aggregator

IBM, and Some Other Companies Did Not Inform People When Using Their Photos From Flickr To Train Facial Recognition Systems

Slashdot - Your Rights Online - Śr, 2019-03-13 21:45
IBM and some other firms are using at least a million of images they have gleaned from Flickr to help train a facial recognition system. Although the photos in question were shared under a Creative Commons license, many users say they never imagined their images would be used in this way. Furthermore, the people shown in the images didn't consent to anything. From a report: "This is the dirty little secret of AI training sets. Researchers often just grab whatever images are available in the wild," said NYU School of Law professor Jason Schultz. The latest company to enter this territory was IBM, which in January released a collection of nearly a million photos that were taken from the photo hosting site Flickr and coded to describe the subjects' appearance. IBM promoted the collection to researchers as a progressive step toward reducing bias in facial recognition. But some of the photographers whose images were included in IBM's dataset were surprised and disconcerted when NBC News told them that their photographs had been annotated with details including facial geometry and skin tone and may be used to develop facial recognition algorithms. (NBC News obtained IBM's dataset from a source after the company declined to share it, saying it could be used only by academic or corporate research groups.) "None of the people I photographed had any idea their images were being used in this way," said Greg Peverill-Conti, a Boston-based public relations executive who has more than 700 photos in IBM's collection, known as a "training dataset." "It seems a little sketchy that IBM can use these pictures without saying anything to anybody," he said. John Smith, who oversees AI research at IBM, said that the company was committed to "protecting the privacy of individuals" and "will work with anyone who requests a URL to be removed from the dataset." Despite IBM's assurances that Flickr users can opt out of the database, NBC News discovered that it's almost impossible to get photos removed. IBM requires photographers to email links to photos they want removed, but the company has not publicly shared the list of Flickr users and photos included in the dataset, so there is no easy way of finding out whose photos are included. IBM did not respond to questions about this process.

Read more of this story at Slashdot.

Tim Berners-Lee Talks About India's Recent Push To Data Localization, Proposed Compromise of End-to-End Encryption, and Frequent Internet Shutdowns

Slashdot - Your Rights Online - Śr, 2019-03-13 18:51
On the occasion of the web's 30th anniversary, its creator, Tim Berners-Lee, has given some interviews and shared his thoughts on some challenges that the web faces today. He spoke with Medianama, an Indian outlet, on some of the relatively unique challenges that the government over there has been pushing lately. Some of these challenges include government's push to have Silicon Valley companies store data of Indians in India itself; a nudge to WhatsApp to put an end to its encryption (On a side note: The Australian government recently passed a law to do this exact thing); and frequent shutdowns in the nation. On data localisation and data as a national resource : That's one of the things that the Web Foundation has always been concerned about: the balkanisation of the Internet. If you want to balkanise it, that's a pretty darn effective way of doing it. If you say that Indian people's data can't be stored outside India, that means that when you start a social network which will be accessed by people all over the world, that means that you will have to start 152 different companies all over the world. It's a barrier to entry. Facebook can do that. Google can do that. When an Indian company does it, and you'll end up with an Indian company that serves only Indian users. When people go abroad, they won't be able to keep track of their friends at home. The whole wonderful open web of knowledge, academic and political discussions would be divided into country groups and cultural groups, so there will be a massive loss of richness to the web.

Read more of this story at Slashdot.

Alphabet's AI-Powered Chrome Extension Hides Toxic Comments

Slashdot - Your Rights Online - Śr, 2019-03-13 15:00
An anonymous reader quotes a report from Engadget: Alphabet offshoot Jigsaw is launching a Chrome extension designed to help moderate toxic comments on social media. The new open-source tool, dubbed "Tune," builds on the machine learning smarts introduced in Jigsaw's "Perspective" tech to help sites like Facebook and Twitter set the "volume" of abusive comments. Using "filter mix" controls, users can either turn toxic comments off altogether (what's known as "zen mode") or show selective types of posts containing attacks, insults, or profanity. Tune also works with Reddit, YouTube and Disqus. Jigsaw admits that Tune is still an experiment, meaning it may not spot all forms of toxicity or could hide non-offensive comments. "We're constantly working to improve the underlying technology, and users can easily give feedback right in the tool to help us improve our algorithms," C.J. Adams, Jigsaw product manager, wrote in a blog post.

