aggregator

3 TB of Private Webcam/Home Security Video Leaked on Porn Sites

Slashdot - Your Rights Online - N, 2020-10-18 21:48
schwit1 quotes Input: A hacking group that has yet to identify itself found and stole more than 3 TB of private video from around the world — mainly collected from Singapore — and shared it on porn sites, according to reports from local media like The New Paper. While some of the footage was indeed pornographic in nature, other videos are more mundane. More than 50,000 private IP-based cameras were accessed by hackers to amass the collection. Some were explicitly tagged with locations in Singapore, The New Paper reports, while others revealed their location as Singapore based on context clues such as book titles and home layout. Many show people (sometimes with their faces censored) in "various stages of undress or compromising positions...." It's looking like poor security is the culprit. Clement Lee, a solutions architect for multinational software company Check Point Software Technologies, told The New Paper that the hacking of IP cameras is often due to "poor password management." IP cameras make it easy to access your video feeds from anywhere — which means it's also easy for hackers to access them from anywhere, once they've figured out your password... The unfortunate fact of the matter is that internet-connected devices are inherently susceptible to hacking. Add lax encryption and lazy users to the mix and you have a recipe for disaster.

Read more of this story at Slashdot.

Make Remote Work Permanent? No Way, Say Bay Area Leaders

Slashdot - Your Rights Online - N, 2020-10-18 01:34
Last month a regional government agency in the San Francisco Bay Area voted "to move forward" with a proposal to eventually require people at large, office-based companies to work from home three days a week "as a way to slash greenhouse gas emissions from car commutes," according to NBC News. But today local newspapers report "Bay Area leaders are already saying, no way." [Shorter, non-paywalled article here.] The Metropolitan Transportation Commission is drawing heavy fire from lawmakers, the business commmunity and transit supporters for a proposal that would require big companies to have their employees work from home at least 60 percent of the time by 2035. The proposal is aimed at reducing vehicle commuters and greenhouse gas emissions, but Bay Area politicians and business leaders say it would encourage Silicon Valley companies to pick up and leave. "This will spur a flight of large employers from the Bay Area," said San Jose Mayor Sam Liccardo, comparing the idea to paving lanes directly from Silicon Valley to Texas. After recovering from the pandemic-caused recession, Liccardo said, "we're going to miss those jobs." Liccardo and San Francisco Mayor London Breed this week urged MTC leaders to find a better solution to hit the region's long-term clean air goals... Rebecca Saltzman, a BART director, is introducing a resolution asking MTC to re-examine the requirement, which was added late in the process. It would drive down transit use with no clear proof it would reduce greenhouse gases, she said. "We know we would lose riders," she said. Bay Area lawmakers said a work-from-home mandate would hurt small businesses located around large employers, drain vitality from downtowns and diminish transit use. The requirements would also fall heavily on low-wage workers who typically must report to work to cook, clean, build or serve customers. San Jose and San Francisco both have tech giants — Google and Salesforce — spending billions of dollars to design and develop new campuses with a higher density of homes and apartments near transit. A work-from-home mandate could disrupt those plans, Liccardo said. "I'm concerned about a parade of unintended consequences," he said. "This undermines the incentives to live near work."

Read more of this story at Slashdot.

