More Than Half of People Believe Using Spyware To Snoop On Family Members Is Legal, Study Finds

Slashdot - Your Rights Online - Pt, 2017-05-05 23:00
An anonymous reader writes: A new study shows that 53 percent of people believe it's legal to install a program on a family member's phone to snoop on their activity. The survey of more than 2,000 people in the US and UK by software comparison service also finds 57 percent would consider spying on their children's phone conversations and messages. [...] It is generally illegal to install an app on another person's phone without their knowledge. Though this does depend on the circumstances. "It's a legal grey area, in that the laws haven't been truly tested in this arena as of yet since the technology is relatively new, so as relevant cases move through the legal system they'll be decided on a case by case basis," says Josh King, a legal expert in privacy laws and the chief legal officer of Avvo, an online legal marketplace in the US. "Intentional infliction of emotional distress, fraud claims -- all could be implicated, depending on the circumstances. It's also possible that the Computer Fraud and Abuse Act could be used to prosecute someone who installs this type of app on someone else's phone."

Read more of this story at Slashdot.

Seattle Restored ISP Privacy Rules in the First Local Blow To Trump's Rollback

Slashdot - Your Rights Online - Pt, 2017-05-05 21:20
An anonymous reader shares a report: A majority of Americans from both parties objected to a law passed by Congress and signed by President Trump in April that gives internet service providers the go-ahead to collect and sell users' browsing history without users' consent. This week, Seattle became the first municipality in the country to fight that rollback, in effect restoring ISP privacy rules for city residents under municipal code. The city's Cable Customer Bill of Rights, dating back to 1999, gives the city authority to set privacy standards over cable providers. In a new rule added on Wednesday on the urging of Mayor Ed Murray, cable internet providers must obtain opt-in consent from users before collecting their web-browsing history or other internet usage data, including details on a person's health and finances.

Read more of this story at Slashdot.

Microsoft Tests a Secured Edge Browser For Business

Slashdot - Your Rights Online - Pt, 2017-05-05 20:00
An anonymous reader writes: Microsoft is in the testing stage of a new feature in its Edge browser for Windows 10 that is malware-proof as it partitions the browser window from the rest of the computer. This will be a welcome addition for users who are worried about the legitimacy of sites they want to visit. The new feature, catchily dubbed Windows Defender Application Guard, is part of the recently launched Windows Insider Previews. In order to access it you'll need to be a member of Microsoft's business service Enterprise, and have your settings calibrated so you're in the testing group called Fast Ring. Application Guard works by creating a virtual PC that is entirely separate from all storage, other apps, and the Windows 10 Kernel, meaning that the browser should be completely impervious to malware.

Read more of this story at Slashdot.

Leaked Document Reveals UK Plans For Wider Internet Surveillance

Slashdot - Your Rights Online - Pt, 2017-05-05 18:40
The UK government is planning to push greater surveillance powers that would force internet providers to monitor communications in near-realtime and install backdoor equipment to break encryption, according to a leaked document. From a report on ZDNet: A draft of the proposed new surveillance powers, leaked on Thursday, is part of a "targeted consultation" into the Investigatory Powers Act, brought into law last year, which critics called the "most extreme surveillance law ever passed in a democracy." Provisions in proposals show that the government is asking for powers to compel internet providers to turn over the realtime communications of a person "in an intelligible form," including encrypted content, within one working day. To that end, internet providers will be forced to introduce a backdoor point on their networks to allow intelligence agencies to read anyone's communications.

Read more of this story at Slashdot.

A New Instance of Android Malware is Discovered Every 10 Seconds, Say Researchers

Slashdot - Your Rights Online - Pt, 2017-05-05 17:20
An anonymous reader shares a report: Security firm G Data says that a new piece of Android malware is discovered every 10 seconds. At this rate, the company is predicting that there will be 3,500,000 new malicious Android files by the end of the year. "The threat level for users with smartphones and tablets with an Android operating system remains high. In all, the G DATA security experts expect around 3.5 million new Android malware apps for 2017," they said. The firm said that the risk was heightened by the fact that only a small minority of users are on the latest version of Android.

