aggregator

The latest in the Huawei saga, which is increasing tension between the U.S. and China. WSJ reports about a remarkable event: Confronted with U.S. accusations of cyber espionage, Chinese companies and government officials often accuse Washington of hypocrisy, pointing to allegations in 2013 by former NSA contractor Edward Snowden that the U.S. had been hacking into key Chinese networks for years. Western officials say systems of checks and balances in their countries allow for companies to challenge those demands, unlike in China. To further highlight that difference, U.S. officials have repeatedly pressed Chinese companies to demonstrate to them one example of a time they resisted a request for data from the Chinese government, but they have never done so, according to a person familiar with those conversations. U.S. intelligence officials have suggested at times that their views on Huawei are informed by definitive examples of malfeasance, though they have so far refused to share such evidence publicly. When the House Intelligence Committee in 2012 published an unclassified report naming Huawei as a security risk, it spoke generally about a lack of trust lawmakers placed in China but steered clear of providing concrete examples of the company being caught engaging in nefarious activity.

Read more of this story at Slashdot.

From a report, based on a book by Cliff Sims, who worked as a communications official for Trump on his presidential campaign and in the West Wing: As the clock ticked down, Trump "suddenly turned toward the NASA administrator." He asked: "What's our plan for Mars?" Lightfoot explained to the president -- who, again, had recently signed a bill containing a plan for Mars -- that NASA planned to send a rover to Mars in 2020 and, by the 2030s, would attempt a manned spaceflight. "Trump bristled," according to Sims. He asked, "But is there any way we could do it by the end of my first term?" Sims described the uncomfortable exchange that followed the question, with Lightfoot shifting and placing his hand on his chin, hesitating politely and attempting to let Trump down easily, emphasizing the logistical challenges involving "distance, fuel capacity, etc. Also the fact that we hadn't landed an American anywhere remotely close to Mars ever." Sims himself was "getting antsy" by this point. With a number of points left to go over with the president, "all I could think about was that we had to be on camera in three minutes .. And yet we're in here casually chatting about shaving a full decade off NASA's timetable for sending a manned flight to Mars. And seemingly out of nowhere."

Read more of this story at Slashdot.

SonicSpike shares a report from The Guardian: Julian Assange, the fugitive WikiLeaks founder whose diplomatic sanctuary in the Ecuadorian embassy appears increasingly precarious, is launching a legal challenge against the Trump administration. Lawyers for the Australian activist have filed an urgent application to the Washington-based Inter-American Commission of Human Rights (IACHR) aimed at forcing the hand of U.S. prosecutors, requiring them to "unseal" any secret charges against him. The legal move is an attempt to prevent Assange's extradition to the U.S. at a time that a new Ecuadorian government has been making his stay in the central London apartment increasingly inhospitable. The 1,172-page submission by Assange's lawyers calls on the U.S. to unseal any secret charges against him and urges Ecuador to cease its "espionage activities" against him. Baltasar Garzon, the prominent Spanish judge who has pursued dictators, terrorists and drug barons, is the international coordinator of Assange's legal team. He has said the case involves "the right to access and impart information freely" that has been put in "jeopardy." The Trump administration is refusing to reveal details of charges against Assange despite the fact that sources in the U.S. Department of Justice have confirmed to the media that they exist under seal. The application alleges that U.S. prosecutors have begun approaching people in the U.S., Germany and Iceland and pressed them to testify against Assange in return for immunity from prosecution. Those approached, it is said, include people associated with WikiLeaks' joint publications with other media about U.S. diplomacy, Guantanamo Bay and the wars in Iraq and Afghanistan.

Read more of this story at Slashdot.

