aggregator

Edward Snowden: 'The People Are Still Powerless, But Now They're Aware'

Slashdot - Your Rights Online - Wt, 2018-06-05 20:39
Edward Snowden has no regrets five years on from leaking the biggest cache of top-secret documents in history. He is wanted by the US. He is in exile in Russia. But he is satisfied with the way his revelations of mass surveillance have rocked governments, intelligence agencies and major internet companies. From a report Snowden, weighing up the changes, said some privacy campaigners had expressed disappointment with how things have developed, but he did not share it. "People say nothing has changed: that there is still mass surveillance. That is not how you measure change. Look back before 2013 and look at what has happened since. Everything changed." The most important change, he said, was public awareness. "The government and corporate sector preyed on our ignorance. But now we know. People are aware now. People are still powerless to stop it but we are trying. The revelations made the fight more even."

Read more of this story at Slashdot.

MyHeritage, a DNA Testing and Ancestry Service, Announces Data Breach of Over 92 Million Account Details

Slashdot - Your Rights Online - Wt, 2018-06-05 18:06
Joseph Cox, reporting for Motherboard: Unfortunately for customers of MyHeritage, a genealogy and DNA testing service, a researcher uncovered 92 million account details related to the company sitting on a server, according to an announcement from MyHeritage. The data relates to users who signed up to MyHeritage up to and including October 26, 2017 -- the date of the breach -- the announcement adds. Users of the Israeli-based company can create family trees and search through historical records to try and uncover their ancestry. In January 2017, Israeli media reported the company has some 35 million family trees on its website. In all, the breach impacted 92,283,889 users, according to MyHeritage's disclosure.

Read more of this story at Slashdot.

Hawaii Passes Law To Make State Carbon Neutral By 2045

Slashdot - Your Rights Online - Wt, 2018-06-05 15:00
An anonymous reader quotes a report from Fast Company: In a little less than three decades, Hawaii plans to be carbon neutral -- he most ambitious climate goal in the United States. Governor David Ige signed a bill today committing to make the state fully carbon neutral by 2045, along with a second bill that will use carbon offsets to help fund planting trees throughout Hawaii. A third bill requires new building projects to consider how high sea levels will rise in their engineering decisions. The state is especially vulnerable to climate change -- sea level rise, for example, threatens to cause $19 billion in economic losses -- and that's one of the reasons that the new laws had support. Transportation is a challenge -- while the state is planning for a future where cars run on renewable electricity, it also relies heavily on planes and ships, which will take longer to move to electric charging, and which Hawaii can't directly control. "Those are global transportation networks that don't have easy substitutes right now," Glenn says. "That's one of the reasons why we really want to pursue the carbon offset program, because we know we're going to continue to be dependent on shipping and aviation, and if they continue to burn carbon to bring us our tourists and our goods and our supplies and our food, then we want to try to have a way to sequester the impact we're causing by importing all this stuff to our islands." The government plans to sell carbon offsets to pay to plant native trees, which can help absorb CO2 from the atmosphere as they grow. The state is also working to become more self-sufficient. The governor aims to double local food production by 2030; right now, around 90% of what residents and tourists eat in Hawaii -- 6 million pounds of food a day -- comes from somewhere else, on planes or ships.

Read more of this story at Slashdot.

Apple Jams Facebook's Web-Tracking Tools

Slashdot - Your Rights Online - Wt, 2018-06-05 09:00
The next version of iOS and macOS "will frustrate tools used by Facebook to automatically track web users," reports BBC. At the company's developer conference, Apple's software chief Craig Federighi said, "We're shutting that down," adding that Safari would ask owners' permission before allowing the social network to monitor their activity. BBC reports: At the WWDC conference - held in San Jose, California - Mr Federighi said that Facebook keeps watch over people in ways they might not be aware of. "We've all seen these - these like buttons, and share buttons and these comment fields. "Well it turns out these can be used to track you, whether you click on them or not." He then pointed to an onscreen alert that asked: "Do you want to allow Facebook.com to use cookies and available data while browsing?" "You can decide to keep your information private." Apple also said that MacOS Mojave would combat a technique called "fingerprinting", in which advertisers try to track users who delete their cookies. The method involves identifying computers by the fonts and plug-ins installed among other configuration details. To counter this, Apple will present web pages with less details about the computer. "As a result your Mac will look more like everyone else's Mac, and it will be dramatically more difficult for data companies to uniquely identify your device," Mr Federighi explained.

Read more of this story at Slashdot.

