aggregator

Inside a Global Phone Spy Tool Monitoring Billions

Slashdot - Your Rights Online - Cz, 2024-01-25 15:06
A wide-spanning investigation by 404 Media reveals more details about a secretive spy tool that can tracks billions of phone profiles through the advertising industry called Patternz. From the report: Hundreds of thousands of ordinary apps, including popular ones such as 9gag, Kik, and a series of caller ID apps, are part of a global surveillance capability that starts with ads inside each app, and ends with the apps' users being swept up into a powerful mass monitoring tool advertised to national security agencies that can track the physical location, hobbies, and family members of people to build billions of profiles, according to a 404 Media investigation. 404 Media's investigation, based on now deleted marketing materials and videos, technical forensic analysis, and research from privacy activists, provides one of the clearest examinations yet of how advertisements in ordinary mobile apps can ultimately lead to surveillance by spy firms and their government clients through the real time bidding data supply chain. The pipeline involves smaller, obscure advertising firms and advertising industry giants like Google. In response to queries from 404 Media, Google and PubMatic, another ad firm, have already cut-off a company linked to the surveillance firm.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Inside+a+Global+Phone+Spy+Tool+Monitoring+Billions%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F25%2F136210%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F25%2F136210%2Finside-a-global-phone-spy-tool-monitoring-billions%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/01/25/136210/inside-a-global-phone-spy-tool-monitoring-billions?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Amazon's Ring To Stop Letting Police Request Doorbell Video From Users

Slashdot - Your Rights Online - Śr, 2024-01-24 19:00
Amazon's Ring home doorbell unit says it will stop letting police departments request footage from users' video doorbells and surveillance cameras, retreating from a practice that was criticized by civil liberties groups and some elected officials. Bloomberg: Next week, the company will disable its Request For Assistance tool (non-paywalled link), the program that had allowed law enforcement to seek footage from users on a voluntary basis, Eric Kuhn, who runs Ring's Neighbors app, said in a blog post on Wednesday. Police and fire departments will have to seek a warrant to request footage from users or show the company evidence of an ongoing emergency. Kuhn didn't say why Ring was disabling the tool. Yassi Yarger, a spokesperson, said Ring had decided to devote its resources to new products and experiences in the Neighbors app that better fit with the company's vision. The aim is to make Neighbors, which had been focused on crime and safety, into more of a community hub, she said. New features announced on Wednesday -- one called Ring Moments that lets users post clips and a company-produced Best of Ring -- highlight that push.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Amazon's+Ring+To+Stop+Letting+Police+Request+Doorbell+Video+From+Users%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F24%2F1640212%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F24%2F1640212%2Famazons-ring-to-stop-letting-police-request-doorbell-video-from-users%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/01/24/1640212/amazons-ring-to-stop-letting-police-request-doorbell-video-from-users?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Biden Aims To Stop Countries From Exploiting Americans' Data for Blackmail, Espionage

Slashdot - Your Rights Online - Wt, 2024-01-23 23:00
The Biden administration is preparing an executive order that seeks to prevent foreign adversaries from accessing troves of highly sensitive personal data about Americans and people connected to the US government, Bloomberg News reported, citing documents. From the report: The administration plans to soon unveil the new executive order, which will direct the US Attorney General and Department of Homeland Security to issue new restrictions on transactions involving data that, if obtained, could threaten national security, according to three people familiar with the matter, who asked not to be named as the details are still private. The draft order focuses on ways that foreign adversaries are gaining access to Americans' "highly sensitive" personal data -- from genetic information to location -- through legal means. That includes obtaining information through intermediaries, such as data brokers, third-party vendor agreements, employment agreements or investment agreements, according to a draft of the proposed order. In addition, organizations owned, controlled or operated by "countries of concern" are often obligated to hand such data over to the government when asked.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=+Biden+Aims+To+Stop+Countries+From+Exploiting+Americans'+Data+for+Blackmail%2C+Espionage%3A+https%3A%2F%2Fnews.slashdot.org%2Fstory%2F24%2F01%2F23%2F1810241%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fnews.slashdot.org%2Fstory%2F24%2F01%2F23%2F1810241%2Fbiden-aims-to-stop-countries-from-exploiting-americans-data-for-blackmail-espionage%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://news.slashdot.org/story/24/01/23/1810241/biden-aims-to-stop-countries-from-exploiting-americans-data-for-blackmail-espionage?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

EFF Adds Street Surveillance Hub So Americans Can Check Who's Checking On Them

Slashdot - Your Rights Online - Wt, 2024-01-23 15:00
An anonymous reader quotes a report from The Register: For a country that prides itself on being free, America does seem to have an awful lot of spying going on, as the new Street Surveillance Hub from the Electronic Frontier Foundation shows. The Hub contains detailed breakdowns of the type of surveillance systems used, from bodycams to biometrics, predictive policing software to gunshot detection microphones and drone-equipped law enforcement. It also has a full news feed so that concerned citizens can keep up with the latest US surveillance news; they can also contribute to the Atlas of Surveillance on the site. The Atlas, started in 2019, allows anyone to check what law enforcement is being used in their local area -- be it license plate readers, drones, or gunshot detection microphones. It can also let you know if local law enforcement is collaborating with third parties like home security vendor Ring to get extra information. EFF policy analyst Matthew Guariglia told The Register that once people look into what's being deployed using their tax dollars, a lot of red flags are raised. Over the last few years America's thin blue line have not only been harvesting huge amounts of data themselves, but also buying it in from commercial operators. The result is a perfect storm on privacy -- with police, homeowners, and our personal technology proving to be a goldmine of intrusive information that's often misused.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=EFF+Adds+Street+Surveillance+Hub+So+Americans+Can+Check+Who's+Checking+On+Them%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F22%2F2317247%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F22%2F2317247%2Feff-adds-street-surveillance-hub-so-americans-can-check-whos-checking-on-them%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/01/22/2317247/eff-adds-street-surveillance-hub-so-americans-can-check-whos-checking-on-them?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