Read more of this story at Slashdot.

You May Have Forgotten Foursquare, But It Didn't Forget You

Slashdot - Your Rights Online - Śr, 2019-03-13 05:30
nj_peeps shares an excerpt from a report via Wired: [Foursquare cofounder Dennis Crowley says the company is working on a new game.] Think Candyland, but instead of fantasy locations like Lollipop Woods, the game's virtual board includes place categories associated with New York City neighborhoods. There's a Midtown Bar, a Downtown Movie Theatre, Brooklyn Coffeeshop, Uptown Park, and so on. As in Candyland, you move your game piece forward by drawing cards. But in Crowley's version, the cards are the habits and locations of real people whose data has been turned into literal pawns in the game. Foursquare knows where their phones are in real time, because it powers many widely used apps, from Twitter and Uber to TripAdvisor and AccuWeather. These people aren't playing Crowley's game, but their real-world movements animate it: If one of them goes into a bar in midtown, for example, the person playing the game would get a Midtown Bar card. Ask someone about Foursquare and they'll probably think of the once-hyped social media company, known for gamifying mobile check-ins and giving recommendations. But the Foursquare of today is a location-data giant. During an interview with NBC in November, the company's CEO, Jeff Glueck, said that only Facebook and Google rival Foursquare in terms of location-data precision. You might think you don't use Foursquare, but chances are you do. Foursquare's technology powers the geofilters in Snapchat, tagged tweets on Twitter; it's in Uber, Apple Maps, Airbnb, WeChat, and Samsung phones, to name a few.

Read more of this story at Slashdot.

Portland City Council May Ask FCC To Investigate Health Risks of 5G Networks

Slashdot - Your Rights Online - Śr, 2019-03-13 00:12
An anonymous reader quotes a report from Inverse: Fearing unknown health risks, members of the City Council in Portland, Oregon, will vote Wednesday to oppose the rollout of 5G wireless networks. In a proposed resolution, Mayor Ted Wheeler, along with Commissioners Chloe Eudaly and Amanda Fritz, write that there's evidence suggesting wireless networks can cause health problems -- including cancer. They express concern that the Federal Communications Commission has not conducted enough research to demonstrate that 5G networks are safe, while at the same time prohibiting state and local governments from passing their own regulations on telecommunications technology. And while Wheeler, Eudaly, and Fritz are correct about the FCC's power to dictate how state and local governments manage wireless networks, the connection between 5G networks and cancer is a lot more complicated than they say it is. "There is evidence to suggest that exposure to radio frequency emissions generated by wireless technologies could contribute to adverse health conditions such as cancer," reads the proposed resolution. This evidence comes from a large-scale study conducted by the National Toxicology Program (NTP), a division of the US Department of Health and Human Services. The final results of this study, published in November 2018, showed a strong association between the type of radiation used for mobile phone signals and certain types of cancerous tumors in lab rats. But that's where the situation gets tough. The NTP study, which took place over 10 years and involved exposing more than 7,000 rats and mice to radio-frequency radiation, focused on signals used by wireless technology under the 2G and 3G standards. It's nearly impossible to say whether these results will apply to 5G hardware. "Since the available research doesn't address 5G, the Portland City Council's resolution demands that the FCC embark on another such research project to assess the health effects of 5G," reports Inverse. "Presumably, it would take just as long to conduct another study on the hypothesized connection between 5G and cancer, but by that time, the industry will almost certainly have moved on to 6G -- or 7G."

Read more of this story at Slashdot.