Applehu Akbar shares an old report raising a very good question for today's Congress: why not use today's videoconferencing tech to allow representatives to perform most Congressional activity from their home districts?" The ability to "work from home" would be especially beneficial during a government shutdown, like the one we're currently in, where money is tight and Congressional members are "sick and tired of Washington and don't want to show up anymore to vote." Slashdot reader Applehu Akbar writes: Because Congress people serve short terms and campaign largely on constituent service, they have to spend a large percentage of their time shuttling between home and Washington. Virtualizing most of their Washington presence would save fuel and energy while giving them more time with their constituents. In addition, there could be a long-term societal benefit in making Congress less vulnerable to lobbyist influence by keeping them out of the Beltway. Pearce told The Hill in a statement back in 2013: "Thanks to modern technology, members of Congress can debate, vote, and carry out their constitutional duties without having to leave the accountability and personal contact of their congressional districts. Keeping legislators closer to the people we represent would pull back Washington's curtain and allow constituents to see and feel, first-hand, their government at work. Corporations and government agencies use remote work technology; it's time that Congress does the same."

Read more of this story at Slashdot.

Trailrunner7 shares a report from Duo Security: From the beginning, Twitter's creators made the decision not to require real names on the service. It's a policy that's descended from older chat services, message boards and Usenet newsgroups and was designed to allow users to express themselves freely. Free expression is certainly one of the things that happens on Twitter, but that policy has had a number of unintended consequences, too. The service is flooded with bots, automated accounts that are deployed by a number of different types of users, some legitimate, others not so much. Many companies and organizations use automation in their Twitter accounts, especially for customer service. But a wide variety of malicious actors use bots, too, for a lot of different purposes. Governments have used bots to spread disinformation for influence campaigns, cybercrime groups employ bots as part of the command-and-control infrastructure for botnets, and bots are an integral part of the cryptocurrency scam ecosystem. This has been a problem for years on Twitter, but only became a national and international issue after the 2016 presidential election. Twitter CEO Jack Dorsey said this week that he sees potential in biometric authentication as a way to help combat manipulation and increase trust on the platform. "If we can utilize technologies like Face ID or Touch ID or some of the biometric things that we find on our devices today to verify that this is a real person, then we can start labeling that and give people more context for what they're interacting with and ideally that adds some more credibility to the equation. It is something we need to fix. We haven't had strong technology solutions in the past, but that's definitely changing with these supercomputers we have in our pockets now," Dorsey said. Jordan Wright, an R&D engineer at Duo Labs writes: "I think it's a step in the right direction in terms of making general authentication usable, depending on how it's implemented. But I'm not sure how much it will help the bot/automation issue. There will almost certainly need to be a fallback authentication method for users without an iOS device. Bot owners who want to do standard authentication will use whichever method is easiest for them, so if a password-based flow is still offered, they'd likely default to that." "The fallback is the tricky bit. If one exists, then Touch ID/Face ID might be helpful in identifying that there is a human behind an account, but not necessarily the reverse -- that a given account is not human because it doesn't use Touch ID," Wright adds.

Read more of this story at Slashdot.

An anonymous reader quotes a report from France 24: The Microsoft-run search engine Bing was unavailable in mainland China late Wednesday, raising concerns among some social media users that it could be the latest foreign website to be blocked by censors. Attempting to open cn.bing.com results in an error message, though users can still access Bing's international site using a virtual private network (VPN), which allows people to circumvent China's "Great Firewall" of censorship. It is not clear whether or not Bing has joined China's long list of prohibited websites or if its China service is experiencing technical difficulties. On Weibo, China's Twitter-like social media site, people complained about the lack of access, with some speculating that Bing too had been "walled off." Others aired their dissatisfaction about having to use Baidu, China's largest domestic search service. "I can't open Bing, but I don't want to use Baidu -- what to do?" wrote one user. "Bing is actually dead -- is this to force me to use Baidu??" said another, cursing. Update January 24, 00:10 GMT: Microsoft says it is aware that some users are unable to access Bing in China and says it is investigating the matter.

Read more of this story at Slashdot.