IT Consultant Fined For Daring To Expose Shoddy Security

Slashdot - Your Rights Online - Wt, 2024-01-23 03:25
Thomas Claburn reports via The Register: A security researcher in Germany has been fined $3,300 for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records. Back in June 2021, according to our pals at Heise, an contractor identified elsewhere as Hendrik H. was troubleshooting software for a customer of IT services firm Modern Solution GmbH. He discovered that the Modern Solution code made an MySQL connection to a MariaDB database server operated by the vendor. It turned out the password to access that remote server was stored in plain text in the program file MSConnect.exe, and opening it in a simple text editor would reveal the unencrypted hardcoded credential. With that easy-to-find password in hand, anyone could log into the remote server and access data belonging to not just that one customer of Modern Solution, but data belonging to all of the vendor's clients stored on that database server. That info is said to have included personal details of those customers' own customers. And we're told that Modern Solution's program files were available for free from the web, so truly anyone could inspect the executables in a text editor for plain-text hardcoded database passwords. The contractor's findings were discussed in a June 23, 2021 report by Mark Steier, who writes about e-commerce. That same day Modern Solution issued a statement [PDF] -- translated from German -- summarizing the incident [...]. The statement indicates that sensitive data about Modern Solution customers was exposed: last names, first names, email addresses, telephone numbers, bank details, passwords, and conversation and call histories. But it claims that only a limited amount of data -- names and addresses -- about shoppers who made purchases from these retail clients was exposed. Steier contends that's incorrect and alleged that Modern Solution downplayed the seriousness of the exposed data, which he said included extensive customer data from the online stores operated by Modern Solution's clients. In September 2021 police in Germany seized the IT consultant's computers following a complaint from Modern Solution that claimed he could only have obtained the password through insider knowledge #226;" he worked previously for a related firm -- and the biz claimed he was a competitor. Hendrik H. was charged with unlawful data access under Section 202a of Germany's Criminal Code, based on the rule that examining data protected by a password can be classified as a crime under the Euro nation's cybersecurity law. In June, 2023, a Julich District Court in western Germany sided with the IT consultant because the Modern Solution software was insufficiently protected. But the Aachen regional court directed the district court to hear the complaint. Now, the district court has reversed its initial decision. On January 17, a Julich District Court fined Hendrik H. and directed him to pay court costs.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=IT+Consultant+Fined+For+Daring+To+Expose+Shoddy+Security%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F22%2F2225222%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F22%2F2225222%2Fit-consultant-fined-for-daring-to-expose-shoddy-security%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/01/22/2225222/it-consultant-fined-for-daring-to-expose-shoddy-security?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Walmart's Financial Services 'Became a Fraud Magnet', Says ProPublica

Slashdot - Your Rights Online - Pn, 2024-01-22 05:12
One man living in Virginia oversaw "the laundering of some $7 million in fraudulently obtained gift cards" from Walmart in an international operation which over five years scammed hundreds of victims into sending the numbers over the phone, reports a new ProPublica investigation. (Citing court evidence that emerged after his arrested in 2021). Earlier that year, he complained to an associate that more and more people were competing to resell cards in China, eating into his profits. So many scammers were flocking to Walmart that he and his team regularly encountered them at self-checkout counters.... "We ran into quite a few at the store, and we even started chatting." It was apparently so common that federal prosecutors started calling it "The Walmart scheme." And while the store is supposed to watch for customers who appear to be acting on a scammer's instructions, "Too often, Walmart has failed." America's largest retailer has long been a facilitator of fraud on a mass scale, a ProPublica investigation has found. For roughly a decade, Walmart has resisted tougher enforcement while breaking promises to regulators and skimping on employee training, according to more than 50 interviews, internal documents supplied by former industry executives, court filings and other public records...More than $1 billion in fraud losses were routed through the company's financial systems between 2013 and 2022, according to filings by the Federal Trade Commission and court cases analyzed by ProPublica. That has helped fuel a boom in financial chicanery. Americans, many of them elderly, were swindled out of $27 billion between 2013 and 2022, according to the FTC... Walmart has a financial incentive to avoid cracking down. It makes money each time a Walmart gift card is used and earns a fee when another brand of card is bought. And it receives one commission when a person sends a money transfer and a second when the recipient picks it up. The company's financial services business generates hundreds of millions in annual profits. (Its filings do not provide specific figures for gift cards and money transfers.) "They were concerned about the bucks. That's all," Nick Alicea, a former fraud team leader for the U.S. Postal Inspection Service who investigated Walmart for years, told ProPublica. Walmart's deficiencies have repeatedly attracted government scrutiny. In 2017, the attorneys general of New York and Pennsylvania investigated Walmart over concerns that it was "reaping the benefits" of gift card fraud. The investigation concluded a year later with Walmart promising to restrict or eliminate the use of its gift cards to purchase other gift cards... Instead, the company let the practice continue until 2022 mdash; even after it knew that millions of dollars were being laundered through its stores. The FTC sued Walmart in 2022, alleging it "turned a blind eye" as criminals took advantage of its money transfer service. Walmart, the FTC claimed, pocketed millions in fees while "letting fraudsters fleece its customers." Summarizing the FTC's evidence, a federal judge in the case wrote that "Walmart knew that its services were used by fraudsters" and that the company was repeatedly warned about certain stores where "twenty-five, fifty, or even seventy-five percent of money transfer activity was fraudulent." Separately, a federal grand jury in Pennsylvania is hearing evidence of possible criminal conduct in Walmart's money transfer business, according to corporate filings that did not detail the allegations. While the FTC says Americans were swindled out of $27 billion between 2013 and 2022, Walmart responded to ProPublica's investigation by pointing out it's refunded $4 million to gift-card fraud victims, and also blocked more than $700 million in suspicious money transfers. "We have a robust anti-fraud program and other controls to help stop scammers and other criminals who may use the financial services we offer to harm our customers." The company's legal filings in the FTC case struck a different tone. Walmart is seeking to dismiss the suit, partly on the grounds that it has "no responsibility to protect against the criminal conduct of third parties." Though fraud is "deeply unfortunate," Walmart argues, such schemes are "reasonably avoidable by consumers." Other interesting quotes from the article: "Walmart outlets at one point accounted for the top 20 locations for fraud nationally among chains that partnered with MoneyGram, according to internal documents." "In a single week in March 2017, consumers claiming they'd been duped into a money transfer filed 610 complaints about Walmart, according to documents obtained by ProPublica. CVS ranked second, with 47." "Site inspections routinely found that Walmart staff lacked anti-fraud training and that employees failed to ask screening questions..." Walmart resisted MoneyGram's attempts to fight fraud [according to the former fraud team leader for the postal inspector's office in Harrisburg, Pennsylvania, who investigated MoneyGram and Walmart].pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Walmart's+Financial+Services+'Became+a+Fraud+Magnet'%2C+Says+ProPublica%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F22%2F038220%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F22%2F038220%2Fwalmarts-financial-services-became-a-fraud-magnet-says-propublica%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/01/22/038220/walmarts-financial-services-became-a-fraud-magnet-says-propublica?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Could Apostrophy OS Be the Future of Cellphone Privacy?