Researchers Find Critical Backdoor In Swiss Online Voting System

Slashdot - Your Rights Online - Wt, 2019-03-12 23:35
An international group of researchers who have been examining the source code for an internet voting system that Switzerland plans to roll out this year have found a critical flaw in the code that would allow someone to alter votes without detection. New submitter eatmorekix shares a report: The cryptographic backdoor exists in a part of the system that is supposed to verify that all of the ballots and votes counted in an election are the same ones that voters cast. But the flaw could allow someone to swap out all of the legitimate ballots and replace them with fraudulent ones, all without detection. "The vulnerability is astonishing," said Matthew Green, who teaches cryptography at Johns Hopkins University and did not do the research but read the researchers' report. "In normal elections, there is no single person who could undetectably defraud the entire election. But in this system they built, there is a party who could do that." The researchers provided their findings last week to Swiss Post, the country's national postal service, which developed the system with the Barcelona-based company Scytl. Swiss Post said in a statement the researchers provided Motherboard and that the Swiss Post plans to publish online on Tuesday, that the researchers were correct in their findings and that it had asked Scytl to fix the issue. It also downplayed the vulnerability, however, saying that to exploit it, an attacker would need control over Swiss Postâ(TM)s secured IT infrastructure "as well as help from several insiders with specialist knowledge of Swiss Post or the cantons."

Read more of this story at Slashdot.

Actresses, Business Leaders, and Other Wealthy Parents Charged in Massive College Admissions Scandal

Slashdot - Your Rights Online - Wt, 2019-03-12 20:45
Federal prosecutors charged dozens of people on Tuesday in a major college admission scandal that involved wealthy parents, including Hollywood celebrities and prominent business leaders, paying bribes to get their children into elite American universities. From a report: Federal officials have charged dozens of well-heeled parents, including actresses Felicity Huffman and Lori Loughlin, in what the Justice Department says was a multimillion-dollar scheme to cheat college admissions standards. The parents allegedly paid a consultant who then fabricated academic and athletic credentials and arranged bribes to help get their children into prestigious universities. "We're talking about deception and fraud -- fake test scores, fake credentials, fake photographs, bribed college officials," said Andrew Lelling, the U.S. attorney for the District of Massachusetts. Lelling said 33 parents "paid enormous sums" to ensure their children got into schools such as Stanford and Yale, sending money to entities controlled by a man named William Rick Singer in return for falsifying records and obtaining false scores on important tests such as the SAT and ACT. Describing how Singer worked to present his clients' children as elite athletes, Lelling said, "In many instances, Singer helped parents take staged photographs of their children engaged in particular sports. Other times, Singer and his associates used stock photos that they pulled off the Internet -- sometimes Photoshopping the face of the child onto the picture of the athlete" and submitting it to desirable schools.

Read more of this story at Slashdot.

US Tells Germany To Stop Using Huawei Equipment Or Lose Some Intelligence Access

Slashdot - Your Rights Online - Wt, 2019-03-12 12:00
The Wall Street Journal is reporting that the United States has told Germany to drop Huawei from its future plans or risk losing access to some U.S. intelligence. The U.S. says the Chinese company's equipment could be used for espionage -- a concern that Huawei says is unfounded. "The Trump administration has been pressing allies to end their relationships with Huawei, but Germany, moving ahead with its plans, has not moved to ban the company from its networks," reports The Verge. From the report: According to the Journal, a letter sent from the U.S. Ambassador to Germany warns the country that the U.S. will stop sharing some secrets if it allows Huawei to work on its next-generation 5G infrastructure. The letter, according to the Journal, argues that network security can't be effectively managed by audits of equipment or software. While the U.S. plans to continue sharing intelligence with Germany regardless, the Journal reports, officials plan to curtail the scope of that information if Huawei equipment is used in German infrastructure.

Read more of this story at Slashdot.