US Antitrust Regulators Could Target Google's Chrome Browser For Breakup

Slashdot - Your Rights Online - So, 2020-10-17 19:34
Slashdot reader alternative_right shares a report from Politico: Justice Department and state prosecutors investigating Google for alleged antitrust violations are considering whether to force the company to sell its dominant Chrome browser and parts of its lucrative advertising business, three people with knowledge of the discussions said... The conversations — amid preparations for an antitrust legal battle that the Department of Justice is expected to begin in the coming weeks — could pave the way for the first court-ordered break-up of a U.S. company in decades. The forced sales would also represent major setbacks for Google, which uses its control of the world's most popular web browser to aid the search engine that is the key to its fortunes. Discussions about how to resolve Google's control over the $162.3 billion global market for digital advertising remain ongoing, and no final decisions have been made, the people cautioned, speaking anonymously to discuss confidential discussions. But prosecutors have asked advertising technology experts, industry rivals and media publishers for potential steps to weaken Google's grip... A major antitrust report that the House Judiciary Committee released this week found that Chrome's market share allows Google to "effectively set standards for the industry," an issue of particular relevance as Chrome phases out cookies. "Google's ad-based business model can prompt questions about whether the standards Google chooses to introduce are ultimately designed primarily to serve Google's interests," the House report said. "Market participants are concerned that while Google phases out third-party cookies needed by other digital advertising companies, Google can still rely on data collected throughout its ecosystem." Friday Politico reported the antitrust suit against Google is likely to be filed "early next week, but without the sign-on of any Democratic attorneys general, four people familiar with the case said Friday — upending the Trump administration's hopes to enlist bipartisan support for its fight against the internet giant..." Instead a bipartisan group of states "expects to file an antitrust complaint challenging Google's search practices at a later date, the people said. That group, led by Democratic attorneys general in Colorado and Iowa along with Nebraska's Republican attorney general, has expressed concern about what they view as the Justice Department's narrow approach to the case, the people said. Filing a separate suit would allow more leverage if the Department of Justice negotiates a settlement with Google they don't like, they said."

Read more of this story at Slashdot.

Trump Scrambles To Loosen America's Biometric Data and Gig Worker Regulations

Slashdot - Your Rights Online - So, 2020-10-17 16:34
"Facing the prospect that President Trump could lose his re-election bid, his cabinet is scrambling to enact regulatory changes affecting millions of Americans in a blitz so rushed it may leave some changes vulnerable to court challenges," reports the New York Times: The effort is evident in a broad range of federal agencies and encompasses proposals like easing limits on how many hours some truckers can spend behind the wheel, giving the government more freedom to collect biometric data and setting federal standards for when workers can be classified as independent contractors rather than employees. In the bid to lock in new rules before Jan. 20, Mr. Trump's team is limiting or sidestepping requirements for public comment on some of the changes and swatting aside critics who say the administration has failed to carry out sufficiently rigorous analysis. Some cases, like a new rule to allow railroads to move highly flammable liquefied natural gas on freight trains, have led to warnings of public safety threats... If Democrats take control of Congress, they will have the power to reconsider some of these last-minute regulations, through a law last used at the start of Mr. Trump's tenure by Republicans to repeal certain rules enacted at the end of the Obama administration. But the Trump administration is also working to fill key vacancies on scientific advisory boards with members who will hold their seats far into the next presidential term, committees that play an important role in shaping federal rule making... The Homeland Security Department is also moving, again with an unusually short 30-day comment period, to adopt a rule that will allow it to collect much more extensive biometric data from individuals applying for citizenship, including voice, iris and facial recognition scans, instead of just the traditional fingerprint scan. The measure, which the agency said was needed to curb fraud, would also allow it for the first time to collect DNA or DNA test results to verify a relationship between an application for citizenship and someone already in the United States.

Read more of this story at Slashdot.

Billionaire CEO of Software Company Indicted For Alleged $2 Billion Tax Evasion Schemes