Slashdot - Your Rights Online - N, 2024-01-21 14:24
"Would you pay $15 a month so Android doesn't track you and send all of that data back to Google?" asks Stuff South Africa: A new Swiss-based privacy company thinks $15 is a fair fee for that peace of mind. "A person's data is the original digital currency," argues Apostrophy, which has created its own operating system, called Apostrophy OS. It's based on Android mdash; don't panic mdash; but the version that has already been stripped of Google's intrusiveness by another privacy project called GrapheneOS, which used to be known as CopperheadOS. Launched in 2014, it which was briefly known as the Android Hardening project, before being rebranded as GrapheneOS in 2019. Apostrophy OS is "focused on empowering our users, not leveraging them," it says and is "purposely Swiss-based, so we can be champions of data sovereignty". What it does, they say, is separate the apps from the underlying architecture of the operating system and therefore prevent apps from accessing miscellaneous personal data, especially the all-important location data so beloved of surveillance capitalism... Apostrophy OS has its own app store, but also cleverly allows users to access the Google Play Store. If you think that is defeating the point, Apostrophy argues that those apps can't get to the vitals of your digital life. Apostrophy OS has "partitioned segments prioritising application integrity and personal data privacy". The service is free for one year with the purchase of the new MC02 phone from Swiss manufacturer Punkt, according to PC Magazine. "The phone costs $749 and is available for preorder now. It will ship at the end of January." Additional features include a built-in VPN called Digital Nomad based on the open-source Wireguard framework to secure your activity against outside snooping, which includes "exit addresses" in the US, Germany, and Japan with the base subscription.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Could+Apostrophy+OS+Be+the+Future+of+Cellphone+Privacy%3F%3A+https%3A%2F%2Fmobile.slashdot.org%2Fstory%2F24%2F01%2F21%2F0523209%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fmobile.slashdot.org%2Fstory%2F24%2F01%2F21%2F0523209%2Fcould-apostrophy-os-be-the-future-of-cellphone-privacy%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://mobile.slashdot.org/story/24/01/21/0523209/could-apostrophy-os-be-the-future-of-cellphone-privacy?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Hans Reiser Sends a Letter From Prison

Slashdot - Your Rights Online - N, 2024-01-21 06:34
In 2003, Hans Reiser answered questions from Slashdot's readers... Today Wikipedia describes Hans Reiser as "a computer programmer, entrepreneur, and convicted murderer... Prior to his incarceration, Reiser created the ReiserFS computer file system, which may be used by the Linux kernel but which is now scheduled for removal in 2025, as well as its attempted successor, Reiser4." This week alanw (Slashdot reader #1,822), spotted a development on the Linux kernel mailing list. "Hans Reiser (imprisoned for the murder of his wife) has written a letter, asking it to be published to Slashdot." Reiser writes: I was asked by a kind Fredrick Brennan for my comments that I might offer on the discussion of removing ReiserFS V3 from the kernel. I don't post directly because I am in prison for killing my wife Nina in 2006. I am very sorry for my crime mdash; a proper apology would be off topic for this forum, but available to any who ask. A detailed apology for how I interacted with the Linux kernel community, and some history of V3 and V4, are included, along with descriptions of what the technical issues were. I have been attending prison workshops, and working hard on improving my social skills to aid my becoming less of a danger to society. The man I am now would do things very differently from how I did things then. Click here for the rest of Reiser's introduction, along with a link to the full text of the letter... The letter is dated November 26, 2023, and ends with an address where Reiser can be mailed. Ars Technica has a good summary of Reiser's lengthy letter from prison mdash; along with an explanation for how it came to be. With the ReiserFS recently considered obsolete and slated for removal from the Linux kernel entirely, Fredrick R. Brennan, font designer and (now regretful) founder of 8chan, wrote to the filesystem's creator, Hans Reiser, asking if he wanted to reply to the discussion on the Linux Kernel Mailing List (LKML). Reiser, 59, serving a potential life sentence in a California prison for the 2006 murder of his estranged wife, Nina Reiser, wrote back with more than 6,500 words, which Brennan then forwarded to the LKML. It's not often you see somebody apologize for killing their wife, explain their coding decisions around balanced trees versus extensible hashing, and suggest that elementary schools offer the same kinds of emotional intelligence curriculum that they've worked through in prison, in a software mailing list. It's quite a document... It covers, broadly, why Reiser believes his system failed to gain mindshare among Linux users, beyond the most obvious reason. This leads Reiser to detail the technical possibilities, his interpersonal and leadership failings and development, some lingering regrets about dealings with SUSE and Oracle and the Linux community at large, and other topics, including modern Russian geopolitics... Reiser asks that a number of people who worked on ReiserFS be included in "one last release" of the README, and to "delete anything in there I might have said about why they were not credited." He says prison has changed him in conflict resolution and with his "tendency to see people in extremes...." Reiser writes that he understood the difficulty ahead in getting the Linux world to "shift paradigms" but lacked the understanding of how to "make friends and allies of people" who might initially have felt excluded. This is followed by a heady discussion of "balanced trees instead of extensible hashing," Oracle's history with implementing balanced trees, getting synchronicity just right, I/O schedulers, block size, seeks and rotational delays on magnetic hard drives, and tails. It leads up to a crucial decision in ReiserFS' development, the hard non-compatible shift from V3 to Reiser 4. Format changes, Reiser writes, are "unwanted by many for good reasons." But "I just had to fix all these flaws, fix them and make a filesystem that was done right. It's hard to explain why I had to do it, but I just couldn't rest as long as the design was wrong and I knew it was wrong," he writes. SUSE didn't want a format change, but Reiser, with hindsight, sees his pushback as "utterly inarticulate and unsociable." The push for Reiser 4 in the Linux kernel was similar, "only worse...." He encourages people to "allow those who worked so hard to build a beautiful filesystem for the users to escape the effects of my reputation." Under a "Conclusion" sub-heading, Reiser is fairly succinct in summarizing a rather wide-ranging letter, minus the minutiae about filesystem architecture. I wish I had learned the things I have been learning in prison about talking through problems, and believing I can talk through problems and doing it, before I had married or joined the LKML. I hope that day when they teach these things in Elementary School comes. I thank Richard Stallman for his inspiration, software, and great sacrifices, It has been an honor to be of even passing value to the users of Linux. I wish all of you well. It both is and is not a response to Brennan's initial prompt, asking how he felt about ReiserFS being slated for exclusion from the Linux kernel. There is, at the moment, no reply to the thread started by Brennan.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Hans+Reiser+Sends+a+Letter+From+Prison%3A+https%3A%2F%2Fnews.slashdot.org%2Fstory%2F24%2F01%2F21%2F008219%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fnews.slashdot.org%2Fstory%2F24%2F01%2F21%2F008219%2Fhans-reiser-sends-a-letter-from-prison%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://news.slashdot.org/story/24/01/21/008219/hans-reiser-sends-a-letter-from-prison?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

