aggregator

The FBI Tried To Plant a Backdoor in an Encrypted Phone Network

Slashdot - Your Rights Online - Śr, 2019-09-18 22:45
The FBI tried to force the owner of an encrypted phone company to put a backdoor in his devices, Motherboard has learned. From the report: The company involved is Phantom Secure, a firm that sold privacy-focused BlackBerry phones and which ended up catering heavily to the criminal market, including members of the Sinaloa drug cartel, formerly run by JoaquÃn "El Chapo" Guzman. The news signals some of the tactics law enforcement may use as criminals continue to leverage encrypted communications for their own ends. It also comes as Canadian media reported that a former top official in the Royal Canadian Mounted Police (RCMP), who has been charged with leaking state secrets, offered to sell information to Vincent Ramos, Phantom's CEO. "He was given the opportunity to do significantly less time if he identified users or built in/gave backdoor access," one source who knows Ramos personally and has spoken with him about the issue after his arrest told Motherboard. A backdoor is a general term for some form of technical measure that grants another party, in this case the FBI, surreptitious access to a computer system. What exactly the FBI was technically after is unclear, but the desire for a backdoor was likely to monitor Phantom's clients.

Read more of this story at Slashdot.

California Governor Signs Labor Law, Setting Up Bitter Gig Economy Fight

Slashdot - Your Rights Online - Śr, 2019-09-18 22:05
California Governor Gavin Newsom signed a sweeping new law that could force gig companies like Uber and Lyft to reclassify their workers as employees. From a report: The hotly contested legislation, Assembly Bill 5, dictates that workers can generally only be considered contractors if they are doing work that is outside the usual course of a company's business. The law codifies a 2018 state supreme court ruling, and applies it to a wide range of state laws. It could upend the business models of companies that depend on armies of independent contractors, who aren't guaranteed employment protections like minimum wage and overtime. The bill is slated to go into effect on Jan. 1. While the legislature has adjourned until next year, fierce lobbying and deal-making efforts are expected to continue in the meantime, and could potentially yield separate legislation in 2020. In a statement, Newsom called the bill "landmark legislation," and said that, "A next step is creating pathways for more workers to form a union, collectively bargain to earn more, and have a stronger voice at work -- all while preserving flexibility and innovation." Lorena Gonzalez, the state assemblywoman who authored the bill, said in a statement that, "California is now setting the global standard for worker protections for other states and countries to follow." Further reading: Drivers? Never Heard of Them, Says Uber.

Read more of this story at Slashdot.

Smart TVs, Smart-Home Devices Found To Be Leaking Sensitive User Data, Researchers Find

Slashdot - Your Rights Online - Śr, 2019-09-18 18:04
Smart-home devices, such as televisions and streaming boxes, are collecting reams of data -- including sensitive information such as device locations -- that is then being sent to third parties like advertisers and major tech companies, researchers said Tuesday. From a report: As the findings show, even as privacy concerns have become a part of the discussion around consumer technology, new devices are adding to the hidden and often convoluted industry around data collection and monetization. A team of researchers from Northeastern University and the Imperial College of London found that a variety of internet-connected devices collected and distributed data to outside companies, including smart TV and TV streaming devices from Roku and Amazon -- even if a consumer did not interact with those companies. "Nearly all TV devices in our testbeds contacts Netflix even though we never configured any TV with a Netflix account," the Northeastern and Imperial College researchers wrote. The researchers tested a total of 81 devices in the U.S. and U.K. in an effort to gain a broad idea of how much data is collected by smart-home devices, and where that data goes.

Read more of this story at Slashdot.