Richard Stallman recently visited Mandya, a small town about 60 miles from Bengaluru, India, to give a talk. On the sidelines, Indian news outlet FactorDaily caught up with Stallman for an interview. In the wide-ranging interview, Stallman talked about companies that spy on users, popular Android apps, media streaming and transportation apps, smart devices, DRM, software backdoors, subscription software, and Apple and censorship. An excerpt from the interview: If you are carrying a mobile phone, it is always tracking your movements and it could have been modified to listen to the conversations around you. I call this product Stalin's dream. What would Stalin have wanted to hand out to every inhabitant of the former Soviet Union? Something to track that person's movements and listen to the person's conservations. Fortunately, Stalin could not do it because the technology didn't exist. Unfortunately for us, now it does exist and most people have been pressured or lured into carrying around such a Stalin's dream device, but not me. I am suspicious of new digital technology. I expect it to have new malicious functionalities. It has happened so many times that I have learned to expect this, so I have always checked before I start using some new digital technology. I asked to find out what is nasty about it and I found out these two things. It was something like 20 years ago, and I decided it was my duty as a citizen to refuse, regardless of whatever convenience it might offer me. To surrender my freedom in this way was failing to defend a free society. This is why I do not have a portable phone. I refuse to carry a portable phone. I never have one and unless things change, I never will. I do use portable phones, lots of different ones. If I needed to call someone right now, I would ask one of you, "Could you please make a call for me?" If I am on a bus and it is late and I need to tell somebody that I am going to arrive late, there is always some other passenger in the bus who will make a call for me or send a text for me. Practically speaking, it is not that hard.

Read more of this story at Slashdot.

China is gearing up to launch a social credit system in 2020, giving all citizens an identity number that will be linked to a permanent record. Like a financial score, everything from paying back loans to behaviour on public transport will be included. One aspect of this social credit system is a new app in the northern province of Hebei. From a report: According to the state-run newspaper China Daily, the Hebei-based app will alert people if there are in 500 metres of someone in debt. It's like being on Oxford Street and being able to work out everyone around you who was in debt. According to the financial charity, the Money Charity, the average UK household debt (including mortgages) was $76,000, in June last year. That's a lot of notifications.

Read more of this story at Slashdot.

The U.S. Supreme Court has declined to hear a case regarding whether Yelp is culpable for removing defamatory reviews from its site, resolving a case that could have affected web platforms' legal protections. Today's list of Supreme Court orders denies a complaint brought by Dawn Hassell, an attorney who requested that Yelp take down false, negative reviews about her practice. This means that a California Supreme Court decision will stand, and Yelp isn't liable for the reviews. The Verge reports: Hassell v. Bird was filed in 2016 as a complaint against one of Hassell's former clients, not Yelp. However, Yelp protested a court order to remove the reviews, arguing that it was protected by Section 230 of the Communications Decency Act. (Yelp has said it independently removes reviews it finds to be defamatory since they violate its terms of service.) Lower courts disagreed, but in mid-2018, the California Supreme Court ruled in Yelp's favor. Then, the firm of Charles Harder -- a member of President Donald Trump's legal team who's known for high-profile defamation lawsuits -- petitioned the Supreme Court to hear a complaint against Yelp. Yelp praised the California Supreme Court's decision last year, calling it a win for "those of us who value sharing one another's opinions and experiences" on the internet. It commended today's decision as well. "We are happy to see the Supreme Court has ended Hassell's efforts to sidestep the law to compel Yelp to remove online reviews. This takes away a tool that could have been easily abused by litigants to obtain easy removal of entirely truthful consumer opinions," a spokesperson told The Verge.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Motherboard: Apple security expert Jon Callas, who helped build protection for billions of computers and smartphones against criminal hackers and government surveillance, is now taking on government and corporate spying in the policy realm. Jon Callas is an elder statesman in the world of computer security and cryptography. He's been a vanguard in developing security for mobile communications and email as chief technology officer and co-founder of PGP Corporation -- which created Pretty Good Privacy, the first widely available commercial encryption software -- and serving the same roles at Silent Circle and Blackphone, touted as the world's most secure Android phone. As a security architect and analyst for Apple computers -- he served three stints with the tech giant in 1995-1997, 2009-2011, and 2016-2018 -- he has played an integral role in helping to develop and assess security for the Mac and iOS operating systems and various components before their release to the public. His last stretch there as manager of a Red Team (red teams hack systems to expose and fix their vulnerabilities) began just after the FBI tried to force the tech giant to undermine security it had spent years developing for its phones to break into an iPhone belonging to one of the San Bernardino shooters. But after realizing there's a limit to the privacy and surveillance issues technology companies can address, Callas decided to tackle the issues from the policy side, accepting a two-year position as senior technology fellow for the American Civil Liberties Union. Callas spoke to Motherboard about government backdoors, the need for tech expertise in policymaking, and what he considers the biggest challenge for the security industry.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: The U.S. Justice Department said on Tuesday it will pursue the extradition of the chief financial officer of China's Huawei, arrested in Canada in December. The United States has accused Huawei CFO Meng Wanzhou of misrepresenting the company's links to a firm that tried to sell equipment to Iran despite U.S. sanctions. The arrest soured relations between Canada and China, with China subsequently detaining two Canadian citizens and sentencing a third to death. The United States must file a formal request for extradition by Jan. 30. Once a formal request is received, a Canadian court has 30 days to determine whether there is enough evidence to support extradition and the Canadian minister of justice must issue a formal order. Canada has not asked the United States to abandon its bid to have Huawei executive Meng Wanzhou extradited, Canada's Foreign Minister Chrystia Freeland said in an interview with Bloomberg TV. "We will continue to pursue the extradition of defendant Ms. Meng Wanzhou, and will meet all deadlines set by the U.S./Canada Extradition Treaty," Justice Department spokesman Marc Raimondi said in a statement. "We greatly appreciate Canada's continuing support of our mutual efforts to enforce the rule of law." Slashdot reader AmiMoJo shares a separate report from the BBC: The chairman of Chinese tech giant Huawei has warned his company could shift away from the U.S. and the U.K. if it continues to face restrictions. Huawei has been under scrutiny by Western governments, which fear its products could be used for spying. Speaking at the World Economic Forum, in Davos, Mr Liang Hua said his firm might transfer technology to countries "where we are welcomed." Huawei makes smartphones but is also a world leader in telecoms infrastructure, in particular the next generation of mobile phone networks, known as 5G.