Russia Blocks Encrypted Email Provider ProtonMail

Slashdot - Your Rights Online - Wt, 2019-03-12 05:31
An anonymous reader quotes a report from TechCrunch: Russia has told internet providers to enforce a block against encrypted email provider ProtonMail, the company's chief has confirmed. The block was ordered by the state Federal Security Service, formerly the KGB, according to a Russian-language blog, which obtained and published the order after the agency accused the company and several other email providers of facilitating bomb threats. Several anonymous bomb threats were sent by email to police in late January, forcing several schools and government buildings to evacuate. In all, 26 internet addresses were blocked by the order, including several servers used to scramble the final connection for users of Tor, an anonymity network popular for circumventing censorship. Internet providers were told to implement the block "immediately," using a technique known as BGP blackholing, a way that tells internet routers to simply throw away internet traffic rather than routing it to its destination. But the company says while the site still loads, users cannot send or receive email. The way the KGB blocked ProtonMail is "particularly sneaky," ProtonMail chief executive Andy Yen said. "ProtonMail is not blocked in the normal way, it's actually a bit more subtle. They are blocking access to ProtonMail mail servers. So Mail.ru -- and most other Russian mail servers -- for example, is no longer able to deliver email to ProtonMail, but a Russian user has no problem getting to their inbox." "That's because the two ProtonMail servers listed by the order are its back-end mail delivery servers, rather than the front-end website that runs on a different system," adds TechCrunch.

Read more of this story at Slashdot.

Congress Introduces Bill To Improve 'Internet of Things' Security

Slashdot - Your Rights Online - Wt, 2019-03-12 04:30
Members of the US Senate and House of Representatives introduced the Internet of Things Cybersecurity Improvement Act on Monday, hoping to bring legislative action to the emerging technology. From a report: Connected devices are expected to boom to 20.4 billion units by 2020, but they don't all have the same levels of security. Hackers often target IoT devices that don't have built-in security, leading to problems like default passwords and vulnerabilities that can't be fixed. [...] Lawmakers are looking to fix that with the bill, which would require a bare minimum of security standards for any IoT devices that the federal government uses. "While I'm excited about their life-changing potential, I'm also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security," Sen. Mark Warner, a Democrat from Virginia, said in a statement.

Read more of this story at Slashdot.

Trump Endorses Permanent Daylight Savings Time

Slashdot - Your Rights Online - Wt, 2019-03-12 03:00
President Trump on Monday threw his support behind efforts to keep the United States permanently on daylight saving time, which took effect Sunday morning. "Making Daylight Saving Time permanent is O.K. with me!" Trump tweeted. The Hill reports: California and several other states are considering measures that would end the biannual clock changes between standard and daylight saving time. Three GOP lawmakers from Florida introduced legislation in Congress this month that would end the November clock change from daylight saving time back to standard time. The measures, introduced by Sens. Marco Rubio and Rick Scott and Rep. Vern Buchanan, would keep the country in daylight saving time, the clock change made in early March that is observed by most states for eight months of the year. Rubio introduced a similar measure in 2018. That bill did not advance in the Senate.

Read more of this story at Slashdot.

Debit Card With Built-In Fingerprint Reader Begins Trial In the UK

Slashdot - Your Rights Online - Wt, 2019-03-12 01:40
British bank Natwest is trialing the use of a new NFC payment card with a built-in fingerprint scanner. "The trial, which will include 200 customers when it begins in mid-April, will allow its participants to make NFC payments (called 'contactless' in the UK) without needing to input a PIN or offer a signature," reports The Verge. "The standard [30 British pound] limit for contactless payments will not apply when the fingerprint is used." From the report: Currently, anyone can make a contactless payment in the UK by tapping their card on the terminal to make a payment. As a result of this lack of security, a [30 British pound] limit is applied to such payments, with retailers requiring you to place your card into the card reader and enter a PIN for more expensive purchases (commonly referred to as the "Chip and PIN" method). Although mobile payments require authentication, customers often find they're subject to the same [30 British pound] limit. The fingerprint data is stored locally on the card, meaning there's no security information for a hacker to be able to steal from a bank's central database. It's not foolproof -- there's always the risk a sufficiently determined thief could steal and imitate your fingerprint -- but it's much more secure than a PIN that someone could learn by simply looking over your shoulder as you enter it.