5 Years on, US Government Still Counting Snowden Leak Costs

Slashdot - Your Rights Online - Pn, 2018-06-04 21:50
National Security Agency contractor Edward Snowden blew the lid off U.S. government surveillance methods five years ago, but intelligence chiefs complain that revelations from the trove of classified documents he disclosed are still trickling out. From a report: That includes recent reporting on a mass surveillance program run by close U.S. ally Japan and on how the NSA targeted bitcoin users to gather intelligence to combat narcotics and money laundering. The Intercept, an investigative publication with access to Snowden documents, published stories on both subjects. The top U.S. counterintelligence official said journalists have released only about 1 percent taken by the 34-year-old American, now living in exile in Russia, "so we don't see this issue ending anytime soon." "This past year, we had more international, Snowden-related documents and breaches than ever," Bill Evanina, who directs the National Counterintelligence and Security Center, said at a recent conference. "Since 2013, when Snowden left, there have been thousands of articles around the world with really sensitive stuff that's been leaked."

Read more of this story at Slashdot.

Facebook Gave Device Makers Deep Access To Data On Users and Friends

Slashdot - Your Rights Online - Pn, 2018-06-04 15:13
According to a report from The New York Times, Facebook formed data-sharing partnerships with Apple, Samsung, and dozens of other device makers, allowing them to access vast amounts of its users' personal information (Warning: source may be paywalled; alternative source). From the report: Facebook has reached data-sharing partnerships with at least 60 device makers -- including Apple, Amazon, BlackBerry, Microsoft and Samsung -- over the last decade, starting before Facebook apps were widely available on smartphones, company officials said. The deals allowed Facebook to expand its reach and let device makers offer customers popular features of the social network, such as messaging, "like" buttons and address books. But the partnerships, whose scope has not previously been reported, raise concerns about the company's privacy protections and compliance with a 2011 consent decree with the Federal Trade Commission. Facebook allowed the device companies access to the data of users' friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device makers could retrieve personal information even from users' friends who believed they had barred any sharing, The New York Times found. Most of the partnerships remain in effect, though Facebook began winding them down in April.

Read more of this story at Slashdot.

Snapchat's CEO On Facebook's Long History of Copying His Company's Products

Slashdot - Your Rights Online - N, 2018-06-03 18:16
Earlier this week, Snap's CEO Evan Spiegel publicly addressed Facebook's long-standing practice of copying his company's products, joking that Facebook should model Snap's approach to collecting less information about its users. "We would really appreciate it if they copied our data protection practices also," Spiegel said on Tuesday night at the Code Conference in Southern California. The Verge reports: Interviewer Kara Swisher asked Spiegel how he felt about Facebook's decision to copy key Snapchat innovations including ephemeral 24-hour stories and augmented reality lenses. Spiegel first said that his wife, Miranda Kerr, cared more about it than he did. Snap collects less data on users than Facebook does, though it does still allow advertisers to target ads based on demographic criteria that the company gathers. It has never offered a full-featured API that allows users to give away their friends' information, as Facebook once did. Spiegel went on to say that he looked at Facebook's copying as a designer. "If you design something that is so simple and so elegant, that the only thing other people can do is copy it exactly [...] that as a designer is really is the most fantastic thing in the world," Spiegel said.

Read more of this story at Slashdot.

Judge Rules Amazon Isn't Liable For Damages Caused By a Hoverboard It Sold

Slashdot - Your Rights Online - N, 2018-06-03 17:15
Earlier this week, a judge in Tennessee ruled that Amazon isn't liable for damages caused by a hoverboard that spontaneously exploded and burned down a family's house, even though they bought it on Amazon's website. "The plaintiff claimed that Amazon didn't properly warn her about the dangers they knew existed with the product, but the judge didn't agree," reports CNBC. At the time, hoverboards were all the rage; Amazon sold almost 250,000 of them over a 30-day period. The plaintiff claims the company had an obligation to warn customers properly about the dangers it knew existed. "[The plaintiff] bought the hoverboard on Amazon, the receipt came from Amazon, the box had an Amazon label and all the money was in Amazon's hands," adds CNBC. "[The plaintiff] has been unable to find the Chinese manufacturer of the device." From the report: It's the latest legal victory for Amazon, which has for years fended off litigation related to product quality and safety by arguing that, for a big and growing part of its business, it's just a marketplace. There are buyers on one end and sellers on the other -- the argument goes -- and Amazon connects them through a popular portal, facilitating the transaction with a sophisticated logistics system. The courts are reinforcing the power of Amazon's business model as the ultimate middleman. But for American consumers, there's growing cause for concern. [...] But if Amazon isn't liable when faulty products sold through its website cause personal injuries and property damage, customers are often left with no recourse. That's because it's frequently impossible for consumers to figure out who manufactured the defective product and hold that party responsible.