Facebook Contractors Have Been Listening To 'Hey Portal' Clips

Slashdot - Your Rights Online - Śr, 2019-09-18 16:02
Facebook, which last month said it stopped using humans to review and transcribe users' voice messages, will resume that practice for some audio collected from its Portal video-calling device. From a report: Facebook "paused human review of audio" around August. Bloomberg reported at the time the company hired contractors to transcribe private voice messages sent via its Messenger app. In that case, users had not been alerted to the possibility that their communications might be subject to human review. It was also unclear at the time that some of the clips Facebook had been collecting were coming from Portal. Facebook confirmed Wednesday that it was indeed collecting audio from Portal users who make a request from the device using the command "Hey Portal." By default, those commands were recorded and stored on Facebook servers, and some of them were transcribed by contractors working with the company to improve the software algorithms used to understand the commands, according to Andrew Bosworth, Facebook's head of hardware. That practice was paused last month at the same time Messenger stopped using humans to transcribe messages.

Read more of this story at Slashdot.

Millions of Americans' Medical Images and Data Are Available On the Internet

Slashdot - Your Rights Online - Śr, 2019-09-18 01:30
An anonymous reader quotes a report from ProPublica: Medical images and health data belonging to millions of Americans, including X-rays, MRIs, and CT scans, are sitting unprotected on the Internet and available to anyone with basic computer expertise. The records cover more than 5 million patients in the United States and millions more around the world. In some cases, a snoop could use free software programs -- or just a typical Web browser -- to view the images and private data, an investigation by ProPublica and the German broadcaster Bayerischer Rundfunk found. We identified 187 servers -- computers that are used to store and retrieve medical data -- in the U.S. that were unprotected by passwords or basic security precautions. The computer systems, from Florida to California, are used in doctors' offices, medical-imaging centers, and mobile X-ray services. The insecure servers we uncovered add to a growing list of medical records systems that have been compromised in recent years. Unlike some of the more infamous recent security breaches, in which hackers circumvented a company's cyber defenses, these records were often stored on servers that lacked the security precautions that long ago became standard for businesses and government agencies. The exposed data varied depending on the health provider and the software they use. "For instance, the server of U.S. company MobilexUSA displayed the names of more than a million patients -- all by typing in a simple data query," reports ProPublica. "Their dates of birth, doctors, and procedures were also included." "Another imaging system, tied to a physician in Los Angeles, allowed anyone on the Internet to see his patients' echocardiograms," the report adds. "All told, medical data from more than 16 million scans worldwide was available online, including names, birthdates, and, in some cases, Social Security numbers." The authors of the report recommend you ask your health care provider or doctor if access to your images requires a login and password, and to ask if they conduct a regular security assessment as required by HIPAA.

Read more of this story at Slashdot.

AI Surveillance is Expanding Worldwide

Slashdot - Your Rights Online - Śr, 2019-09-18 00:50
A growing number of countries are following China's lead in deploying artificial intelligence to track citizens, according to a research group's report published Tuesday. From a report: The Carnegie Endowment for International Peace says at least 75 countries are actively using AI tools such as facial recognition for surveillance. The index of countries where some form of AI surveillance is used includes liberal democracies such as the United States and France as well as more autocratic regimes. Relying on a survey of public records and media reports, the report says Chinese tech companies led by Huawei and Hikvision are supplying much of the AI surveillance technology to countries around the world. Other companies such as Japan's NEC and U.S.-based IBM, Palantir and Cisco are also major international providers of AI surveillance tools. Hikvision declined comment Tuesday. The other companies mentioned in the report didn't immediately return requests for comment. The report encompasses a broad range of AI tools that have some public safety component. The group's index doesn't distinguish between legitimate public safety tools and unlawful or harmful uses such as spying on political opponents. "I hope citizens will ask tougher questions about how this type of technology is used and what type of impacts it will have," said the report's author, Steven Feldstein, a Carnegie Endowment fellow and associate professor at Boise State University. Many of the projects cited in Feldstein's report are "smart city" systems in which a municipal government installs an array of sensors, cameras and other internet-connected devices to gather information and communicate with one another.

Read more of this story at Slashdot.