Slashdot - Your Rights Online - So, 2020-10-17 02:50
The billionaire chief executive of Ohio-based Reynolds and Reynolds Co, Robert Brockman, has been indicted on charges of tax evasion and wire fraud conducted over "decades." ZDNet reports: The scheme, in which roughly $2 billion was hidden away in offshore accounts and through money laundering, took place between 1999 and 2019, the US Department of Justice (DoJ) said on Thursday. According to the indictment (.PDF), the resident of both Houston, Texas, and Pitkin County, Colorado allegedly used a "web" of offshore organizations in Bermuda and Nevis to hide the profits he made from investments in private equity funds. Brockman squirreled away his capital gains and also tampered with the evidence of his alleged activities, prosecutors say, by methods including backdating records and using "encrypted communications and code words" to communicate with co-conspirators, including the phrases "Permit," "King," and "Redfish." A ranch, luxury home, and yacht were among the purchases apparently made with non-taxed income. US prosecutors also say that between 2008 and 2010, Brockman used a third-party entity to purchase $67.8 million in debt securities from the software company. As CEO, the executive is not permitted to do so without full disclosure as it can have an impact on share prices and trading; however, Brockman allegedly did so without informing sellers. As a result, approximately $2 billion in income was kept hidden from the US Internal Revenue Service (IRS). In addition, US prosecutors allege that investors in the software firm's debt securities were also defrauded. A federal grand jury in San Francisco, California has issued a 39-count indictment, including seven counts of tax evasion, 20 counts of wire fraud, money laundering, evidence tampering, and destruction of evidence.

Read more of this story at Slashdot.

Group Files 'Largest FOIA of All Time'

Slashdot - Your Rights Online - Pt, 2020-10-16 20:50
Reclaim the Records -- a group of activist genealogists, historians, journalists, teachers -- has filed what may be the largest Freedom Of Information Act Request of all time. The group wants the National Archives and Records Administration (NARA) to release billions of digital images and their associated metadata to the public. From a report: NARA is a government agency that preserves and archives the American government's historical records. It's also supposed to increase public access to those records. To accomplish that goal, NARA partnered with private companies such as genealogical website Ancestory.com to digitize and upload census records, immigration records, and other historical documents. Digitizing these records is a massive task, one NARA likely couldn't accomplish on its own. In exchange for its help, NARA granted the private companies limited exclusivity to the records. That means that billions of documents related to America's history are behind paywalls on sites like Ancestry, FamilySearch, and Fold3. According to the agreements, the sites were supposed to open up their digitized archive to the public after an exclusivity period of 3 - 5 years. "In practice, this simply hasn't happened," Reclaim the Records said in a blog post announcing the FOIA. "NARA has never actually posted online the vast majority of these records that were digitized through their partnership program, not to their Catalog nor indeed anywhere else where the public might be able to freely access and download the now-digital records. This remains the case today, even when the embargo periods for many of these record sets have been expired for more than a decade, sometimes two decades." Most of these are stored behind Ancestry.com's paywall, in part because Ancestry purchased several of the other sites that NARA had made deals with when they were still independent.

Read more of this story at Slashdot.

France and the Netherlands Call For Tough EU Powers To Curb Big Tech

Slashdot - Your Rights Online - Pt, 2020-10-16 19:29
France and the Netherlands have proposed stricter EU rules to oversee large technology firms, such as Alphabet, Facebook and Amazon. From a report: In a joint document, seen by CNBC and due to be sent to the European Commission, the EU's executive arm, the two countries suggested that an EU authority should be able to control the market position of these large tech platforms. "Our common ambition is to design a framework that will be efficient enough to address the economic footprint of such actors on the European economy and to be able to 'break them open,'" Cedric O, the secretary of state for digital transition in France, said in a statement. "Access to data, to services, interoperability ... these are efficient tools that we should be able to use, with a tailor-made approach, in order to tackle market foreclosure and ensure freedom of choice for consumers," he added. The EU, arguably at the forefront of regulation in this space, has intensified talks regarding Big Tech and the competitive landscape over the last 12 months. In addition to pursuing anti-trust investigations on some of the largest firms, the Commission is also working on data protection rules.

Read more of this story at Slashdot.