Read more of this story at Slashdot.

California's Efforts To Restrict Elon Musk's Flamethrowers Go Down In Flames

Slashdot - Your Rights Online - N, 2018-06-03 16:14
An anonymous reader quotes a report from Ars Technica: A California state bill that would have more heavily regulated the use of flamethrowers has now effectively fizzled out in a legislative committee. In light of this development, there's nothing to stop Boring Company customers in California from receiving the company's sold-out flamethrowers. On May 26, the day after the bill died in committee, CEO Elon Musk tweeted: "About to ship. @BoringCompany holding flamethrower pickup parties in a week or so, then deliveries begin. Check https://www.boringcompany.com/... for details." After Musk said he would be selling a flamethrower dubbed "Not a Flamethrower" to get around customs, Assemblyman Miguel Santiago (D-Los Angeles) authored a bill that would have imposed more restrictions on their acquisition and use. "I honestly thought it was a joke when I saw the news about this," the assemblyman said in a statement at the time. "This product, in the wake of California's deadliest wildfire year in state history, is incredibly insensitive, dangerous, and most definitely not funny." He added: "There are many times in which technology and inventions benefit society but are not made available to the public. We don't allow people to walk in off the street and purchase military grade tanks or armor-piercing ammunition... I cannot even begin to imagine the problems a flamethrower would cause firefighters and police officers alike."

Read more of this story at Slashdot.

California City Tries Universal Basic Income Programs -- Including One Targeting Potential Shooters

Slashdot - Your Rights Online - N, 2018-06-03 05:34
An anonymous reader quotes the Los Angeles Times: Mayor Michael Tubbs, a Stockton native and Stanford graduate who is all of 27 years old, wants to give at least $500 a month to a select group of residents. They'll be able to spend it as they wish, for 18 months, in a pilot program to test the impact of what's called guaranteed basic income... Workers in Silicon Valley and the San Francisco-Oakland area, driven out of the cuckoo housing markets in those communities, have snapped up cheaper properties in Stockton, accepting the bargain of killer commutes... But Stockton still suffers the crushing burdens of poverty, crime and now the rising rents and home prices that come with gentrification. For those who don't have the education or training to work 60 miles away on tech's front lines, Stockton still struggles to develop jobs that pay a living wage... Facebook's Mark Zuckerberg and Space X's Elon Musk have both pitched the idea in terms of inevitability, given the growing income gap and the threat of massive job losses because of automation... As small as the program will be, it's not going to dramatically affect many Stockton residents, but the goal is to get a sense of whether such an infusion on a broader scale can significantly alter lives and boost the economy. The program will be funded by private and nonprofit sources, according to the article. And while it may not start until early next year, Stockton is already launching a similar program where the benefits are more targeted. Stockton is about to award stipends of up to $1,000 a month to residents deemed most likely to shoot somebody... The idea is that a small number of people are responsible for a large percentage of violence, and offering them an alternative path -- with counseling and case management over an 18-month period, along with a stipend if they stay the course -- can be a good investment all around.

Read more of this story at Slashdot.

Richard Stallman Asks: Should Big Tech Be Taxed For Hurting Society?

Slashdot - Your Rights Online - N, 2018-06-03 01:34
Richard Stallman weighed in Friday on what he calls "massive commercial surveillance of individuals," saying that the two camps arguing about it "both miss the point." First there's the trustbusters who want to break Big Tech companies into smaller firms too small to eliminate their competition or exert undue influences on regulators. Then there's those who urge carefully-calibrated regulations to ensure tech companies always act in a way that's good for society. RMS writes: By arguing about whether to divide up the power that this data gives to businesses, or to regulate the use of it (perhaps nationalizing it), they miss the point that both alternatives destroy our privacy and give the state a perfect basis for repression. The danger is to collect that data at all. More generally, I think the idea of taxing companies for the magnitude of harm that they do (regardless of whether they broke any rules to do it) is a good one.

Read more of this story at Slashdot.