Spouse of Ring Exec Among Lawmakers Trying To Weaken California Privacy Law

Slashdot - Your Rights Online - Wt, 2019-09-17 05:30
An anonymous reader quotes a report from Ars Technica: The California legislature worked through the summer to finalize the text of the state's landmark data privacy law before time to make amendments ran out on Friday. In the Assembly (California's lower house), Assemblywoman Jacqui Irwin has been a key voice and vote backing motions that would weaken the law, and a new report says her reasoning may be very, very close to home. A review of state ethics documents conducted by Politico found that Ms. Irwin is married to Jon Irwin, the chief operating officer of Amazon's controversial Ring home surveillance business. That company stands to benefit if the California law is weakened in certain key ways before it can take effect. One proposal put forth by Assemblywoman Irwin would expand what kind of data would be exempt from CCPA provisions, and this drew the ire of consumer protection groups, Politico reports. Irwin also initially proposed striking out "a provision requiring companies to disclose or delete data associated with 'households' upon request," a regulation that will likely affect companies like Ring. She also voted against an amendment that would have required smart speaker systems, like Amazon's Alexa or Google Home, to obtain user consent to sell recorded conversations, and "used store security-camera footage as an example of data that would be burdensome and risky for businesses to be required to link to consumers in response to data-deletion requests." Assemblywoman Irwin told Politico she found questions about her spouse to be offensive, given her own personal background as a systems engineer. "My role in the privacy debate in the Legislature is focused on bringing people together and solving the practical issues posed to us as policy makers and is independent of any job or role my husband may have," she said. The California Consumer Privacy Act was signed into law in June 2018 by California nGovernor Gavin Newsom. "This legislation gives California residents several protections with regard to their personal information, including the rights to know what is being collected, what is being sold, and to whom it is being sold," reports Ars Technica. "It also grants Californians the right to access their personal information, the right to delete data collected from them, and the right to opt out -- without being charged extra for services if they choose to do so."

Read more of this story at Slashdot.

Drivers May Choose Electric Car Alert Sounds, US Proposal Says

Slashdot - Your Rights Online - Wt, 2019-09-17 02:50
The NHTSA is now proposing drivers be able to select an electric-car alert sound at speeds under 18.6 mph. "NHTSA wants the public's opinion 'on whether there should be a limit to the number of compliant sounds that a manufacturer can install in a vehicle and what that limit should be,'" adds CNET. From the report: As of this month, automakers are required to equip 50% of their "quiet cars," which applies to silent electric vehicles, with an alert noise at low speeds. The rules, first brought about in 2010, have been delayed for years, but come 2020, every quiet vehicle will need the alert mechanism. Regulators concluded cars make enough noise from tire and wind noise to forego the alert above 18.6 mph (that's 30 kph in case you're wondering why so precise a figure). Think of the sound as a gentle reminder when strolling through parking lots with cars backing out of spaces and crawling through the area. It's nice to hear a car approach, and something we take for granted with internal-combustion engines. NHTSA said the alert will help prevent 2,400 injuries annually.

Read more of this story at Slashdot.

Database Leaks Data on Most of Ecuador's Citizens, Including 6.7 Million Children

Slashdot - Your Rights Online - Pn, 2019-09-16 18:00
The personal records of most of Ecuador's population, including children, has been left exposed online due to a misconfigured database, ZDNet reported Monday. From the report: The database, an Elasticsearch searver, was discovered two weeks ago by vpnMentor security researchers Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet. Together, we worked to analyze the leaking data, verify its authenticity, and contact the server owner. The leaky server is one of the, if not the biggest, data breaches in Ecuador's history, a small South American country with a population of 16.6 million citizens. The Elasticsearch server contained a total of approximately 20.8 million user records, a number larger than the country's total population count. The bigger number comes from duplicate records or older entries, containing the data of deceased persons.

Read more of this story at Slashdot.