Read more of this story at Slashdot.

Kashmir Hill, a reporter at Gizmodo, spent weeks trying to avoid and block Amazon -- and every service that is owned by Amazon or uses Amazon's web services (AWS). She went to great lengths such as getting her own custom-built VPN. Turns out, it is impossible to keep Amazon off your life. An excerpt from the report: Launched in 2006, AWS has taken over vast swaths of the internet. My VPN winds up blocking over 23 million IP addresses controlled by Amazon, resulting in various unexpected casualties, from Motherboard and Fortune to the U.S. Government Accountability Office's website. (Government agencies love AWS, which is likely why Amazon, soon to be a corporate Cerberus with three "headquarters," chose Arlington, Virginia, in the D.C. suburbs, as one of them.) Many of the smartphone apps I rely on also stop working during the block.

Read more of this story at Slashdot.

AmiMoJo shares a report from The Guardian: A Dutch surgeon formally disciplined for her medical negligence has won a legal action to remove Google search results about her case in a landmark "right to be forgotten" ruling. The doctor's registration on the register of healthcare professionals was initially suspended by a disciplinary panel because of her postoperative care of a patient. After an appeal, this was changed to a conditional suspension under which she was allowed to continue to practice. But the first results after entering the doctor's name in Google continued to be links to a website containing an unofficial blacklist, which it was claimed amounted to "digital pillory." It was heard that potential patients had found the blacklist on Google and discussed the case on a web forum. The surgeon's lawyer, Willem van Lynden, said the ruling was groundbreaking in ensuring doctors would no longer be judged by Google on their fitness to practice. "Now they will have to bring down thousands of pages: that is what will happen, in my view. There is a medical disciplinary panel but Google have been the judge until now. They have decided whether to take a page down -- and why do they have that position?" Van Lynden said.