US Government Opens 22 Million Acres of Federal Lands To Solar

Slashdot - Your Rights Online - So, 2024-01-20 05:30
An anonymous reader quotes a report from Electrek: The Biden administration has updated the roadmap for solar development to 22 million acres of federal lands in the US West. The Bureau of Land Management (BLM) and the Department of Energy's National Renewable Energy Laboratory have determined that 700,000 acres of federal lands will be needed for solar farms over the next 20 years, so BLM recommended 22 million acres to give "maximum flexibility" to help the US reach its net zero by 2035 power sector goal. The plan is an update of the Bureau of Land Management's 2012 Western Solar Plan, which originally identified areas for solar development in six states -- Arizona, California, Colorado, Nevada, New Mexico, and Utah. The updated roadmap refines the analysis in the original six states and expands to five more states -- Idaho, Montana, Oregon, Washington, and Wyoming. It also focuses on lands within 10 miles of existing or planned transmission lines and moves away from lands with sensitive resources. [...] BLM under the Biden administration has approved 47 clean energy projects and permitted 11,236 megawatts (MW) of wind, solar, and geothermal energy on public lands, enough to power more than 3.5 million homes. Ben Norris, vice president of regulatory affairs at the Solar Energy Industries Association (SEIA), said in response to BLM's announced Western Solar Plan updates: "The proposal ... identifies 200,000 acres of land near transmission infrastructure, helping to correct an important oversight and streamline solar development. Under the current policy, there are at least 80 million acres of federal lands open to oil and gas development, which is 100 times the amount of public land available for solar. BLM's proposal is a big step in the right direction and recognizes the key role solar plays in our energy economy."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=US+Government+Opens+22+Million+Acres+of+Federal+Lands+To+Solar%3A+https%3A%2F%2Fhardware.slashdot.org%2Fstory%2F24%2F01%2F19%2F2126219%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fhardware.slashdot.org%2Fstory%2F24%2F01%2F19%2F2126219%2Fus-government-opens-22-million-acres-of-federal-lands-to-solar%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://hardware.slashdot.org/story/24/01/19/2126219/us-government-opens-22-million-acres-of-federal-lands-to-solar?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Microsoft Executive Emails Hacked By Russian Intelligence Group, Company Says

Slashdot - Your Rights Online - So, 2024-01-20 04:02
In a regulatory filing today, Microsoft said that a Russian intelligence group hacked into some of the company's top executives' email accounts. CNBC reports: Nobelium, the same group that breached government supplier SolarWinds in 2020, carried out the attack, which Microsoft detected last week, according to the company. The announcement comes after new U.S. requirements for disclosing cybersecurity incidents went into effect. A Microsoft spokesperson said that while the company does not believe the attack had a material impact, it still wanted to honor the spirit of the rules. In late November, the group accessed "a legacy non-production test tenant account," Microsoft's Security Response Center wrote in the blog post. After gaining access, the group "then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents," the corporate unit wrote. The company's senior leadership team, including finance chief Amy Hood and president Brad Smith, regularly meets with CEO Satya Nadella. Microsoft said it has not found signs that Nobelium had accessed customer data, production systems or proprietary source code. The U.S. government and Microsoft consider Nobelium to be part of the Russian foreign intelligence service SVR. The hacking group was responsible for one of the most prolific breaches in U.S. history when it added malicious code to updates to SolarWinds' Orion software, which some U.S. government agencies were using. Microsoft itself was ensnared in the hack. Nobelium, also known as APT29 or Cozy Bear, is a sophisticated hacking group that has attempted to breach the systems of U.S. allies and the Department of Defense. Microsoft also uses the name Midnight Blizzard to identify Nobelium. It was also implicated alongside another Russian hacking group in the 2016 breach of the Democratic National Committee's systems.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Microsoft+Executive+Emails+Hacked+By+Russian+Intelligence+Group%2C+Company+Says%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F01%2F19%2F2236244%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F01%2F19%2F2236244%2Fmicrosoft-executive-emails-hacked-by-russian-intelligence-group-company-says%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://it.slashdot.org/story/24/01/19/2236244/microsoft-executive-emails-hacked-by-russian-intelligence-group-company-says?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Crime Rings Are Trafficking in an Unlikely Treasure: Sand