Russia Carried Out a 'Stunning' Breach of FBI Communications System, Escalating the Spy Game on US Soil

Slashdot - Your Rights Online - Pn, 2019-09-16 16:00
Zach Dorfman, Jenna McLaughlin, and Sean D. Naylor, reporting for Yahoo News: On Dec. 29, 2016, the Obama administration announced that it was giving nearly three dozen Russian diplomats just 72 hours to leave the United States and was seizing two rural East Coast estates owned by the Russian government. As the Russians burned papers and scrambled to pack their bags, the Kremlin protested the treatment of its diplomats, and denied that those compounds -- sometimes known as the "dachas" -- were anything more than vacation spots for their personnel. The Obama administration's public rationale for the expulsions and closures -- the harshest U.S. diplomatic reprisals taken against Russia in several decades -- was to retaliate for Russian meddling in the 2016 presidential election. But there was another critical, and secret, reason why those locations and diplomats were targeted. Both compounds, and at least some of the expelled diplomats, played key roles in a brazen Russian counterintelligence operation that stretched from the Bay Area to the heart of the nation's capital , according to former U.S. officials. The operation, which targeted FBI communications, hampered the bureau's ability to track Russian spies on U.S. soil at a time of increasing tension with Moscow, forced the FBI and CIA to cease contact with some of their Russian assets, and prompted tighter security procedures at key U.S. national security facilities in the Washington area and elsewhere, according to former U.S. officials. It even raised concerns among some U.S. officials about a Russian mole within the U.S. intelligence community. "It was a very broad effort to try and penetrate our most sensitive operations," said a former senior CIA official. American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams. Officials also feared that the Russians may have devised other ways to monitor U.S. intelligence communications, including hacking into computers not connected to the internet. Senior FBI and CIA officials briefed congressional leaders on these issues as part of a wide-ranging examination on Capitol Hill of U.S. counterintelligence vulnerabilities.

Read more of this story at Slashdot.

Online Lenders Publicly Shame Debtors in the Philippines Using Their Facebook Contacts

Slashdot - Your Rights Online - Pn, 2019-09-16 00:56
A man named Roger was surprised to hear from an old college friend after all these years, reports the Philippine Daily Inquirer -- and even more surprised to find out why. What she wanted to know was why he gave her number to an online lending company that was hounding him at that time. The company told her that he was in debt and needed to pay up. Roger took out a loan using the company's app back in May, after seeing an ad on Facebook. His payment had been overdue for a week when the company contacted his college friend. But in fact he didn't give the company her number. The company tapped his contact list, then messaged his college friend to get him to make good on his debt. The company also called his wife and threatened to report him to his boss so he would lose his job. Roger, 26, has since paid back the loan. And he vowed to never use the app again... Roger is not alone. The National Privacy Commission (NPC) has reported receiving 921 formal complaints since July 2018 about online lending companies who publicly shame borrowers to get them to pay up... Three companies are facing cases filed by the NPC for violating the Data Privacy Act of 2012... Privacy Commissioner Raymund Enriquez Liboro earlier released copies of the investigators' fact-finding reports, which recommended criminal prosecution of the board members of the three companies. "The investigation determined that their business practice specifically targets the privacy of persons, practically making a profit out of people's fear of losing face and dignity. These unethical practices simply have no place in a civilized society and must stop," Liboro then said... In an affidavit sent to the NPC, one complainant said Fast Cash threatened to post her selfies on Facebook. Another said the CashLending app changed her profile picture on Facebook to an obscene picture... None of these would have happened unless the users gave permission to these apps. But many users backed into a corner by circumstance didn't have a choice. Roger, for one, said he could not use the app unless he agreed that the company could access his contacts... [T]he NPC argued that although the users gave their approval, the lack of easily understandable and clear information, among other factors, meant that it was not a "valid" consent... Among the charges filed against the companies are noncompliance with the legal requirements of processing personal data, as well as malicious and unauthorized disclosure. Their operators may face imprisonment of up to seven years and fines of not more than P5 million [about $97,000 U.S. dollars] under the Data Privacy Act of 2012. One person who filed a formal complaint with the government later received a discouraging text message from the company in question. "Before you sue us, we already [sent] a text blast to all of your contacts. We know your home address, your office and even your ugly face. Good luck with your privacy law."