Read more of this story at Slashdot.

schwit1 shares a report from VentureBeat: Google has been hit by a $57 million fine by French data privacy body CNIL (National Data Protection Commission) for failure to comply with the EU's General Data Protection Regulation (GDPR) regulations. The CNIL said that it was fining Google for "lack of transparency, inadequate information and lack of valid consent regarding the ads personalization," according to a press release issued by the organization. The news was first reported by the AFP. What the CNIL is effectively referencing here is dark pattern design, which attempts to encourage users into accepting terms by guiding their choices through the design and layout of the interface. This is something that Facebook has often done too, as it has sought to garner user consent for new features or T&Cs. It's worth noting here that Google has faced considerable pressure from the EU on a number of fronts over the way it carries out business. Back in July, it was hit with a record $5 billion fine in an Android antitrust case, though it is currently appealing that. A few months back, Google overhauled its Android business model in Europe, electing to charge Android device makers a licensing fee to preinstall its apps in Europe. Google hasn't confirmed what its next steps will be, but it will likely appeal the decision as it has done with other fines. "People expect high standards of transparency and control from us," a Google spokesperson told VentureBeat. "We're deeply committed to meeting those expectations and the consent requirements of the GDPR. We're studying the decision to determine our next steps."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: The Russian government agency responsible for censorship on the Internet has accused Facebook and Twitter of failing to comply with a law requiring all servers that store personal data to be located in Russia. Roskomnadzor, the Russian censorship agency, "said the social-media networks hadn't submitted any formal and specific plans or submitted an acceptable explanation of when they would meet the country's requirements that all servers used to store Russians' personal data be located in Russia," The Wall Street Journal reported today. Roskomnadzor said it sent letters to Facebook and Twitter on December 17, giving them 30 days to provide "a legally valid response." With the 30 days having passed, the agency said that "Today, Roskomnadzor begins administrative proceedings against both companies." The law went into effect in September 2015, but Russia has had trouble enforcing it. "At the moment, the only tools Russia has to enforce its data rules are fines that typically only come to a few thousand dollars or blocking the offending online services, which is an option fraught with technical difficulties," a Reuters article said today. According to The Journal, "Facebook and Twitter could be fined for not providing information to the watchdog."

Read more of this story at Slashdot.

We'll likely see a rise in internet blackouts in 2019, for two reasons: countries deliberately "turning off" the internet within their borders, and hackers disrupting segments of the internet with distributed denial-of-service (DDoS) attacks. Above all, both will force policymakers everywhere to reckon with the fact that the internet itself is increasingly becoming centralized -- and therefore increasingly vulnerable to manipulation, making everyone less safe. From a report: The first method -- states deliberately severing internet connections within their country -- has an important history. In 2004, the Maldivian government caused an internet blackout when citizens protested the president; Nepal similarly caused a blackout shortly thereafter. In 2007, the Burmese government apparently damaged an underwater internet cable in order to "staunch the flow of pictures and messages from protesters reaching the outside world." In 2011, Egypt cut most internet and cell services within its borders as the government attempted to quell protests against then-President Hosni Mubarak; Libya then did the same after its own unrest. In 2014, Syria had a major internet outage amid its civil war. In 2018, Mauritania was taken entirely offline for two days when undersea submarine internet cables were cut, around the same time as the Sierra Leone government may have imposed an internet blackout in the same region. When we think about terms like "cyberspace" and "internet," it can be tempting to associate them with vague notions of a digital world we can't touch. And while this is perhaps useful in some contexts, this line of thinking forgets the very real wires, servers, and other hardware that form the architecture of the internet. If these physical elements cease to function, from a cut wire to a storm-damaged server farm, the internet, too, is affected. More than that, if a single entity controls -- or can at least access -- that hardware for a region or even an entire country, government-caused internet blackouts are a tempting method of censorship and social control.

Read more of this story at Slashdot.

An online casino group has leaked information on over 108 million bets, including details about customers' personal information, deposits, and withdrawals, ZDNet has learned. From the report: The data leaked from an ElasticSearch server that was left exposed online without a password, Justin Paine, the security researcher who discovered the server, told ZDNet. ElasticSearch is a portable, high-grade search engine that companies install to improve their web apps' data indexing and search capabilities. Last week, Paine came across one such ElasticSearch instance that had been left unsecured online with no authentication to protect its sensitive content. From a first look, it was clear to Paine that the server contained data from an online betting portal. [...] After an analysis of the URLs spotted in the server's data, Paine and ZDNet concluded that all domains were running online casinos where users could place bets on classic cards and slot games, but also other non-standard betting games. Some of the domains that Paine spotted in the leaky server included kahunacasino.com, azur-casino.com, easybet.com, and viproomcasino.net, just to name a few.