Read more of this story at Slashdot.

EFF, Sen. Anderson Sponsor California License Plate Privacy Legislation

Electronic Frontier Foundation - Pt, 2017-05-05 16:48

Sacramento—The Electronic Frontier Foundation (EFF) and Sen. Joel Anderson (R-Alpine) have introduced a California bill to protect drivers’ privacy by allowing them to cover their license plates while parked to avoid being photographed by automated license plate readers (ALPRs).

The legislation will be considered by the California Senate Transportation and Housing Committee on Tuesday, May 9, 2017. EFF Investigative Researcher Dave Maass will testify as a witness in support of the bill.

Under current law, Californians can cover their entire vehicles—including the plates—when lawfully parked. The proposed bill, S.B. 712, would clarify that California drivers can cover just the plate under the same circumstances. Law enforcement officers would still have the authority to lift the cover to inspect a license plate.

ALPRs are high-speed cameras that photograph the license plates of any vehicles that pass within view and convert the plate scans into machine-readable information. GPS coordinates and time stamps are attached to the data, which is uploaded to a searchable central database. Depending on the database, this information may be accessed by a variety of sectors, including law enforcement, the insurance industry, and debt collectors. In aggregate, this data can reveal sensitive, private location information about innocent people, such as their travel patterns, where they sleep at night, where they worship, when they attend political protests or gun shows, and what medical facilities they visit.

The bill would allow vehicle owners to shield their license plates from ALPRs mounted on police cars or vehicles operated by private surveillance companies that cruise down streets and in parking lots photographing licenses of parked cars. These companies often offer services such as the ability to predict a driver’s movements or to identify a driver’s associates based on vehicles regularly found parked near each other. 

“Californians deserve a way to protect themselves from the data miners of the roadway—automated license plate reader companies,” said Maass. “This bill doesn’t put a new burden on law enforcement or businesses, but rather gives members of the public who aren’t breaking the law a way to ensure they’re not being spied on once they’ve legally parked their car.”

If the information is breached, accessed by unauthorized users, or sold publicly, ALPR data has the potential to put people in real danger, such as making domestic violence victims’ travel patterns available to their ex-partners. Law enforcement officials should also support this bill, since ALPR data can also reveal information about the home lives of officers or their meetings with witnesses. People could protect themselves when they visit sensitive locations, such as political rallies and protests.

“State law allows for fully covered vehicles if law enforcement can lift the cover to read the license plate and registration,” Sen. Anderson said. “S.B. 712 would specifically allow for partially covering vehicles including the license plate only.”

Hearing details:

Who: Dave Maass, Electronic Frontier Foundation Investigative Researcher

When: Tuesday, May 9, 1:30 pm

Where: California State Capitol, Room 4203
             10th and L Streets
             Sacramento, CA 95814

Text of the legislation:

EFF’s Support Letter:

EFF's Second letter on the Constitutional right to privacy:

Official S.B. 712 Fact Sheet:

For more on ALPRs:

Contact: Dave Maass

Justice Department Opens Criminal Probe Into Uber

Slashdot - Your Rights Online - Pt, 2017-05-05 16:00
parallel_prankster quotes a report from Washington Post: The Department of Justice has launched a criminal investigation into Uber's use of a secret software that was used to evade authorities in places where its ride-sharing service was banned or restricted, according to a person familiar with the government's probe. The investigation is in its early stages, but deepens the crisis for the embattled company and its chief executive and founder Travis Kalanick, who has faced a barrage of negative press this year in the wake of high-profile sexual harassment complaints, a slew of high-level executive departures, and a consequential trade secrets lawsuit from Google's parent company. The federal criminal probe, first reported by Reuters, focuses on software developed by Uber called "Greyball." The program helped the company evade officials in cities where Uber was not yet approved. The software identified and blocked rides to transportation regulators who were posing as Uber customers to prove that the company was operating illegally.