FCC Will Move To Regulate Social Media After Censorship Outcry

Slashdot - Your Rights Online - Pt, 2020-10-16 05:30
An anonymous reader quotes a report from The Verge: On Thursday, Federal Communications Commission Chairman Ajit Pai said that the agency will seek to regulate social media platforms like Facebook and Twitter at the behest of the Trump administration's executive order signed earlier this year. "Members of all three branches of the federal government have expressed serious concerns about the prevailing interpretation of the immunity set for in Section 230 of the Communications Act. There is bipartisan support in Congress to reform the law," Pai said in a statement Thursday. "Social media companies have a First Amendment right to free speech. But they do not have a First Amendment right to a special immunity denied to other media outlets, such as newspapers and broadcasters." On Thursday, Pai said that the commission's general counsel said that "the FCC has the legal authority to reinterpret Section 230." He continued, "Consistent with this advice, I intend to move forward with a rulemaking to clarify its meaning." "Pai's decision to move forward with rulemaking follows a series of moderation decisions on Wednesday made by Facebook and Twitter against a New York Post article regarding former Vice President Joe Biden's son, Hunter Biden, who has been the subject of political attacks from the right throughout the 2020 presidential election," the report adds. Facebook reduced the reach of the story, while Twitter banned linking to the story entirely. "These moves from Facebook and Twitter incited an outcry over conservative bias from Republicans," reports The Verge.

Read more of this story at Slashdot.

Robinhood Estimates Hackers Infiltrated Almost 2,000 Accounts

Slashdot - Your Rights Online - Pt, 2020-10-16 00:02
An anonymous reader quotes a report from Bloomberg: Almost 2,000 Robinhood Markets accounts were compromised in a recent hacking spree that siphoned off customer funds, a sign that the attacks were more widespread than was previously known. A person with knowledge of an internal review, who asked not to be identified because the findings aren't public, provided the estimated figure. When Bloomberg first reported on the hacking spree last week, the popular online brokerage disclosed few details. It said "a limited number" of customers had been struck by cyber-criminals who gained access by breaching personal email accounts outside of Robinhood, an assertion that some of the victims acknowledge and others reject. The attacks unleashed a torrent of complaints on social media, where investors recounted futile attempts to call the brokerage, which doesn't have a customer service phone number. Robinhood, which has more than 13 million customer accounts, is now considering whether to add a phone number along with other tools, the person said. This week, Robinhood sent push notifications to users suggesting they enable two-factor authentication on their accounts. It also plans to send customers more advice on security, according to the statement. Several victims said they found no sign of criminals compromising their email accounts. And some said their brokerage accounts were accessed even though they had set up two-factor authentication.

Read more of this story at Slashdot.

FCC To Move on Trump Plan To Weaken Social Media Legal Shield

Slashdot - Your Rights Online - Cz, 2020-10-15 22:05
U.S. Federal Communications Commission Chairman Ajit Pai said the agency will consider President Donald Trump's request to weaken legal protections for social media companies such as Twitter. From a report: The FCC will begin a rulemaking to "clarify" the meaning of a law that gives broad legal immunity to social media companies for their handling of users' posts, Pai said in an emailed statement. The action follows a request by the Trump administration for regulators to dilute the decades-old law that Facebook, Twitter and Google say is crucial. The request was called for in an executive order that Trump signed in May. Tech trade groups, civil liberties organizations and legal scholars have slammed the action and said it isn't likely to survive a court challenge.

Read more of this story at Slashdot.

Google and Intel Warn of High-Severity Bluetooth Security Bug In Linux

Slashdot - Your Rights Online - Cz, 2020-10-15 03:32
An anonymous reader quotes a report from Ars Technica: Google and Intel are warning of a high-severity Bluetooth flaw in all but the most recent version of the Linux Kernel. While a Google researcher said the bug allows seamless code execution by attackers within Bluetooth range, Intel is characterizing the flaw as providing an escalation of privileges or the disclosure of information. The flaw resides in BlueZ, the software stack that by default implements all Bluetooth core protocols and layers for Linux. Besides Linux laptops, it's used in many consumer or industrial Internet-of-things devices. It works with Linux versions 2.4.6 and later. So far, little is known about BleedingTooth, the name given by Google engineer Andy Nguyen, who said that a blog post will be published "soon." A Twitter thread and a YouTube video provide the most detail and give the impression that the bug provides a reliable way for nearby attackers to execute malicious code of their choice on vulnerable Linux devices that use BlueZ for Bluetooth. Intel, meanwhile, has issued this bare-bones advisory that categorizes the flaw as privilege-escalation or information-disclosure vulnerability. The advisory assigned a severity score of 8.3 out of a possible 10 to CVE-2020-12351, one of three distinct bugs that comprise BleedingTooth. "Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure," the advisory states. "BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities." Intel, which is a primary contributor to the BlueZ open source project, said that the most effective way to patch the vulnerabilities is to update to Linux kernel version 5.9, which was published on Sunday. Those who can't upgrade to version 5.9 can install a series of kernel patches the advisory links to. Maintainers of BlueZ didn't immediately respond to emails asking for additional details about this vulnerability. Ars Technica points out that since BleedingTooth requires proximity to a vulnerable device, there's not much reason for people to worry about this vulnerability. "It also requires highly specialized knowledge and works on only a tiny fraction of the world's Bluetooth devices," it adds.