Slashdot - Your Rights Online - Pt, 2024-01-19 21:20
Organized crime is mining sand from rivers and coasts to feed demand worldwide, ruining ecosystems and communities. Can it be stopped? Scientific American reports: Very few people are looking closely at the illegal sand system or calling for changes, however, because sand is a mundane resource. Yet sand mining is the world's largest extraction industry because sand is a main ingredient in concrete, and the global construction industry has been soaring for decades. Every year the world uses up to 50 billion metric tons of sand, according to a United Nations Environment Program report. The only natural resource more widely consumed is water. A 2022 study by researchers at the University of Amsterdam concluded that we are dredging river sand at rates that far outstrip nature's ability to replace it, so much so that the world could run out of construction-grade sand by 2050. The U.N. report confirms that sand mining at current rates is unsustainable. The greatest demand comes from China, which used more cement in three years (6.6 gigatons from 2011 through 2013) than the U.S. used in the entire 20th century (4.5 gigatons), notes Vince Beiser, author of The World in a Grain. Most sand gets used in the country where it is mined, but with some national supplies dwindling, imports reached $1.9 billion in 2018, according to Harvard's Atlas of Economic Complexity. Companies large and small dredge up sand from waterways and the ocean floor and transport it to wholesalers, construction firms and retailers. Even the legal sand trade is hard to track. Two experts estimate the global market at about $100 billion a year, yet the U.S. Geological Survey Mineral Commodity Summaries indicates the value could be as high as $785 billion. Sand in riverbeds, lake beds and shorelines is the best for construction, but scarcity opens the market to less suitable sand from beaches and dunes, much of it scraped illegally and cheaply. With a shortage looming and prices rising, sand from Moroccan beaches and dunes is sold inside the country and is also shipped abroad, using organized crime's extensive transport networks, Abderrahmane has found. More than half of Morocco's sand is illegally mined, he says.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Crime+Rings+Are+Trafficking+in+an+Unlikely+Treasure%3A+Sand%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F19%2F1055220%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F19%2F1055220%2Fcrime-rings-are-trafficking-in-an-unlikely-treasure-sand%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/01/19/1055220/crime-rings-are-trafficking-in-an-unlikely-treasure-sand?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

'Stablecoins' Enabled $40 Billion In Crypto Crime Since 2022

Slashdot - Your Rights Online - Pt, 2024-01-19 00:00
An anonymous reader quotes a report from Wired: Stablecoins, cryptocurrencies pegged to a stable value like the US dollar, were created with the promise of bringing the frictionless, border-crossing fluidity of Bitcoin to a form of digital money with far less volatility. That combination has proved to be wildly popular, rocketing the total value of stablecoin transactions since 2022 past even that of Bitcoin itself. It turns out, however, that as stablecoins have become popular among legitimate users over the past two years, they were even more popular among a different kind of user: those exploiting them for billions of dollars of international sanctions evasion and scams. As part of itsannual crime report, cryptocurrency-tracing firm Chainalysis today released new numbers on the disproportionate use of stablecoins for both of those massive categories of illicit crypto transactions over the last year. By analyzing blockchains, Chainalysis determined that stablecoins were used in fully 70 percent of crypto scam transactions in 2023, 83 percent of crypto payments to sanctioned countries like Iran and Russia, and 84 percent of crypto payments to specifically sanctioned individuals and companies. Those numbers far outstrip stablecoins' growing overall use -- including for legitimate purposes -- which accounted for 59 percent of all cryptocurrency transaction volume in 2023. In total, Chainalysis measured $40 billion in illicit stablecoin transactions in 2022 and 2023 combined. The largest single category of that stablecoin-enabled crime was sanctions evasion. In fact, across all cryptocurrencies, sanctions evasion accounted for more than half of the $24.2 billion in criminal transactions Chainalysis observed in 2023, with stablecoins representing the vast majority of those transactions. [...] Chainalysis concedes that the analysis in its report excludes some cryptocurrencies like Monero and Zcash that are designed to be harder or impossible to trace with blockchain analysis. It also says it based its numbers on the type of cryptocurrency sent directly to an illicit actor, which may leave out other currencies used in money laundering processes that repeatedly swap one type of cryptocurrency for another to make tracing more difficult. "Whether it's an individual located in Iran or a bad guy trying to launder money -- either way, there's a benefit to the stability of the US dollar that people are looking to obtain," says Andrew Fierman, Chainalysis' head of sanctions strategy. "If you're in a jurisdiction where you don't have access to the US dollar due to sanctions, stablecoins become an interesting play." Fierman points to Nobitex, the largest cryptocurrency exchange operating in the sanctioned country of Iran, as well as Garantex, a notorious exchange based in Russia that has been specifically sanctioned for its widespread criminal use. According to Chainalysis, "Stablecoin usage on Nobitex outstrips bitcoin by a 9:1 ratio, and on Garantex by a 5:1 ratio," reports Wired. "That's a stark difference from the roughly 1:1 ratio between stablecoins and bitcoins on a few nonsanctioned mainstream exchanges that Chainalysis checked for comparison."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status='Stablecoins'+Enabled+%2440+Billion+In+Crypto+Crime+Since+2022%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F18%2F2112213%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F18%2F2112213%2Fstablecoins-enabled-40-billion-in-crypto-crime-since-2022%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/01/18/2112213/stablecoins-enabled-40-billion-in-crypto-crime-since-2022?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