Read more of this story at Slashdot.

FAA Says Boeing 737 MAX Planes Are Still Airworthy

Slashdot - Your Rights Online - Wt, 2019-03-12 01:00
An anonymous reader quotes a report from CNBC: The Boeing 737 MAX, the type of plane involved in a deadly crash in Ethiopia over the weekend, is still airworthy and the Federal Aviation Administration plans to issue a notice to the international aviation community later Monday, a person familiar with the matter said. "The FAA continuously assesses and oversees the safety performance of U.S. commercial aircraft," the FAA said in a statement. "If we identify an issue that affects safety, the FAA will take immediate and appropriate action." Aviation officials in China and Indonesia ordered domestic airlines to ground their fleets of the popular Boeing single-aisle planes after the deadly crash of one operated by Ethiopian Airlines on Sunday. The 149 passengers and eight crew members on board were killed when the plane crashed shortly after takeoff. The incident was the second deadly crash of the new Boeing planes in less than five months. A Lion Air Boeing 737 MAX 8 plunged into the Java Sea shortly after taking off from Jakarta in October, killing all 189 people on board.

Read more of this story at Slashdot.

Facebook Sues Over 'Data-Grabbing' Quizzes

Slashdot - Your Rights Online - Wt, 2019-03-12 00:20
Facebook is suing Andrew Gorbachov and Gleb Sluchevsky, of Ukraine, who worked for a company called Web Sun Group that developed "data-grabbing" quizzes for its social media site. The malicious quiz apps were used to harvest thousands of users' profile data. "The firm says anyone who wanted to take the quizzes was asked to install browser extensions, which then lifted data ranging from names and profile pictures to private lists of friends," reports the BBC. "These were installed about 63,000 times between 2016 and October 2018, it says." From the report: The quizzes, with titles such as "What does your eye color say about you?" and "Do people love you for your intelligence or your beauty?", gained access to this information via the Facebook Login system -- which enables connections between third party apps and Facebook profiles. While the system is intended to verify that such connections are secure, in this case, Facebook says, users were falsely told the app would retrieve only a limited amount of public data from their profiles. "In total, defendants compromised approximately 63,000 browsers used by Facebook users and caused over $75,000 in damages to Facebook," the company said in court documents first published by online news site The Daily Beast. The documents accuse the two men of breaking US laws against computer hacking as well as breaching Facebook's own terms of use.

Read more of this story at Slashdot.

John Oliver Fights Robocalls By Robocalling Ajit Pai and the FCC

Slashdot - Your Rights Online - Pn, 2019-03-11 22:15
An anonymous reader quotes a report from Ars Technica: Comedian John Oliver is taking aim at the Federal Communications Commission again, this time demanding action on robocalls while unleashing his own wave of robocalls against FCC commissioners. In a 17-minute segment yesterday on HBO's Last Week Tonight, Oliver described the scourge of robocalls and blamed Pai for not doing more to stop them. Oliver ended the segment by announcing that he and his staff are sending robocalls every 90 minutes to all five FCC commissioners. "Hi FCC, this is John from customer service," Oliver's recorded voice says on the call. "Congratulations, you've just won a chance to lower robocalls in America today... robocalls are incredibly annoying, and the person who can stop them is you! Talk to you again in 90 minutes -- here's some bagpipe music." When it came to robocalling the FCC, Oliver didn't need viewers' help. "This time, unlike our past encounters [with the FCC], I don't need to ask hordes of real people to bombard [the FCC] with messages, because with the miracle of robocalling, I can now do it all by myself," Oliver said. "It turns out robocalling is so easy, it only took our tech guy literally 15 minutes to work out how to do it," Oliver also said. He noted that "phone calls are now so cheap and the technology so widely available that just about everyone has the ability to place a massive number of calls." Under U.S. law, political robocalls to landline telephones are allowed without prior consent from the recipient. Such calls to cell phones require the called party's prior express consent, but Oliver presumably directed his robocalls to the commissioners' office phones. Oliver told the FCC commissioners: "if you want to tell us that you don't consent to be robocalled, that's absolutely no problem. Just write a certified letter to the address we buried somewhere within the first chapter of Moby Dick that's currently scrolling up the screen... find the address, write us a letter, and we'll stop the calls immediately."