Uber Driver Kills His Passenger

Slashdot - Your Rights Online - So, 2018-06-02 23:34
An anonymous reader quotes the Washington Post: An Uber driver in Denver killed his passenger early Friday morning, telling a witness he had fired several times in self-defense, police said... Police say Michael Andre Hancock shot Hyun Kim, 45, with a semiautomatic pistol during a confrontation at 2:47 a.m. Friday, according to a partially redacted probable-cause affidavit provided to The Washington Post... Hancock does not have a criminal record in the state, the Denver Post reported. An Uber official said Hancock has been driving with the popular ride-hailing app for three years. His father, also named Michael Hancock, told KDVR-TV he had a permit to carry a concealed handgun. Putnam, the police spokeswoman, said she was unsure if that had been confirmed. Company policy says riders and drivers cannot carry firearms in vehicles while using the ride-sharing app. Some states have regulations that override that prohibition, but in Colorado, which allows guns in vehicles to protect lives and property, the regulation for Uber users still applies, Uber spokeswoman Carly DeBeikes told The Post in a statement. Uber, rocked by allegations of inadequate screening and abuse among its drivers and corporate leaders, said Hancock's access to the app was removed Uber was fined $8.9 million by Colorado regulators last year "for allowing 57 people with past criminal or motor vehicle offenses to drive for the company," reports the Denver Post. They note that in some cases Uber's drivers only had revoked or suspended licenses, while "a similar investigation of smaller competitor Lyft found no violations."

Read more of this story at Slashdot.

CSS Is Now So Overpowered It Can Deanonymize Facebook Users

Slashdot - Your Rights Online - So, 2018-06-02 22:34
An anonymous reader writes: Some of the recent additions to the Cascading Style Sheets (CSS) web standard are so powerful that a security researcher has abused them to deanonymize visitors to a demo site and reveal their Facebook usernames, avatars, and if they liked a particular web page of Facebook. Information leaked via this attack could aid some advertisers linking IP addresses or advertising profiles to real-life persons, posing a serious threat to a user's online privacy. The leak isn't specific to Facebook but affects all sites which allow their content to be embedded on other web pages via iframes. The actual vulnerability resides in the browser implementation of a CSS feature named "mix-blend-mode," added in 2016 in the CSS3 web standard. Security researchers have proven that by overlaying multiple layers of 1x1px-sized DIV layers on top of iframes, each layer with a different blend mode, they could determine what's displayed inside it and recover the data, to which parent websites cannot regularly access. This attack works in Chrome and Firefox, but has been fixed in recent versions.

Read more of this story at Slashdot.

Woman Looking At Apple Watch Found Guilty of Distracted Driving

Slashdot - Your Rights Online - So, 2018-06-02 21:34
Ontario law defines distracted driving as "holding or using a handheld wireless communication device" -- and a judge just fined Victoria Ambrose $400 for checking her Apple Watch while waiting at a stoplight. Long-time Slashdot reader innocent_white_lamb quotes the National Post: Even with its miniaturization and trendy technology, an Apple Watch is no safer "than a cellphone taped to someone's wrist," said a justice of the peace, while convicting a Guelph woman this month of holding or using a hand-held wireless communication device while driving... "The key to determining this matter is distraction. It is abundantly clear from the evidence that Ms. Ambrose was distracted..." When the light turned green Ambrose had remained parked at an intersection, according to the officer who ticketed her, though two cars ahead of her had moved forward. Ambrose testified that she was only checking the time, but the officer told the court he'd seen Ambrose check her watch four different times.

Read more of this story at Slashdot.

'Why I'm Switching From Chrome To Firefox and You Should Too'

Slashdot - Your Rights Online - So, 2018-06-02 19:34
An anonymous reader quotes an associate technology editor at Fast Company's Co.Design: While the amount of data about me may not have caused harm in my life yet -- as far as I know -- I don't want to be the victim of monopolistic internet oligarchs as they continue to cash in on surveillance-based business models. What's a concerned citizen of the internet to do? Here's one no-brainer: Stop using Chrome and switch to Firefox... [W]hy should I continue to use the company's browser, which acts as literally the window through which I experience much of the internet, when its incentives -- to learn a lot about me so it can sell advertisements -- don't align with mine....? Unlike Chrome, Firefox is run by Mozilla, a nonprofit organization that advocates for a "healthy" internet. Its mission is to help build an internet in an open-source manner that's accessible to everyone -- and where privacy and security are built in. Contrast that to Chrome's privacy policy, which states that it stores your browsing data locally unless you are signed in to your Google account, which enables the browser to send that information back to Google. The policy also states that Chrome allows third-party websites to access your IP address and any information that site has tracked using cookies. If you care about privacy at all, you should ditch the browser that supports a company using data to sell advertisements and enabling other companies to track your online movements for one that does not use your data at all.... Firefox protects you from being tracked by advertising networks across websites, which has the lovely side effect of making sites load faster... Ultimately, Firefox's designers have the leeway to make these privacy-first decisions because Mozilla's motivations are fundamentally different from Google's. Mozilla is a nonprofit with a mission, and Google is a for-profit corporation with an advertising-based business model.. While Firefox and Chrome ultimately perform the same service, the browsers' developers approached their design in a radically different way because one organization has to serve a bottom line, and the other doesn't. The article points out that ironically, Mozilla supports its developers partly with revenue from Google, which (along with other search engines) pays to be listed as one of the search engines available in Firefox's search bar. "But because it relies on these agreements rather than gathering user data so it can sell advertisements, the Mozilla Corporation has a fundamentally different business model than Google."