Read more of this story at Slashdot.

Florida Could Become First State To Offer Digital Driver's Licenses

Slashdot - Your Rights Online - Cz, 2020-10-15 03:30
According to WESH Orlando, Florida residents next year will be able to apply for new mobile driver's licenses that can be easily accessed on a smartphone, tablet, or other device. They will be valid as a traditional license. From the report: The service will be provided by the company Thales, which designs and builds electrical systems and provides services for the aerospace, defense, transportation and security markets. "The State of Florida will be the first state in the United States to provide mobile Driver Licenses with leading-edge security mechanisms, fully compliant with rigorous national and international standards.," a statement from Thales said. According to Thales, a digital license will work the same way as a traditional one. People would open the app and present it to verify your age, check in at TSA or interact with law enforcement. As of now, though, Thales states on their website, "It will be up to each state and local law enforcement agency to determine what procedure and methods work best within their existing protocol." It's unclear exactly when Florida will begin offering the mobile licenses.

Read more of this story at Slashdot.

China Starts Digital Yuan Trial By Giving $30 To 50,000 People

Slashdot - Your Rights Online - Cz, 2020-10-15 01:30
China is starting a first-of-its-kind digital yuan trial by distributing 10 million yuan ($1.5 million) of the digital currency among 50,000 participants selected by lottery. "That equates to each participant being granted 200 yuan, or $30, to spend at any of 3,389 designated restaurants and stores," notes Nikkei Asian Review. From the report: The trial ends next Monday. Other tests of digital currencies have mainly been done by the public sector, but this is the first to involve a large number of ordinary citizens. There was no cost to take part in the test. More than 1.91 million people applied to take part with and acceptance rate at less than 3%. Ostensibly, the digital yuan project is meant to make China's currency more international and user friendly. But critics say it would also allow authorities to more easily track funds. Apprehensions over China's digital currency assume such transactions will not stop at the nation's border. If the digital yuan is taken up across the world through trade and other avenues, it could undermine the dollar's status as a global key currency. Sanctions that ban dollar transactions would risk losing effectiveness. And if the digital yuan becomes the international standard in terms of technology, it could create a hindrance to other nations' issuing their own digital currencies.

Read more of this story at Slashdot.

Bill Gates: 'I Was Naive At Microsoft,' Didn't Realize Success Would Bring Antitrust Scrutiny