Read more of this story at Slashdot.

'King of Kong' Billy Mitchell Argues He Was Framed for Donkey Kong Cheating, Threatens Legal Action

Slashdot - Your Rights Online - N, 2019-09-15 22:59
"Billy Mitchell, the former Donkey Kong and Pac-Man high-score champion made famous in the 2007 film The King of Kong, has threatened legal action against the sanctioning bodies who threw out all of Mitchell's high scores in April 2018 after finding that two were illegitimate," reports Polygon. This week, lawyers for Mitchell sent a letter to Twin Galaxies and Guinness World Records demanding that both "retract their claims against Billy Mitchell" and restore the scores to their world record leaderboards, where Mitchell had been a fixture since the early 1980s... The letter to Twin Galaxies alleges that it defamed Mitchell, both in its findings and in later posts to their website. In banning Mitchell, Twin Galaxies also vacated records that were not in question, and banned Mitchell from further participation in their leaderboards. One of Mitchell's records thrown out was a "perfect score" in Pac-Man (reaching the maximum number of points available in its 255 levels). Mitchell's attorneys say Twin Galaxies implied that score was tainted by cheating, too. Guinness, say the lawyers, cited that disqualification in its 2019 Gamers Edition compilation of records in saying that Mitchell's "submitted scores were obtained while using [the emulator] MAME," which the attorneys take to mean as applying to all of Mitchell's scores, from 1982 to present day. They say that is factually incorrect and also impossible, as MAME was created in 1997... The letter also alleges that Twin Galaxies "did not provide Billy Mitchell fair opportunity to provide evidence to prove his innocence," and that "specific evidence was accepted, while evidence of equal stature was rejected." A 156-page package summarizing Mitchell's defense has been posted in Reddit's videogame speedrunning forum. It argues that the documentary's makers actually have filmed footage in which a videotaped high-score attempt at Funspot Arcade is clearly announced to be "not a score submission. This is for entertainment purposes only." And while the film-makers show that score being submitted, "this was only acting done for the movie...the scoreboard shown by the movie was forged.... Actually, in the King of Kong movie, the tape I hand Doris Self is a WWE Wrestling tape, not my 1,047,200 performance... The movie's portrayal that I submitted this performance is fictitious." Mitchell's documents say that that score was submitted later -- without his permission -- by a referee for Twin Galaxies, arguing that the footage suffers from a compromised chain of custody. The documents even include emails written by the owner of the web site fuckbillymitchell.com "saying he has a 'master plan' to take Billy Mitchell down," along with statements from two separate witnesses who say that man had even at one point asked for help in how to fake footage of a videogame. "I find the current accusation of Mitchell too close to exactly what Richard planned in 2009 to be overlooked."

Read more of this story at Slashdot.

Ask Slashdot: Can A Lack of Privacy Be Weaponized?

Slashdot - Your Rights Online - N, 2019-09-15 19:34
Slashdot reader dryriver asks a scary what-if question about the detailed digital profiles of our online and offline lives that are being created by "hundreds of privately owned, profit-driven companies operating with no meaningful oversight." Digital profiles are just a collection of 1s and 0s and are wide open to digital tampering or digital distortion. You could easily be made to appear to have done just about anything from visiting questionnable websites on the dark web, to buying things that you never actually bought or would have an interest in buying, to being in places in the physical world at given dates and times that you would never actually visit in real life. In other words, your digital profile(s) may make you appear to be a completely different person, doing completely different things, from who you objectively are in actuality. For now, these digital profiles mostly sit in data centers around the world, and try to serve ads to you. But what happens if someday your digital profile is weaponized against you? What happens in a situation where you need to prove that you are a morally upright, law-abiding person, and your digital profile(s) are accessed, and claim that you are anything but a moral, law-abiding person? What happens if these digital profiles are someday routinely examined by courts of law to determine whether you are a person of good character or not? What happens if one of your digital profiles is purposely leaked into the public realm someday, and your "digital mirror image" did all sorts of crappy things that you, in real life, would never do?

