Most location services use cell towers and GPS, but these technologies have limitations. Cell towers have wide coverage, but low location accuracy: An advertiser can think you are in Walgreens, but you're actually in McDonald's next door. GPS, by contrast, can be accurate to a radius of around five meters (16 feet), but it does not work well indoors. Bluetooth beacons, however, can track your location accurately from a range of inches to about 50 meters. They use little energy, and they work well indoors. That has made them popular among companies that want precise tracking inside a store. In order to track you or trigger an action like a coupon or message to your phone, companies need you to install an app on your phone that will recognize the beacon in the store. Retailers (like Target and Walmart) that use Bluetooth beacons typically build tracking into their own apps. But retailers want to make sure most of their customers can be tracked -- not just the ones that download their own particular app.

Read more of this story at Slashdot.

Spy Used AI-Generated Face To Connect With Targets

Slashdot - Your Rights Online - Pt, 2019-06-14 22:50
Raphael Satter, writing for AP: Katie Jones sure seemed plugged into Washington's political scene. The 30-something redhead boasted a job at a top think tank and a who's-who network of pundits and experts, from the centrist Brookings Institution to the right-wing Heritage Foundation. She was connected to a deputy assistant secretary of state, a senior aide to a senator and the economist Paul Winfree, who is being considered for a seat on the Federal Reserve. But Katie Jones doesn't exist, The Associated Press has determined. Instead, the persona was part of a vast army of phantom profiles lurking on the professional networking site LinkedIn. And several experts contacted by the AP said Jones' profile picture appeared to have been created by a computer program. Experts who reviewed the Jones profile's LinkedIn activity say it's typical of espionage efforts on the professional networking site, whose role as a global Rolodex has made it a powerful magnet for spies.

Read more of this story at Slashdot.

In Stores, Secret Surveillance Tracks Your Every Move

Slashdot - Your Rights Online - Pt, 2019-06-14 22:10
In retail stores, Bluetooth "beacons" are watching you, using hidden technology in your phone. From a report: Imagine you are shopping in your favorite grocery store. As you approach the dairy aisle, you are sent a push notification in your phone: "10 percent off your favorite yogurt! Click here to redeem your coupon." You considered buying yogurt on your last trip to the store, but you decided against it. How did your phone know? Your smartphone was tracking you. The grocery store got your location data and paid a shadowy group of marketers to use that information to target you with ads. Recent reports have noted how companies use data gathered from cell towers, ambient Wi-Fi, and GPS. But the location data industry has a much more precise, and unobtrusive, tool: Bluetooth beacons. These beacons are small, inobtrusive electronic devices that are hidden throughout the grocery store; an app on your phone that communicates with them informed the company not only that you had entered the building, but that you had lingered for two minutes in front of the low-fat Chobanis. Most location services use cell towers and GPS, but these technologies have limitations. Cell towers have wide coverage, but low location accuracy: An advertiser can think you are in Walgreens, but you're actually in McDonald's next door. GPS, by contrast, can be accurate to a radius of around five meters (16 feet), but it does not work well indoors. Bluetooth beacons, however, can track your location accurately from a range of inches to about 50 meters. They use little energy, and they work well indoors. That has made them popular among companies that want precise tracking inside a store.

Read more of this story at Slashdot.

Credit Scores Based On AI and Your Social Media Profile Could Usher In New Way For Banks To Discriminate

Slashdot - Your Rights Online - Pt, 2019-06-14 02:50
Credit scores have a long history of prejudice. "Most changes in how credit scores are calculated over the years -- including the shift from human assessment to computer calculations, and most recently to artificial intelligence -- have come out of a desire to make the scores more equitable, but credit companies have failed to remove bias, on the basis of race or gender, for example, from their system," writes Rose Eveleth via Motherboard. While credit companies have tried to reduce bias with machine learning and "alternative credit," which uses data like your sexual orientation or political beliefs that isn't normally included in a credit score to try and get a sense for how trustworthy someone might be, Eveleth says that "introducing this 'non-traditional' information to credit scores runs the risk of making them even more biased than they already are, eroding nearly 150 years of effort to eliminate unfairness in the system." From the report: Biases in AI can affect not just individuals with credit scores, but those without any credit at all as non-traditional data points are used to try and invite new creditors in. There is still a whole swath of people in the United States known as the "unbanked" or "credit invisibles." They have too little credit history to generate a traditional credit score, which makes it challenging for them to get loans, apartments, and sometimes even jobs. According to a 2015 Consumer Financial Protection Bureau study, 45 million Americans fall into the category of credit invisible or unscoreable -- that's almost 20 percent of the adult population. And here again we can see a racial divide: 27 percent of Black and Hispanic adults are credit invisible or unscoreable (PDF), compared to just 16 percent of white adults. To bring these "invisible" consumers into the credit score fold, companies have proposed alternative credit. FICO recently released FICO XD, which includes payment data from TV or cable accounts, utilities, cell phones, and landlines. Other companies have proposed social media posts, job history, educational history, and even restaurant reviews or business check-ins. Lenders say that alternative data is a benefit to those who have been discriminated against and excluded from banking. No credit? Bad credit? That doesn't mean you're not trustworthy, they say, and we can mine your alternative data and give you a loan anyway. But critics say that alternative data looks a lot like old-school surveillance. Letting a company have access to everything from your phone records to your search history means giving up all kinds of sensitive data in the name of credit. Experts worry that the push to use alternative data might lead, once again, to a situation similar to the subprime mortgage crisis if marginalized communities are offered predatory loans that wind up tanking their credit scores and economic stability.

Read more of this story at Slashdot.

Privacy Policies Are Essentially Impossible To Understand, Study Finds

Slashdot - Your Rights Online - Pt, 2019-06-14 00:10
The data market has become the engine of the internet, and privacy policies we agree to but don't fully understand help fuel it. From a report: To see exactly how inscrutable they have become, I analyzed the length and readability of privacy policies from nearly 150 popular websites and apps. Facebook's privacy policy, for example, takes around 18 minutes to read in its entirety -- slightly above average for the policies I tested. Then I tested how easy it was to understand each policy using the Lexile test developed by the education company Metametrics. The test measures a text's complexity based on factors like sentence length and the difficulty of vocabulary. To be successful in college, people need to understand texts with a score of 1300. People in the professions, like doctors and lawyers, should be able to understand materials with scores of 1440, while ninth graders should understand texts that score above 1050 to be on track for college or a career by the time they graduate. Many privacy policies exceed these standards. [...] The vast majority of these privacy policies exceed the college reading level. And according to the most recent literacy survey conducted by the National Center for Education Statistics, over half of Americans may struggle to comprehend dense, lengthy texts. That means a significant chunk of the data collection economy is based on consenting to complicated documents that many Americans can't understand. [...] Airbnb's privacy policy, on the other hand, is particularly inscrutable. It's full of long, jargon-laden sentences that obscure Airbnb's data practices and provides cover to use data in expansive ways. Things weren't always this bad. Google's privacy policy evolved over two decades -- along with its increasingly complicated data collection practices -- from a two-minute read in 1999 to a peak of 30 minutes by 2018.

Read more of this story at Slashdot.