Read more of this story at Slashdot.

Digital Economy Act: Illegal Kodi Streams Could Now Land Users In Prison For 10 Years

Slashdot - Your Rights Online - Pt, 2017-05-05 15:00
An anonymous reader quotes a report from The Independent: The Digital Economy Act has passed into law, meaning people could now face ten-year prison sentences for illegally streaming copyrighted content. It covers a wide number of areas, including broadband speeds, access to online pornography and government data-sharing. However, amid the rising popularity of Kodi, an increase to the maximum prison term -- from two years to ten -- for people guilty of copyright infringement is particularly interesting. Anyone caught streaming TV shows, films and sports events illegally using websites, torrents and Kodi add-ons could technically face a decade behind bars. However, the new law will most likely target individuals and groups making a business out of selling illegal content, FACT CEO Kieron Sharp told the Mirror. The Independent also notes in a separate report that The Digital Economy Act could allow UK police to "remotely disable mobile phones, even before the user actually commits a crime." The Digital Economy Act "contains a section stating that officers will be able to place restrictions on handsets that they believe are being used by drug dealers," reports The Independent.

Read more of this story at Slashdot.

AMD and Nvidia Silicon Manufacturing Secrets Allegedly Stolen, Sold To China

Slashdot - Your Rights Online - Pt, 2017-05-05 12:00
According to a report on DigiTimes, a former TSMC engineer has been accused of stealing the secrets of their 28nm manufacturing process and taking them across the Taiwan Straits to Chinese rival, HLMC. "The Taiwan Semiconductor Manufacturing Company (TSMC) produce the chips for the great and the good of the PC hardware market, specifically Nvidia and latterly AMD," reports PCGamesN. From the report: The report claims the former engineer, known only as Hsu, has been accused of taking details and materials relating to TSMC's 28nm manufacturing process and handing them over to Shanghai Huali Microelectronics (HLMC) after being offered a job there. The engineer was arrested before he even had a chance to start his new job on mainland China. This isn't the first reported instance of potentially shady dealings involving HLMC. DigiTimes previously reported that the Chinese foundry had headhunted a team of up to 50 research and development engineers from Taiwan's first semiconductor company, United Microelectronics (UMC), to help them get their 28nm production process up to speed. DigiTimes also alleges that some Chinese memory manufacturers have been doing the same thing, headhunting Taiwanese talent to get their own fabs off the ground, and that Micron are taking legal action against some of their Taiwan partners for allegedly nicking their tech and handing it over to China-based RAM companies.

Read more of this story at Slashdot.

California Seeks To Tax Rocket Launches, Which Are Already Taxed

Slashdot - Your Rights Online - Pt, 2017-05-05 05:30
The state of California is looking into taxing its thriving rocket industry. The Franchise Tax Board has issued a proposed regulation for public comment that would require companies that launch spacecraft to pay a tax based upon "mileage" traveled by that spacecraft from California. Ars Technica reports: The proposal says that California-based companies that launch spacecraft will have to pay a tax based upon "mileage" traveled by that spacecraft from California. (No, we're not exactly sure what this means, either). The proposed regulations were first reported by the San Francisco Chronicle, and Thomas Lo Grossman, a tax attorney at the Franchise Tax Board, told the newspaper that the rules are designed to mirror the ways taxes are levied on terrestrial transportation and logistics firms operating in California, like trucking or train companies. The tax board is seeking public input from now until June 16, when it is expected to vote on the proposed tax. The federal government already has its own taxes for commercial space companies, and until now no other state has proposed taxing commercial spaceflight. In fact most other states, including places like Florida, Texas, and Georgia, offer launch providers tax incentives to move business into their areas.

Read more of this story at Slashdot.