Slashdot - Your Rights Online - Cz, 2020-10-15 00:50
Microsoft co-founder and former CEO Bill Gates told CNBC on Wednesday morning he had been naive about the government scrutiny that comes with getting large when he was running Microsoft and said the chance of Big Tech antitrust regulation is "pretty high." CNBC reports: "Whenever you get to be a super-valuable company, affecting the way people communicate and even political discourse being mediated through your system and higher percentage of commerce -- through your system -- you're going to expect a lot of government attention," Gates said in the "Squawk Box" interview. Last week, the House Judiciary subcommittee on antitrust released a report concluding that Amazon, Apple, Facebook and Google hold monopoly power. "I was naive at Microsoft and didn't realize that our success would lead to government attention," Gates said, referring to Microsoft's antitrust challenges from more than 20 years ago. "And so I made some mistakes -- you know, just saying, 'Hey, I never go to Washington, D.C.' And now I don't think, you know, that naivete is there." Gates stepped down as Microsoft CEO in the middle of the U.S. Justice Department's antitrust case, which charged the company had tried to monopolize the web browser market when it bundled Internet Explorer with Windows. The company settled with the DOJ in 2001. "The rules will change somewhat," Gates said in contrast about the possibility of future regulation. "I'd say the chances of them doing something is pretty high." "We have to get the particulars," said Gates when asked about the risk of additional regulation cutting down on innovation. "Is there some rule about acquisition? Is there some rule about splitting parts of the companies, either -- to create open availability of those resources?" Anti-competitive "killer acquisitions" was one of the House subcommittee's concerns, and the report looked into whether Facebook acquired Instagram to eliminate a competitor. Splitting up such acquisitions may be one possibility of future regulation. "We're in uncharted territory here," said Gates.

Read more of this story at Slashdot.

Zoom To Roll Out End-to-End Encrypted (E2EE) Calls

Slashdot - Your Rights Online - Śr, 2020-10-14 19:24
Video conferencing platform Zoom announced today plans to roll out end-to-end encryption (E2EE) capabilities starting next week. From a report: E2EE will allow Zoom users to generate individual encryption keys that will be used to encrypt voice or video calls between them and other conference participants. These keys will be stored locally and will not be shared with Zoom servers, meaning the software company won't be able to access or intercept any ongoing E2EE meetings. Support for E2EE calls will first be part of Zoom clients to be released next week. To use the new feature, users must update theri clients next week and enable support for E2EE calls at the account level. This green shield will contain a lock if E2EE is active. If the lock is absent, Zoom will use its default AES 256-bit GCM encryption scheme, which the company uses to secure current communications, but which the company can also intercept. Further reading: Zoom Adds Ability To Open Apps Like Dropbox And Slack, Event-Hosting Tools As Part Of Push Beyond Video Meetings.

Read more of this story at Slashdot.

Internet Freedom Has Taken a Hit During the Covid-19 Pandemic

Slashdot - Your Rights Online - Śr, 2020-10-14 17:25
Almost 40 million people around the world have contracted Covid-19 and more than a million have died from the virus. The devastation has rippled even further, thanks to a global recession and rising political unrest. And as all of this unfolds, new research indicates that the governments around the world have exploited the pandemic to expand their domestic surveillance capabilities and curtail internet freedom and speech. From a report: The human and digital rights watchdog Freedom House today published its annual "Freedom on the Net" report, which tracks the ebb and flow of censorship laws, net neutrality protections, internet shutdowns, and more around the world. This year's report, which covers the period from June 2019 through May 2020, encompasses not only the Covid-19 pandemic but the trade war between the US and China, which has resulted in a dramatic acceleration of the cyber sovereignty movement. Combined with numerous other geopolitical clashes that have impacted digital rights, Freedom House found that global internet freedom has been broadly curtailed in 2020. "Political leaders used the pandemic as a pretext to crack down on free expression and limit access to information," Freedom House director for democracy and technology Adrian Shahbaz told reporters ahead of the report's release. "We traced three commonly used tactics. First in at least 45 countries, activists, journalists, and other members of the public were arrested or charged with criminal offenses for online speech related to the pandemic. Second in at least 20 countries governments cited the pandemic emergency to impose vague or overly broad speech restrictions. Third, governments in at least 28 countries censored websites and social media posts to censor unfavorable health statistics, corruption allegations, and other Covid-19-related content."

Read more of this story at Slashdot.