Read more of this story at Slashdot.

US Government Will Be Scanning Your Face At 20 Top Airports, Documents Show

Slashdot - Your Rights Online - Pn, 2019-03-11 16:40
An anonymous reader shares a report: In March 2017, President Trump issued an executive order expediting the deployment of biometric verification of the identities of all travelers crossing its borders. That mandate stipulates facial recognition identification for "100 percent of all international passengers," including American citizens, in the top 20 US airports by 2021. Now, the United States Department of Homeland Security is rushing to get those systems up and running at airports across the country. But it's doing so in the absence of proper vetting, regulatory safeguards, and what some privacy advocates argue is in defiance of the law. According to 346 pages of as-yet-unpublished documents obtained by the nonprofit research organization Electronic Privacy Information Center, US Customs and Border Protection is scrambling to implement this "biometric entry-exit system," with the goal of using facial recognition technology on travelers aboard 16,300 flights per week -- or more than 100 million passengers traveling on international flights out of the United States -- in as little as two years, to meet Trump's accelerated timeline for a biometric system that had initially been signed into law by the Obama administration. This, despite questionable biometric confirmation rates and few, if any, legal guardrails. These same documents state -- explicitly -- that there were no limits on how partnering airlines can use this facial recognition data. CBP did not answer specific questions about whether there are any guidelines for how other technology companies involved in processing the data can potentially also use it. It was only during a data privacy meeting last December that CBP made a sharp turn and limited participating companies from using this data. But it is unclear to what extent it has enforced this new rule. CBP did not explain what its current policies around data sharing of biometric information with participating companies and third-party firms are, but it did say that the agency "retains photos ... for up to 14 days" of non-US citizens departing the country, for "evaluation of the technology" and "assurance of the accuracy of the algorithms" -- which implies such photos might be used for further training of its facial matching AI.

Read more of this story at Slashdot.

How Facebook Could Profit From Zuckerberg's So-Called 'Privacy' Push

Slashdot - Your Rights Online - N, 2019-03-10 10:34
Saturday the Associated Press analyzed Mark Zuckerberg's new vision for Facebook as an encrypted "privacy-focused communications platform." [C]ritics say the announcement obscures Facebook's deeper motivations: To expand lucrative new commercial services, continue monopolizing the attention of users, develop new data sources to track people and frustrate regulators who might be eyeing a breakup of the social-media behemoth. Facebook "wants to be the operating system of our lives," said Siva Vaidhyanathan, director of media studies at the University of Virginia... Vaidhyanathan said Zuckerberg wants people to abandon competing, person-to-person forms of communication such as email, texting and Apple's iMessage in order to "do everything through a Facebook product." The end goal could be transform Facebook into a service like the Chinese app WeChat , which has 1.1 billion users and includes the world's most popular person-to-person online payment system... But Zuckerberg said nothing in the Wednesday blog post about reforming privacy practices in its core business, which remains hungry for data. A recent Wall Street Journal report found that Facebook was still collecting personal information from apps such as user heart rates and when women ovulate ... Facebook also has trackers that harvest data on people's online behavior on about 30 percent of the world's websites , said Jeremy Tillman of Ghostery, a popular ad-blocker and anti-tracking software. "When they say they are building a private messaging platform there is nothing in there that suggests they are going to stop their data collection and ad-targeting business model," he said.