Google Was Warned About This Week's Mass Phishing Email Attack Six Years Ago

Slashdot - Your Rights Online - Pt, 2017-05-05 02:20
An anonymous reader quotes a report from Motherboard: For almost six years, Google knew about the exact technique that someone used to trick around one million people into giving away access to their Google accounts to hackers on Wednesday. Even more worrisome: other hackers might have known about this technique as well. On October 4, 2011, a researcher speculated in a mailing list that hackers could trick users into giving them access to their accounts by simply posing as a trustworthy app. This attack, the researcher argued in the message, hinges on creating a malicious application and registering it on the OAuth service under a name like "Google," exploiting the trust that users have in the OAuth authorization process. OAuth is a standard that allows users to grant websites or applications access to their online email and social networking accounts, or parts of their accounts, without giving up their passwords. "Imagine someone registers a client application with an OAuth service, let's call it Foobar, and he names his client app 'Google, Inc.'. The Foobar authorization server will engage the user with 'Google, Inc. is requesting permission to do the following,'" Andre DeMarre wrote in the message sent to the Internet Engineering Task Force (IETF), the independent organization responsible for many of the internet's operating standards. "The resource owner might reason, 'I see that I'm legitimately on the site, and Foobar is telling me that Google wants permission. I trust Foobar and Google, so I'll click Allow,'" DeMarre concluded. As it turns out, DeMarre claims he warned Google directly about this vulnerability in 2012, and suggested that Google address it by checking to see ensure the name of any given app matched the URL of the company behind it. In a Hacker News post, DeMarre said he reported this attack vector back then, and got a "modest bounty" for it.

Read more of this story at Slashdot.

Majority of US Households Now Cellphone-Only, Government Says

Slashdot - Your Rights Online - Pt, 2017-05-05 01:40
The National Center for Health Statistics has released a report that says, for the first time in history, U.S. households with landlines are now in the minority. Network World reports: The second 6 months of 2016 was the first time that a majority of American homes had only wireless telephones. Preliminary results from the July-December 2016 National Health Interview Survey (NHIS) indicate that 50.8% of American homes did not have a landline telephone but did have at least one wireless telephone (also known as cellular telephones, cell phones, or mobile phones) -- an increase of 2.5 percentage points since the second 6 months of 2015. Young adults (25-34) and those who rent are most likely to live wireless-only, as 70 percent of that demographic lives with a landline.

Read more of this story at Slashdot.

Billboards Target Lawmakers Who Voted To Let ISPs Sell User Information

Slashdot - Your Rights Online - Pt, 2017-05-05 00:00
An anonymous reader quotes a report from The Verge: When Congress voted in March to block FCC privacy rules and let internet service providers sell users' personal data, it was a coup for the telecom industry. Now, the nonprofit, pro-privacy group Fight for the Future is publicizing just how much the industry paid in an attempt to sway those votes. The group unveiled four billboards, targeting Reps. Marsha Blackburn and John Rutherford, as well as Sens. Jeff Flake and Dean Heller. All four billboards, which were paid for through donations, were placed in the lawmakers' districts. "Congress voting to gut Internet privacy was one of the most blatant displays of corruption in recent history," Fight for the Future co-founder Tiffiniy Cheng said in a statement on the project. The billboards accuse the lawmakers of betraying their constituents, and encourage passersby to call their offices.

Read more of this story at Slashdot.

User Expresses Privacy Concerns After Software Update Replaces Default Phone App

Slashdot - Your Rights Online - Cz, 2017-05-04 20:40
An anonymous reader writes: Since I am not living in my home country, I frequently use two different SIM cards and prefer having a phone with dual-sim support. This limits your choice significantly when buying a new device and last time I bought one, I opted for the Wileyfox Swift. It was cheap, had most features I desired and shipped with CyanogenMod (Android) -- which, I thought, might indicate that Wileyfox delivers a slim, privacy-aware system. Yesterday, I was delighted to see that Wileyfox provides an update to a new version of Android (7.1.1) and I didn't hesitate long to install the upgrade. Concerns that the hardware might not hold-up to the new system showed to be unfounded and everything seemed to work just fine. But when I realised that the dialler now labelled itself as 'truecaller' -- something I had never heard of, shoot, I didn't even know the dialler is an app -- it gave rise to a bad suspicion: Is some of my phone's core functionality now provided by a 3rd-party app? Indeed. Does it respect my privacy? No. Can I uninstall it again? No. Was I ever asked to comply with their terms and conditions? Of course not. On top of this, Truecaller doesn't seem to have a clean background. Here's how an Indian daily (Truecaller seems to be popular in emerging regions) described the app: Truecaller is a popular app that shows you contact details of unknown numbers calling you. It crowdsources contact details from all its users' address books. So even if you've never used the service, your name and number could be on Truecaller's database, thanks to someone else who's saved your contact details and allowed the app to access them.