There's Another Huge Right To Repair Fight Brewing In Massachusetts

Slashdot - Your Rights Online - Śr, 2020-10-14 15:00
An anonymous reader quotes a report from The Drive: Whether or not you live in Massachusetts, you should be paying attention to a very important vote coming up in November's election. Not for president, or senator, or even city council -- no, Question 1 is a proposition that could dramatically strengthen or weaken the state's landmark right-to-repair law that previously forced automakers to make it easier for you to get your car fixed. Essentially, Massachusetts voters are deciding on whether or not to add "mechanical" vehicle telematics data -- realtime updates from a car's sundry sensors transmitted to an automaker's private servers -- to the list of things OEMs have to share with independent mechanics. Telematics data was purposefully excluded from the original 2013 law, but as cars have gotten more computerized over the last decade, that gap in coverage has grown more pronounced. The full information about what is appearing on the ballot can be found here. Voting "Yes" to Question 1 would expand access to wirelessly transmitted mechanical data regarding vehicle maintenance and repair. But what makes this a big deal for those outside Massachusetts is that the amendment will require automakers who want to do business in the state to make that data accessible through a smartphone app for owners starting in 2022. Remember, it was the 2013 law's passage that forced automakers to adopt a nationwide right-to-repair standard. Could the same happen with open-access telematics data, which will only grow in importance as more cars add on driver-assist features? Pro-Question 1 organization Massachusetts Right to Repair argues the amendment would futureproof the law for consumers and independent repair shops beyond the state's borders. "Voting 'No' would make no change to governing access over wirelessly transmitted vehicle data, meaning automakers would be under no obligation to provide a standard that consumers could use to analyze diagnostic information other than what is currently provided through the vehicle's OBDII port," adds The Drive. "[T]he Coalition for Safe and Secure Data has shelled out at least $25.8 million to oppose Question 1, reportedly receiving large seven-figure donations from General Motors, Toyota, Ford, Honda and Nissan. Go figure."

Read more of this story at Slashdot.

Philippines Starts Registering Millions for National ID Cards

Slashdot - Your Rights Online - Wt, 2020-10-13 16:13
The Philippines began Monday registering millions of citizens for its national identification system, hoping to promote electronic payments and make it easier for low-income earners without bank accounts to access financial services. From a report: All Philippine citizens and resident foreigners are required to register such information as name, sex, date of birth, place of birth, blood type, address and nationality. Biometric data -- fingerprints, facial photos and iris scans -- also will be stored. The country's current system, in which different agencies issue their own numbers, has been criticized as inconvenient. The new system will grant each person a unique number that can be used across agencies. The government hopes to make financial services more accessible to low-income workers who lack bank accounts as well as facilitate delivery of government services. Officials from the Philippine statistics agency will visit homes to collect the personal information, completing the process before President Rodrigo Duterte's term ends in June 2022. The system is scheduled to begin operation in the second half of 2021 for services such as visa issuances. A survey found 73% public support for the new ID system, suggesting that little concern exists over the collection of personal information by the government. Karl Kendrick Chua, acting secretary of the National Economic and Development Authority, said the ID system will accelerate growth of the digital economy. He expressed hope that the national system will spark widespread use of electronic payments. Partnerships with the private sector also appear to be on the table.

Read more of this story at Slashdot.