Read more of this story at Slashdot.

The partial government shutdown is affecting a wide range of business and financial concerns nationwide. From a report: Shuttered government offices are stalling the approval of new loans, initial public offerings, the processing of tax documents, and the approval of new products such as prescription drugs, among other effects. While some programs are reopening on a temporary basis or providing workarounds for affected companies, most services won't return to normal until the government fully reopens and 800,000 federal workers sift through the backlog. Here is a round up of the impact: The partial closure of the Securities and Exchange Commission is delaying the ability of companies to open the IPO market. Companies that were seeking to list shares in January are delaying plans since the regulator has stopped reviewing and approving new and pending corporate registration statements. Airlines expect to have sluggish revenue growth in the first quarter in part because of revenue lost from government travel cancellations. Delta Air Lines Inc. Chief Executive Ed Bastian, for instance, said the shutdown would cost his airline $25 million in lost revenue from government travel. The U.S. Food and Drug Administration has dramatically curtailed inspections of domestic facilities at food-processing companies during the shutdown, though unpaid inspectors have resumed work inspecting higher-risk products such as fresh fruits and vegetables, eggs, seafood and dairy products. At the Internal Revenue Service, the shutdown has created delays in getting some employer identification numbers, holding up some routine business deals. Some small-business loans are also stuck in limbo. The Small Business Administration has stopped approving routine loans that the agency backs to ensure entrepreneurs have access to funds, halting their plans for expansion and repairs and forcing some owners to consider costlier sources of cash. The government process for reviewing proposed mergers has been slowed by the shutdown, but it is still operating. Businesses that have government contracts are feeling the strain across a variety of industries, including the building of highways and bridges.

Read more of this story at Slashdot.

William Chalk, reporting for HackerNoon: After big names like Whatsapp, Snapchat, and Facebook, VPNs are the most searched-for applications in the world. "VPN" is the second-highest non-branded search term behind "games", and free apps completely dominate the search results. The most popular applications have amassed hundreds of millions of installs between them worldwide, yet there seems to be very little attention paid to the companies behind them, and very little scrutiny done on behalf of the marketplaces hosting them. We investigated the top free VPN apps in the App Store and Google Play Store. We found that very few of these hugely popular apps do anywhere near enough to deserve the trust of those looking to protect their privacy online. We recorded the top 20 free apps in the search results for "VPN" in the App and Play Store for UK and US locales. In total, these applications have been downloaded 80 million times from Google and 4 million times each month from Apple. Our investigation discovered that over half of the top free VPN apps either have Chinese ownership or are actually based in China, which has aggressively clamped down on VPN services in recent years and maintains an iron grip on the internet within its borders. Furthermore, we found the majority of these apps have insufficient formal privacy protections and non-existent user support.

Read more of this story at Slashdot.

Thousands of women were systematically underpaid at Oracle, one of Silicon Valley's largest corporations, according to a new motion in a class-action complaint that details claims of pervasive wage discrimination. From a report: A motion filed in California on Friday said attorneys seek to represent more than 4,200 women and alleged that female employees were paid on average $13,000 less per year than men doing similar work. An analysis of payroll data found disparities with an "extraordinarily high degree of statistical significance," the complaint said. Women made 3.8% less in base salaries on average than men in the same job categories, 13.2% less in bonuses, and 33.1% less in stock value, it alleges. The civil rights suit comes as the tech industries faces increased scrutiny of gender and racial discrimination, including sexual misconduct, unequal pay and biased workplaces. The case against Oracle, which is headquartered in Redwood Shores and provides cloud computing services to companies across the globe, resembles high-profile litigation against Google, which has also faced repeated claims of systematic wage discrimination.

Read more of this story at Slashdot.