US Must Beat China Back To the Moon, Congress Tells NASA

Slashdot - Your Rights Online - Cz, 2024-01-18 09:00
With NASA's Artemis moon program now targeting September 2025 for its Artemis 2 mission and September 2026 for Artemis 3, some members of Congress are concerned about the potential repercussions, particularly with China's growing ambitions in lunar exploration. "For the United States and its partners not to be on the moon when others are on the moon is unacceptable," said Mike Griffin, former NASA administrator. "We need a program that is consistent with that theme. Artemis is not that program. We need to restart it, not keep it on track." Space.com reports: The U.S. House of Representatives' Committee on Science, Space and Technology held a hearing about the new Artemis plan today (Jan. 17), and multiple members voiced concern about the slippage. "I remind my colleagues that we are not the only country interested in sending humans to the moon," Committee Chairman Frank Lucas (R-OK) said in his opening remarks. "The Chinese Communist Party is actively soliciting international partners for a lunar mission -- a lunar research station -- and has stated its ambition to have human astronauts on the surface by 2030," he added. "The country that lands first will have the ability to set a precedent for whether future lunar activities are conducted with openness and transparency, or in a more restricted manner." The committee's ranking member, California Democrat Zoe Lofgren (D-CA), voiced similar sentiments. "Let me be clear: I support Artemis," she said in her opening remarks. "But I want it to be successful, especially with China at our heels. And we want to be helpful here in the committee in ensuring that Artemis is strong and staying on track as we look to lead the world, hand-in-hand with our partners, in the human exploration of the moon and beyond." Several other committee members stressed that the new moon race is part of a broader competition with China, and that coming in second could imperil U.S. national security. "It's no secret that China has a goal to surpass the United States by 2045 as global leaders in space. We can't allow this to happen," Rich McCormick (R-GA) said during the hearing. "I think the leading edge that we have in space technology will protect the United States -- not just the economy, but technologies that can benefit humankind." And Bill Posey (R-FL) referred to space as the "ultimate military high ground," saying that whoever leads in the final frontier "will control the destiny of this Earth."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=US+Must+Beat+China+Back+To+the+Moon%2C+Congress+Tells+NASA%3A+https%3A%2F%2Fscience.slashdot.org%2Fstory%2F24%2F01%2F18%2F022208%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fscience.slashdot.org%2Fstory%2F24%2F01%2F18%2F022208%2Fus-must-beat-china-back-to-the-moon-congress-tells-nasa%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://science.slashdot.org/story/24/01/18/022208/us-must-beat-china-back-to-the-moon-congress-tells-nasa?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Have I Been Pwned Adds 71 Million Emails From Naz.API Stolen Account List

Slashdot - Your Rights Online - Cz, 2024-01-18 05:30
An anonymous reader quotes a report from BleepingComputer: Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. The Naz.API dataset is a massive collection of 1 billion credentials compiled using credential stuffing lists and data stolen by information-stealing malware. Credential stuffing lists are collections of login name and password pairs stolen from previous data breaches that are used to breach accounts on other sites. Information-stealing malware attempts to steal a wide variety of data from an infected computer, including credentials saved in browsers, VPN clients, and FTP clients. This type of malware also attempts to steal SSH keys, credit cards, cookies, browsing history, and cryptocurrency wallets. The stolen data is collected in text files and images, which are stored in archives called "logs." These logs are then uploaded to a remote server to be collected later by the attacker. Regardless of how the credentials are stolen, they are then used to breach accounts owned by the victim, sold to other threat actors on cybercrime marketplaces, or released for free on hacker forums to gain reputation amongst the hacking community. The Naz.API is a dataset allegedly containing over 1 billion lines of stolen credentials compiled from credential stuffing lists and from information-stealing malware logs. It should be noted that while the Naz.API dataset name includes the word "Naz," it is not related to network attached storage (NAS) devices. This dataset has been floating around the data breach community for quite a while but rose to notoriety after it was used to fuel an open-source intelligence (OSINT) platform called illicit.services. This service allows visitors to search a database of stolen information, including names, phone numbers, email addresses, and other personal data. The service shut down in July 2023 out of concerns it was being used for Doxxing and SIM-swapping attacks. However, the operator enabled the service again in September. Illicit.services use data from various sources, but one of its largest sources of data came from the Naz.API dataset, which was shared privately among a small number of people. Each line in the Naz.API data consists of a login URL, its login name, and an associated password stolen from a person's device, as shown [here]. "Here's the back story: this week I was contacted by a well-known tech company that had received a bug bounty submission based on a credential stuffing list posted to a popular hacking forum," explained Troy Hunt, the creator of Have I Been Pwned, in blog post. "Whilst this post dates back almost 4 months, it hadn't come across my radar until now and inevitably, also hadn't been sent to the aforementioned tech company." "They took it seriously enough to take appropriate action against their (very sizeable) user base which gave me enough cause to investigate it further than your average cred stuffing list." To check if your credentials are in the Naz.API dataset, you can visit Have I Been Pwned.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Have+I+Been+Pwned+Adds+71+Million+Emails+From+Naz.API+Stolen+Account+List%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F18%2F011210%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F18%2F011210%2Fhave-i-been-pwned-adds-71-million-emails-from-nazapi-stolen-account-list%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/01/18/011210/have-i-been-pwned-adds-71-million-emails-from-nazapi-stolen-account-list?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Mobile Device Ambient Light Sensors Can Be Used To Spy On Users