Amazon's Latest Gimmicks Are Pushing the Limits of Privacy

Slashdot - Your Rights Online - Wt, 2020-10-13 03:30
At the end of September, Amazon debuted two especially futuristic products within five days of each other: a small autonomous surveillance drone, called Ring Always Home Cam, and a palm recognition scanner, called Amazon One. "Both products aim to make security and authentication more convenient -- but for privacy-conscious consumers, they also raise red flags," reports Wired. From the report: Amazon's latest data-hungry innovations are not launching in a vacuum. The company also owns Ring, whose smart doorbells have had myriad security issues and have been widely criticized for bringing unprecedented surveillance to traditionally semi-private spaces. Meanwhile, the biometric data that Amazon Go will collect is particularly sensitive, because unlike a password you can't simply change it if a hacker steals it or it gets unintentionally exposed. Amazon has a strong record for maintaining the security of its massive cloud infrastructure, but there have been lapses across the sprawling business. The stakes are already phenomenally high; the more data the company holds the more risk it takes on. "Amazon has a major genomics cloud platform, so maybe they hold your DNA and now they're going to have your palm as well? Plus all of these devices inside your house. And your purchase history on Prime. That's a lot of information. That's a lot of personal information," says Nina Alli, executive director of Defcon's Biohacking Village and a health care security researcher. "When you give away this data you're giving a company the ability to access and manage you, not the other way around." [...] Additionally, while companies like Apple and Samsung have brought biometric fingerprint and face scanners to the masses by making sure the data never leaves the device, Amazon One takes the opposite approach. Kumar writes that "palm images are never stored" on Amazon One itself. Instead they are encrypted and sent to a special high security area of Amazon's cloud to be converted into "palm signatures" based on the unique and distinctive features of a user's hand. Then the service compares that signature to the one on file in each user's account and returns a match or no match answer back down to the device. It makes sense that Amazon doesn't want to store databases of people's palm data locally on publicly accessible machines that could be manipulated. But the system could perhaps have been set up to generate a palm signature locally, delete the image of a person's hand, and send only the encrypted signature on for analysis. The fact that all of those palm images will be going for cloud processing creates a single point of failure. "I'm worried that people could read your palm vein pattern in other ways and construct an analog. It's only a matter of time," says Joseph Lorenzo Hall, a longtime security and privacy researcher and a senior vice president at the nonprofit Internet Society. "Both the home drone and the palm payment are going to rely heavily on the cloud and on the security provided by that cloud storage. That's worrying because it means all the risks -- rogue employees, government data requests, data breach, secondary uses -- associated with data collection on the server-side could be possible. I'm much more comfortable having a biometric template stored locally rather than on a server where it might be exfiltrated." An Amazon spokesperson told WIRED, "We are confident that the cloud is highly secure. In addition, Amazon One palm data is stored separately from other personal identifiers, and is uniquely encrypted with its own keys in a secure zone in the cloud."

Read more of this story at Slashdot.

How Many Americans Still Secretly Use Their Ex's Passwords

Slashdot - Your Rights Online - Wt, 2020-10-13 02:50
A recent survey by British Virgin Islands-based VPN service provider ExpressVPN asked 1,506 American adults in an exclusive (non-married) relationship to find out their password sharing habits across social media platforms. ZDNet reports on the findings: The survey showed that couples share a variety of passwords with each other, and they most commonly share within the first six months of dating. The most commonly shared passwords between couples are for video streaming (78%), mobile devices (64%), and music streaming (58%). Almost half (47%) of Americans in a relationship share social media passwords and 38% share their personal email passwords. Most services, apart from social media and mobile device accounts (which are shared most with family), are more commonly shared with a significant other than family or friends. Respondents said that sharing passwords is most indicative of trust (70%), commitment (63%), intimacy (54%), marriage-material (51%), affection (48%), and vulnerability (47%). Among those sharing video streaming services, Netflix (86%), Hulu (57%), and Amazon Prime Video (52%) are shared most with a significant other. Millennials and Generation Z are also more likely to share passwords with their significant others across all platforms, as compared to older folks. Among people who do not share passwords with anyone, the most common objection is that the same username and password combination is often used for additional accounts. Among respondents, men are more guilty than women of still secretly using an ex's login information/password post-break up. Over one in four (26%) currently use their ex's game streaming services account and online news subscriptions (26%). A quarter (25%) access their ex's photo sharing program, and food/grocery delivery sites. Almost one in four (23%) currently access social media accounts, mobile wallets, music, and video streaming services and one in five access their ex's personal email accounts. One in four 25% of respondents confess to currently tracking an ex's real-time location and 30% confess to secretly logging in to an ex's social media account at least once, with 23% admitting to still doing so currently. It is not surprising that over one in three (36%) of respondents indicate regret in sharing passwords with a significant other, either during the relationship or after a breakup -- with men feeling more regretful than women (40% vs. 32%).

Read more of this story at Slashdot.