Read more of this story at Slashdot.

Released from Prison, Spammer Who Stole 17.5 Million Passwords Apologizes and Reforms

Slashdot - Your Rights Online - N, 2019-09-15 13:34
An anonymous reader quotes ZDNet: Kyle Milliken, a 29-year-old Arkansas man, was released last week from a federal work camp. He served 17 months for hacking into the servers of several companies and stealing their user databases. Some of the victims included Disqus, from where he stole 17.5 million user records, Kickstarter, from where he took 5.2 million records, and Imgur, with 1.7 million records. For years, Milliken and his partners operated by using the credentials stolen from other companies to break into more lucrative accounts on other services. If users had reused their passwords, Milliken would access their email inboxes, Facebook, Twitter, or Myspace accounts, and post spam promoting various products and services. From 2010 to 2014, Milliken and his colleagues operated a successful spam campaign using this simple scheme, making more than $1.4 million in profits, and living the high life. Authorities eventually caught up with the hacker. He was arrested in 2014, and collaborated with authorities for the next years, until last year, when it leaked that he was collaborating with authorities and was blackballed on the cybercrime underground.... In an interview with ZDNet last week, Milliken said he's planning to go back to school and then start a career in cyber-security... [H]e publicly apologized to the Kickstarter CEO on Twitter. "I've had a lot of time to reflect and see things from a different perspective," Milliken told ZDNet. "When you're hacking or have an objective to dump a database, you don't think about who's on the other end. There's a lot of talented people, a ton of work, and even more money that goes into creating a company... there's a bit of remorse for putting these people through cyber hell." He also has a message for internet uesrs: stop reusing your passwords. And he also suggests enabling two-factor authentication. "I honestly think that the big three email providers (Microsoft, Yahoo, Google) added this feature because of me."

Read more of this story at Slashdot.

Would Consumers Be Safer With a National Data Broker Registry?

Slashdot - Your Rights Online - N, 2019-09-15 09:34
"A comprehensive national privacy law cannot be developed overnight..." argues the chief "data ethics officer" for Acxiom, a database marketing company, in a New York Times op-ed: Still, people deserve to know who is collecting data about them, why it's being collected and the types of companies with which the data is being shared. They should also have assurances that companies collecting data have adequate measures in place to ensure security and confidentiality. That's why, until we have a national privacy law, we should pursue a national data broker registry to help consumers discover this information -- and learn the difference between good data actors and bad ones. People who today use Facebook, Google, Amazon and Apple understand that these companies collect their data in an effort to improve their experience and to generate revenue by selling advertising. But there is less awareness of companies -- generally referred to as data brokers -- that collect, source and otherwise license information about consumers who are not their customers. The growing commercial use of data is outpacing the public's understanding.... Data-driven marketing helps businesses reduce wasteful ad spending and helps fund free or low-cost consumer products and services on the internet, including free search, email and social media platforms, as well as customized content. In many cases, it also funds the press and other channels of expression. Our business is underpinned by policies on comprehensive data governance, in an effort to ensure that data use is transparent, fair and just, that there are benefits for both businesses and consumers. We help marketers follow the golden rule of business -- "Know Your Customer" -- so that they can deliver a better experience. Unfortunately, the irresponsible actions of some individuals and organizations have cast a shadow over our industry. They violate consumers' privacy, profit from stolen data and commit fraud. Increasing transparency -- initially through a data broker registry and ultimately through a robust and balanced national privacy law -- would help reduce the conflation of legitimate, regulated entities with unethical companies and criminals.