Read more of this story at Slashdot.

DST-Hating Reps in Washington State Vote To 'Ditch the Switch'

Slashdot - Your Rights Online - N, 2019-03-10 06:39
In the state of Washington, the House has voted 89 to 7 to "ditch the switch, bring the light, and defeat the dark night," says one representative. KOMO reports: Changing the clocks twice a year impacts the body's natural rhythms and is associated with a spike in heart attacks, strokes, and traffic collisions each year, according to the Washington State Department of Health's impact review. Extended daylight in the evening is also better for kids who play sports or who are active outside, Riccelli said. The bill now heads to the Senate for consideration.... The federal government would have the final say. And meanwhile, one Pennsylvania newspaper has published a state representative's op-ed calling for Pennsylvania to help lead the resistance in America's Eastern Standard Time zone, complaining that "This weekend, we again will be forced to comply with an archaic tradition, one that offers no benefits." There is no national crisis that changing clocks helps to alleviate. In fact, there are more negative side effects from changing clocks than benefits. Studies have shown that automobile accidents, workplace injuries, heart attacks, strokes, cluster headaches, miscarriages, depression, and suicides all increase in the weeks following clock changes. This government-mandated interruption of natural biological rhythms and sleep cycles can wreak havoc on job performance, academic results, and overall physical/mental health. Clock changes require farmers to make needless adjustments, as crops and animals live by the sunlight... During this legislative session, I will be working to advance this commonsense legislation that will not only end the antiquated ritual of changing clocks, but will also help preserve the health, safety, well-being, productivity, and lives of Pennsylvanians.

Read more of this story at Slashdot.

Japanese Police Charge 13-Year-Old Girl For Sharing 'Unclosable Popup' Code Online

Slashdot - Your Rights Online - So, 2019-03-09 23:34
"Japanese police have brought in, questioned, and charged a 13-year-old female student from the city of Kariya for sharing [links to] browser exploit code online," writes ZDNet. An anonymous reader shares their report: The code was a mere prank that triggered an infinite loop in JavaScript to show an "unclosable" popup when users accessed a certain link, Japanese news agency NHK reported yesterday. The popup could be closed in some browsers -- such as Edge and Firefox on desktop -- but couldn't be closed in others, such as Chrome on desktop and the majority of mobile browsers. The popup was hosted in several places online, and police say the teenager helped spread the links... The teenage girl did not create the malicious code, which had been shared on online forums by multiple users for the past few years. NHK reported that police also searched the house of a second suspect, 47-year-old man from Yamaguchi, and are also looking at three other suspects for the same "crime" of sharing the link on internet forums. Ars Technica found a tweet suggesting that the code was actually written in 2014.

Read more of this story at Slashdot.

Many Android VPN Apps Request 'Dangerous' Permissions They Don't Need

Slashdot - Your Rights Online - So, 2019-03-09 21:34
A VPN researcher found that many Android VPN apps request access to sensitive permissions that they don't need, according to an article shared by WaitingForSupport. ZDNet reports: The study, carried out by John Mason from TheBestVPN.com, analyzed 81 Android apps available for download through the Google Play Store. Mason said he downloaded and extracted the permissions requested by each VPN app from their respective APK installer files.... According to Mason, 50 of the 81 Android VPN apps he tested requested access to at least one dangerous permission that accessed user data... Mason said he discovered VPN apps that requested access to read/write permissions for external device storage, wanted access to precise location data, wanted the ability to read or write system settings, and, in some cases, wanted to access call logs or manage local files. "In theory, VPN apps should only need a few permissions to function. INTERNET and ACCESS_NETWORK_STATE should usually be enough," Mason told us. "The use of a large number of dangerous permissions could be cause for suspicion."

Read more of this story at Slashdot.