Slashdot - Your Rights Online - Cz, 2024-01-18 03:25
"The ambient light sensors present in most mobile devices can be accessed by software without any special permissions, unlike permissions required for accessing the microphone or the cameras," writes longtime Slashdot reader BishopBerkeley. "When properly interrogated, the data from the light sensor can reveal much about the user." IEEE Spectrum reports: While that may not seem to provide much detailed information, researchers have already shown these sensors can detect light intensity changes that can be used to infer what kind of TV programs someone is watching, what websites they are browsing or even keypad entries on a touchscreen. Now, [Yang Liu, a PhD student at MIT] and colleagues have shown in a paper in Science Advances that by cross-referencing data from the ambient light sensor on a tablet with specially tailored videos displayed on the tablet's screen, it's possible to generate images of a user's hands as they interact with the tablet. While the images are low-resolution and currently take impractically long to capture, he says this kind of approach could allow a determined attacker to infer how someone is using the touchscreen on their device. [...] "The acquisition time in minutes is too cumbersome to launch simple and general privacy attacks on a mass scale," says Lukasz Olejnik, an independent security researcher and consultant who has previously highlighted the security risks posed by ambient light sensors. "However, I would not rule out the significance of targeted collections for tailored operations against chosen targets." But he also points out that, following his earlier research, the World Wide Web Consortium issued a new standard that limited access to the light sensor API, which has already been adopted by browser vendors. Liu notes, however, that there are still no blanket restrictions for Android apps. In addition, the researchers discovered that some devices directly log data from the light sensor in a system file that is easily accessible, bypassing the need to go through an API. The team also found that lowering the resolution of the images could bring the acquisition times within practical limits while still maintaining enough detail for basic recognition tasks. Nonetheless, Liu agrees that the approach is too complicated for widespread attacks. And one saving grace is that it is unlikely to ever work on a smartphone as the displays are simply too small. But Liu says their results demonstrate how seemingly harmless combinations of components in mobile devices can lead to surprising security risks.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Mobile+Device+Ambient+Light+Sensors+Can+Be+Used+To+Spy+On+Users%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F18%2F0037240%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F18%2F0037240%2Fmobile-device-ambient-light-sensors-can-be-used-to-spy-on-users%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/01/18/0037240/mobile-device-ambient-light-sensors-can-be-used-to-spy-on-users?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

OpenAI Must Defend ChatGPT Fabrications After Failing To Defeat Libel Suit

Slashdot - Your Rights Online - Cz, 2024-01-18 00:00
An anonymous reader quotes a report from Ars Technica: OpenAI may finally have to answer for ChatGPT's "hallucinations" in court after a Georgia judge recently ruled against the tech company's motion to dismiss a radio host's defamation suit (PDF). OpenAI had argued that ChatGPT's output cannot be considered libel, partly because the chatbot output cannot be considered a "publication," which is a key element of a defamation claim. In its motion to dismiss, OpenAI also argued that Georgia radio host Mark Walters could not prove that the company acted with actual malice or that anyone believed the allegedly libelous statements were true or that he was harmed by the alleged publication. It's too early to say whether Judge Tracie Cason found OpenAI's arguments persuasive. In her order denying OpenAI's motion to dismiss, which MediaPost shared here, Cason did not specify how she arrived at her decision, saying only that she had "carefully" considered arguments and applicable laws. There may be some clues as to how Cason reached her decision in a court filing (PDF) from John Monroe, attorney for Walters, when opposing the motion to dismiss last year. Monroe had argued that OpenAI improperly moved to dismiss the lawsuit by arguing facts that have yet to be proven in court. If OpenAI intended the court to rule on those arguments, Monroe suggested that a motion for summary judgment would have been the proper step at this stage in the proceedings, not a motion to dismiss. Had OpenAI gone that route, though, Walters would have had an opportunity to present additional evidence. To survive a motion to dismiss, all Walters had to do was show that his complaint was reasonably supported by facts, Monroe argued. Failing to convince the court that Walters had no case, OpenAI's legal theories regarding its liability for ChatGPT's "hallucinations" will now likely face their first test in court. "We are pleased the court denied the motion to dismiss so that the parties will have an opportunity to explore, and obtain a decision on, the merits of the case," Monroe told Ars. "Walters sued OpenAI after a journalist, Fred Riehl, warned him that in response to a query, ChatGPT had fabricated an entire lawsuit," notes Ars. "Generating an entire complaint with an erroneous case number, ChatGPT falsely claimed that Walters had been accused of defrauding and embezzling funds from the Second Amendment Foundation." "With the lawsuit moving forward, curious chatbot users everywhere may finally get the answer to a question that has been unclear since ChatGPT quickly became the fastest-growing consumer application of all time after its launch in November 2022: Will ChatGPT's hallucinations be allowed to ruin lives?"pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=OpenAI+Must+Defend+ChatGPT+Fabrications+After+Failing+To+Defeat+Libel+Suit%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F17%2F2136221%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F17%2F2136221%2Fopenai-must-defend-chatgpt-fabrications-after-failing-to-defeat-libel-suit%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/01/17/2136221/openai-must-defend-chatgpt-fabrications-after-failing-to-defeat-libel-suit?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Chrome Updates Incognito Warning To Admit Google Tracks Users In 'Private' Mode

Slashdot - Your Rights Online - Śr, 2024-01-17 00:02
An anonymous reader quotes a report from Ars Technica: Google is updating the warning on Chrome's Incognito mode to make it clear that Google and websites run by other companies can still collect your data in the web browser's semi-private mode. The change is being made as Google prepares to settle a class-action lawsuit that accuses the firm of privacy violations related to Chrome's Incognito mode. The expanded warning was recently added to Chrome Canary, a nightly build for developers. The warning appears to directly address one of the lawsuit's complaints, that the Incognito mode's warning doesn't make it clear that Google collects data from users of the private mode. Many tech-savvy people already know that while private modes in web browsers prevent some data from being stored on your device, they don't prevent tracking by websites or Internet service providers. But many other people may not understand exactly what Incognito mode does, so the more specific warning could help educate users. The new warning seen in Chrome Canary when you open an incognito window says: "You've gone Incognito. Others who use this device won't see your activity, so you can browse more privately. This won't change how data is collected by websites you visit and the services they use, including Google." The wording could be interpreted to refer to Google websites and third-party websites, including third-party websites that rely on Google ad services. The new warning was not yet in the developer, beta, and stable branches of Chrome as of today. It also wasn't in Chromium. The change to Canary was previously reported by MSPowerUser. Incognito mode in the stable version of Chrome still says: "You've gone Incognito. Now you can browse privately, and other people who use this device won't see your activity." Among other changes, the Canary warning replaces "browse privately" with "browse more privately." The stable and Canary warnings both say that your browsing activity might still be visible to "websites you visit," "your employer or school," or "your Internet service provider." But only the Canary warning currently includes the caveat that Incognito mode "won't change how data is collected by websites you visit and the services they use, including Google." The old and new warnings both say that Incognito mode prevents Chrome from saving your browsing history, cookies and site data, and information entered in forms, but that "downloads, bookmarks and reading list items will be saved." Both warnings link to this page, which provides more detail on Incognito mode.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Chrome+Updates+Incognito+Warning+To+Admit+Google+Tracks+Users+In+'Private'+Mode%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F16%2F2110250%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F16%2F2110250%2Fchrome-updates-incognito-warning-to-admit-google-tracks-users-in-private-mode%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/01/16/2110250/chrome-updates-incognito-warning-to-admit-google-tracks-users-in-private-mode?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Supreme Court Rejects Apple-Epic Games Legal Battle