Read more of this story at Slashdot.

Two Penetration Testers Arrested For Attempted Burglary

Slashdot - Your Rights Online - So, 2019-09-14 17:34
Somewhere along the North Raccoon River in Adel, Iowa -- population 3,682 -- two men were arrested for trying to break into the county courthouse. And then things got weird, the Des Moines Register reports: The men, outfitted with numerous burglary tools, told authorities they were on contract to test out the courthouse alarm system's viability and to gauge law enforcement's response time, an alleged contract that Dallas County officials said they had no knowledge of, according to a criminal complaint. Authorities later found out the state court administration did, in fact, hire the men to attempt "unauthorized access" to court records "through various means" in order to check for potential security vulnerabilities of Iowa's electronic court records, according to Iowa Judicial Branch officials. But, the state court administration "did not intend, or anticipate, those efforts to include the forced entry into a building," a Wednesday news release from the Iowa Judicial Branch read. Evidently, the courthouse's security system did its job. The alarm system was triggered by the two men whom law enforcement found walking around the courthouse's third floor at about 12:30 a.m. Wednesday, court records show. Justin Wynn, of Naples, Florida, and Gary Demercurio, 43, of Seattle, Washington, were both charged with third-degree burglary and possession of burglary tools. Their bond has been set at $50,000. "Our employees work diligently to ensure our engagements are conducted with utmost integrity and in alignment with the objectives of our client," their employer, the cybersecurity company Coalfire, told the Inquirer. When they contacted county sheriff Chad Leonard, he would only say that "It's a strange case. We're still investigating this thing."

Read more of this story at Slashdot.

Alabama Tracking Students' Locations To Penalize Them For Leaving Games Early

Slashdot - Your Rights Online - So, 2019-09-14 02:20
The University of Alabama is taking an extraordinary, Orwellian step to reward students who attend games -- and stay until the fourth quarter -- by using location-tracking technology from students' phones to see who skips out and who stays. If students stay until the fourth quarter, they will be rewarded with improved access to tickets to the SEC championship game and to the College Football Playoff semifinals and championship game, which Alabama is trying to reach for the fifth consecutive season. The New York Times reports: Greg Byrne, Alabama's athletic director, said privacy concerns rarely came up when the program was being discussed with other departments and student groups. Students who download the Tide Loyalty Points app will be tracked only inside the stadium, he said, and they can close the app -- or delete it -- once they leave the stadium. "If anybody has a phone, unless you're in airplane mode or have it off, the cellular companies know where you are," he said. The creator of the app, FanMaker, runs apps for 40 colleges, including Clemson, Louisiana State and Southern California, which typically reward fans with gifts like T-shirts. The app it created for Alabama is the only one that tracks the locations of its students. That Alabama would want it is an example of how even a powerhouse program like the Crimson Tide is not sheltered from college football's decline in attendance, which sank to a 22-year low last season. The Tide Loyalty Points program works like this: Students, who typically pay about $10 for home tickets, download the app and earn 100 points for attending a home game and an additional 250 for staying until the fourth quarter. Those points augment ones they garner mostly from progress they have made toward their degrees -- 100 points per credit hour. (A regular load would be 15 credits per semester, or 1,500 points.) Adam Schwartz, a lawyer for the Electronic Frontier Foundation, a privacy watchdog, said it was "very alarming" that a public university -- an arm of the government -- was tracking its students' whereabouts. "Why should packing the stadium in the fourth quarter be the last time the government wants to know where students are?" Schwartz said, adding that it was "inappropriate" to offer an incentive for students to give up their privacy. "A public university is a teacher, telling students what is proper in a democratic society."

Read more of this story at Slashdot.