Read more of this story at Slashdot.

How Good is Antivirus Software at Protecting Itself?

Slashdot - Your Rights Online - Cz, 2017-05-04 19:20
An anonymous reader writes: Earlier this week, AV-TEST evaluated 19 security suites and found that only three of them seemed to be well protected from savvy potential hackers. First, some context about the tests: The first test measured how well each program uses address space layout randomization (ASLR) and data execution prevention (DEP). Briefly, ASLR randomizes a computer's memory allocation, making it harder for an attacker to target a particular process in a program; DEP is a Windows protocol that designates some memory as non-executable space (other operating systems do this under different names), making it harder (or impossible) for unauthorized programs to run in that space. The second test measured whether the AV programs digitally signed their software-update files. Signing is a way of determining a file's origin and authenticity; unsigned files could be more easily substituted with malicious ones. The final test was the simplest, and determined whether an AV manufacturers delivered its software updates via the encrypted HTTPS web protocol. Lack of encryption makes it easy for an attacker to stage a man-in-the-middle attack by intercepting the data transmission, altering the data and then sending the data back on its way. Of the 19 programs tested, only three succeeded on all counts: Bitdefender Internet Security 2017, ESET Internet Security 10 and Kaspersky Internet Security 17.0. It's difficult to rank the rest of the programs, as each one succeeded and failed to varying degrees.

Read more of this story at Slashdot.

Over 200 Android Apps Are Currently Using Ultrasonic Beacons To Track Users

Slashdot - Your Rights Online - Cz, 2017-05-04 16:40
Catalin Cimpanu, writing for BleepingComputer: A team of researchers from the Brunswick Technical University in Germany has discovered an alarming number of Android apps (234, to be exact) that employ ultrasonic tracking beacons to track users and their nearby environment. Their research paper focused on the technology of ultrasound cross-device tracking (uXDT) that became very popular in the last three years. uXDT is the practice of advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that are picked up by the microphone of nearby laptops, desktops, tablets or smartphones. SDKs embedded in apps installed on those devices relay the beacon back to the online advertiser, who then knows that the user of TV "x" is also the owner of smartphone "Y" and links their two previous advertising profiles together, creating a broader picture of the user's interests, device portfolio, home, and even family members.

Read more of this story at Slashdot.

'First Pirated Ultra HD Blu-Ray Disk' Appears Online

Slashdot - Your Rights Online - Cz, 2017-05-04 11:00
Has AACS 2.0 encryption used to protect UHD Blu-ray discs been cracked? While the details are scarce, a cracked copy of a UHD Blu-ray disc surfaced on the HD-focused BitTorrent tracker UltraHDclub. TorrentFreak reports: The torrent in question is a copy of the Smurfs 2 film and is tagged "The Smurfs 2 (2013) 2160p UHD Blu-ray HEVC Atmos 7.1-THRONE." This suggests that AACS 2.0 may have been "cracked" although there are no further technical details provided at this point. UltraHDclub is proud of the release, though, and boasts of having the "First Ultra HD Blu-ray Disc in the NET!" Those who want to get their hands on a copy of the file have to be patient though. Provided that they have access to the private tracker, it will take a while to download the entire 53.30 GB disk. TorrentFreak reached out to both the uploader of the torrent and an admin at the site hoping to find out more, but thus far we have yet to hear back. From the details provided, the copy appears to be the real deal although not everyone agrees.

Read more of this story at Slashdot.