Slashdot - Your Rights Online - Wt, 2024-01-16 17:47
The U.S. Supreme Court on Tuesday declined to hear a challenge by Apple to a lower court's decision requiring changes to certain rules in its lucrative App Store, as the justices shunned the lengthy legal battle between the iPhone maker and Epic Games, maker of the popular video game "Fortnite." Reuters: The justices also turned away Epic's appeal of the lower court's ruling that Apple's App Store policies limiting how software is distributed and paid for do not violate federal antitrust laws. The justices gave no reasons for their decision to deny the appeals. In a series of posts on X, Epic CEO Tim Sweeney wrote: The Supreme Court denied both sides' appeals of the Epic v. Apple antitrust case. The court battle to open iOS to competing stores and payments is lost in the United States. A sad outcome for all developers. Now the District Court's injunction against Apple's anti-steering rule is in effect, and developers can include in their apps "buttons, external links, or other calls to action that direct customers to purchasing mechanisms, in addition to IAP." As of today, developers can begin exercising their court-established right to tell US customers about better prices on the web. These awful Apple-mandated confusion screens are over and done forever. The fight goes on. Regulators are taking action and policymakers around the world are passing new laws to end Apple's illegal and anticompetitive app store practices. The European Union's Digital Markets Act goes into effect March 7.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Supreme+Court+Rejects+Apple-Epic+Games+Legal+Battle%3A+https%3A%2F%2Fapple.slashdot.org%2Fstory%2F24%2F01%2F16%2F1548200%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fapple.slashdot.org%2Fstory%2F24%2F01%2F16%2F1548200%2Fsupreme-court-rejects-apple-epic-games-legal-battle%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://apple.slashdot.org/story/24/01/16/1548200/supreme-court-rejects-apple-epic-games-legal-battle?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Reddit Must Share IP Addresses of Piracy-Discussing Users, Film Studios Say

Slashdot - Your Rights Online - Pn, 2024-01-15 16:51
For the third time in under a year, film studios are pressing Reddit to reveal users allegedly discussing piracy, despite two prior failed attempts. Studios including Voltage Holdings and Screen Media have filed fresh motions to compel Reddit to comply with a subpoena seeking IP addresses and logs of six Redditors, claiming the information is needed for copyright suits against internet provider Frontier Communications. The same federal judge previously denied the studios' bid to unmask Reddit users, citing First Amendment protections. However, the studios now argue IP addresses fall outside privacy rights. Reddit maintains the new subpoena fails to meet the bar for identifying anonymous online speakers.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Reddit+Must+Share+IP+Addresses+of+Piracy-Discussing+Users%2C+Film+Studios+Say%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F15%2F1452217%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F15%2F1452217%2Freddit-must-share-ip-addresses-of-piracy-discussing-users-film-studios-say%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/01/15/1452217/reddit-must-share-ip-addresses-of-piracy-discussing-users-film-studios-say?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Python Software Foundation Says EU's 'Cyber Resilience Act' Includes Wins for Open Source

Slashdot - Your Rights Online - N, 2024-01-14 22:34
Last April the Python Software Foundation warned that Europe's proposed Cyber Resilience Act jeopardized their organization and "the health of the open-source software community" with overly broad policies that "will unintentionally harm the users they are intended to protect." They'd worried that the Python Software Foundation could incur financial liabilities just for hosting Python and its PyPI package repository due to the proposed law's attempts to penalize cybersecurity lapses all the way upstream. But a new blog post this week cites some improvements: We asked for increased clarity, specifically: "Language that specifically exempts public software repositories that are offered as a public good for the purpose of facilitating collaboration would make things much clearer. We'd also like to see our community, especially the hobbyists, individuals and other under-resourced entities who host packages on free public repositories like PyPI be exempt." The good news is that CRA text changed a lot between the time the open source community mdash; including the PSF mdash; started expressing our concerns and the Act's final text which was cemented on December 1st. That text introduces the idea of an "open source steward." "'open-source software steward' means any legal person, other than a manufacturer, which has the purpose or objective to systematically provide support on a sustained basis for the development of specific products with digital elements qualifying as free and open-source software that are intended for commercial activities, and ensures the viability of those products;" (p. 76) [...] So are we totally done paying attention to European legislation? Ah, while it would be nice for the Python community to be able to cross a few things off our to-do list, that's not quite how it works. Firstly, the concept of an "open source steward" is a brand new idea in European law. So, we will be monitoring the conversation as this new concept is implemented or interacts with other bits of European law to make sure that the understanding continues to reflect the intent and the realities of open source development. Secondly, there are some other pieces of legislation in the works that may also impact the Python ecosystem so we will be watching the Product Liability Directive and keeping up with the discussion around standard-essential patents to make sure that the effects on Python and open source development are intentional (and hopefully benevolent, or at least benign.) pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Python+Software+Foundation+Says+EU's+'Cyber+Resilience+Act'+Includes+Wins+for+Open+Source+%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F14%2F2018257%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F01%2F14%2F2018257%2Fpython-software-foundation-says-eus-cyber-resilience-act-includes-wins-for-open-source%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/01/14/2018257/python-software-foundation-says-eus-cyber-resilience-act-includes-wins-for-open-source?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p