Congress Is Investigating Apple's Repair Monopoly

Slashdot - Your Rights Online - Pt, 2019-09-13 20:10
The United States House of Representatives' Judiciary Committee is launching an antitrust investigation into Apple and its anti-competitive behavior. From a report: Part of the investigation will focus on Apple's repair monopoly, which for years has given the company control over the useful life of its products. In a letter to Apple, the committee asked Apple to turn over all internal communications from 14 top executives at the company -- including CEO Tim Cook -- relating to "Apple's restrictions on third-party repairs," among dozens of other topics. In particular, the committee wants information about: "Apple's restrictions on third-party repairs, including but not limited to any rules with which Apple Authorized Service Providers (AASPs) must comply, such as rules restricting or prohibiting AASPs from making any specific repairs." "Apple's decision in December 2017 to offer iPhone battery replacements at a discounted price, or the actual or projected effects of this decision, including but not limited to, effects on iPhone sales." "Apple's decision to introduce the 'Independent Repair Provider Program,' including but not limited to, decisions covering which specific repair parts Apple will make available through the program and at what price." "Apple's decision in 2018 to enter into an agreement with Amazon to sell Apple products on Amazon and to limit the resellers that can sell Apple products on Amazon."

Read more of this story at Slashdot.

T-Mobile Has a Secret Setting To Protect Your Account From Hackers That it Refuses To Talk About

Slashdot - Your Rights Online - Pt, 2019-09-13 18:41
T-Mobile has a feature that gives its customers more protection from hackers trying to steal their phone number, but you probably don't know it exists because the company doesn't advertise it publicly and won't even talk about it. From a report: It's called "NOPORT" and, in theory, it makes it a bit harder for criminals to hijack phone numbers with an attack known as "SIM swapping," a type of social engineering that is increasingly being used to steal people's phone numbers. SIM swapping attackers usually trick wireless providers into giving them control of a target's phone number by impersonating the victim with a company's customer support representatives -- usually on a phone call. T-Mobile's NOPORT feature makes this harder by requiring customers to physically come to a store and present a photo ID in order to request their number to be ported out to a different carrier or a new SIM card. In theory, this should make it impossible for someone to do a SIM swap (also known as SIM hijacking or port-out scam) over the phone. But it's unclear whether all T-Mobile customers can have NOPORT or how effective it really is. T-Mobile doesn't even inform customers that it exists. I learned about it from a tipster, and then confirmed that it is indeed real. I was able to activate the feature on my own T-Mobile account by calling customer service and asking for it to be put on the account, but the company has declined to answer specific questions about the feature.

Read more of this story at Slashdot.

EPA Rolls Back Obama-Era Regulations On Clean Water

Slashdot - Your Rights Online - Pt, 2019-09-13 15:00
An anonymous reader quotes a report from The Wall Street Journal: President Trump's administration has rescinded an Obama-era policy that expanded federal oversight and the threat of steep fines for polluting the country's smaller waterways (Warning: source paywalled; alternative source), furthering his deregulatory efforts in the 14 months that remain before the next election. Environmental Protection Agency Administrator Andrew Wheeler on Thursday signed a final rule that limits the scope of federal clean-water regulations in an effort to clear up confusion for landowners whose property sits near water sources that feed into the country's network of major rivers. The Obama administration in 2015 had expanded federal oversight upstream, it said, to better protect wildlife and the country's drinking-water supply from industrial runoff and pollution. Mr. Wheeler called that expansion an overreach, saying it grew to cover dry land in some cases. Farmers, property developers, chemical manufacturers and oil-and-gas producers -- some of whom are key voter groups for the 2020 election -- have voiced opposition to it, with many saying it overreached by intruding on property owners' rights. Court battles following the Obama-era rule have led to fractured rules across the country. Amid the legal challenges, the regulation is in place only in 22 states, though the Trump administration's decision could spark its own series of court fights. Thursday's rule "restores regulatory text that existed before the 2015," the report notes. "Property that is no longer covered by the 1972 Clean Water Act remains protected by state rules. Major waterways, such as most rivers and lakes, were already under protection of the Clean Water Act and still will be after the rollback."

Read more of this story at Slashdot.