Court Rules In 'Sextortion' Case That Phone PINs Are Not Protected By Fifth Amendment

Slashdot - Your Rights Online - Cz, 2017-05-04 01:20
An anonymous reader quotes a report from CNN: Can authorities access potentially incriminating information on your phone by compelling you to reveal your passcode? Or is access to your phone's secrets protected under the Constitution? The answer, at least in an extortion case involving bikini-clad models, social media celebrities and racy images, is that phone passcodes are not protected, a judge ruled Wednesday. The case stems from the arrest of Hencha Voigt, 29, and her then-boyfriend, Wesley Victor, 34, last July on charges of extortion. Voigt and Victor threatened to release sexually explicit videos and photos of social media star "YesJulz," whose real name is Julienna Goddard, unless she paid them off, according to a Miami Police Department report. Both Voigt and "YesJulz" are big names on social media. Voigt is a fitness model and Instagram celebrity who starred last fall on "WAGS Miami," an E! reality TV show about the wives and girlfriends of sports figures in South Beach. As part of the ongoing investigation into the case, prosecutors have sought to search Voigt's and Victor's phones and asked a judge to order the two to give up their phone passcodes. Prosecutors have obtained the text messages sent to Goddard, but they have been unable to bypass the passcodes on the suspects' phones -- Voigt's iPhone and Victor's BlackBerry -- to search for more evidence. As such, prosecutors filed a motion asking a circuit court judge to compel the defendants to give their passwords to authorities. A judge on Wednesday ruled on behalf of prosecutors and ordered Voigt and Victor to give up their phone passwords, according to Bozanic, Victor's attorney.

Read more of this story at Slashdot.

Gmail, Google Docs Users Hit By Massive Email Phishing Scam

Slashdot - Your Rights Online - Śr, 2017-05-03 22:40
New submitter reyahtbor warns of a "massive" phishing attack sweeping the web: Multiple media sources are now reporting on a massive Gmail/Google Docs phishing attack. The Independent is among the top publications reporting about it: "Huge numbers of people may have been compromised by the phishing scam that allows hackers to take over people's email accounts. It's not clear who is running the quickly spreading scam or why. But it gives people access to people's most personal details and information, and so the damage may be massive. The scam works by sending users an innocent looking Google Doc link, which appears to have come from someone you might know. But if it's clicked then it will give over access to your Gmail account -- and turn it into a tool for spreading the hack further. As such, experts have advised people to only click on Google Doc links they are absolutely sure about. If you have already clicked on such a link, or may have done, inform your workplace IT staff as the account may have been compromised. The hack doesn't only appear to be affecting Gmail accounts but a range of corporate and business ones that use Google's email service too. If you think you may have clicked on it, you should head to Google's My Account page. Head to the permissions option and remove the 'Google Doc' app, which appears the same as any other." UPDATE 5/3/17: Here's Google's official statement on today's phishing attack: "We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."

Read more of this story at Slashdot.

Waymo: Uber Plotted With Former Exec Before He Left Google

Slashdot - Your Rights Online - Śr, 2017-05-03 21:26
Ina Fried, writing for Axios: Lawyers for Google's former self-driving car unit showed internal Uber emails Wednesday that it says bolster its case that former executive Anthony Levandowski was conspiring to steal trade secrets before he left Waymo. The parties are in court Wednesday trying to convince a federal judge to halt Uber's work on self-driving cars. In arguing for an injunction, Waymo lawyers argued that Uber and Levandowski devised a plan to come up with a company for Uber to later buy. Uber did later purchase Otto, a self-driving truck company where Levandowski was a founder. "Clandestine plan": "Secretly Levandowski and Uber were planning while he was still at waymo and negotiating a deal," Waymo outside attorney Charles Verhoeven said, siting internal Uber e-mails, including some from former Uber executive Brian McClendon, a former Google Maps head who ran some of Uber's advanced technology operations before leaving the company in March. "There was this clandestine plan all along that Uber and Levandowski had a deal."

Read more of this story at Slashdot.