Read more of this story at Slashdot.

German Spy Agency Can Keep Tabs On Internet Hubs, Federal Court Rules

Slashdot - Your Rights Online - So, 2018-06-02 12:00
Earlier this week, a federal court in Germany threw out a challenge by the world's largest internet hub, the De-Cix exchange, against the tapping of its data flows by the BND foreign intelligence service. What this means is that the country's spy agency can continue to monitor major internet hubs if Berlin deems it necessary for strategic security interests. From a report: The operator had argued the agency was breaking the law by capturing German domestic communications along with international data. However, the court in the eastern city of Leipzig ruled that internet hubs "can be required by the federal interior ministry to assist with strategic communications surveillance by the BND." De-Cix says its Frankfurt hub is the world's biggest internet exchange, bundling data flows from as far as China, Russia, the Middle East and Africa, which handles more than six terabytes per second at peak traffic. De-Cix Management GmbH, which is owned by eco Association, the European internet industry body, had filed suit against the interior ministry, which oversees the BND and its strategic signals intelligence. It said the BND, a partner of the US National Security Agency (NSA), has placed so-called Y-piece prisms into its data-carrying fibre optic cables that give it an unfiltered and complete copy of the data flow. The surveillance sifts through digital communications such as emails using certain search terms, which are then reviewed based on relevance.

Read more of this story at Slashdot.

Trump Orders a Lifeline For Struggling Coal and Nuclear Plants

Slashdot - Your Rights Online - So, 2018-06-02 01:20
According to The New York Times, President Trump has ordered Energy Secretary Rick Perry to "prepare immediate steps" to stop the closure of unprofitable coal and nuclear plants around the country. From the report: Under one proposal outlined in the memo, which was reported by Bloomberg, the Department of Energy would order grid operators to buy electricity from struggling coal and nuclear plants for two years, using emergency authority that is normally reserved for exceptional crises like natural disasters. That idea triggered immediate blowback from a broad alliance of energy companies, consumer groups and environmentalists. On Friday, oil and gas companies joined with wind and solar organizations in a joint statement condemning the plan, saying that it was "legally indefensible" and would force consumers to pay more for electricity. The administration has also discussed invoking the Defense Production Act of 1950, which allows the federal government to intervene in private industry in the name of national security. (Harry S. Truman used the law to impose price controls on the steel industry during the Korean War.) If the Trump administration were to invoke these two statutes, the move would almost certainly be challenged in federal court by natural gas and renewable energy companies, which could stand to lose market share. Such an intervention could cost consumers between $311 million to $11.8 billion pear year, according to a preliminary estimate (PDF) by Robbie Orvis, director of energy policy design at Energy Innovation.

Read more of this story at Slashdot.

Top US Antitrust Official Uncertain of Need For Four Wireless Carriers

Slashdot - Your Rights Online - Pt, 2018-06-01 22:01
An anonymous reader shares a report: The head of the U.S. Justice Department's antitrust division, Makan Delrahim, declined on Friday to support the Obama administration's firm backing of the need for four U.S. wireless carriers. Asked about T-Mobile's plan to buy Sprint for $26 billion, Delrahim declined to reiterate the view of President Barack Obama's enforcers, who had said that four wireless carriers were needed. Instead, Delrahim told reporters, "I don't think there's any magical number that I'm smart enough to glean." He also said the department would look at the companies' arguments that the proposed merger was needed for them to build the next generation of wireless, referred to as 5G, but that they had to prove their case.

Read more of this story at Slashdot.

Google Plans Not To Renew its Contract for Project Maven, a Controversial Drone AI Imaging Program

Slashdot - Your Rights Online - Pt, 2018-06-01 21:20
Kate Konger, reporting for Gizmodo: Google will not seek another contract for its controversial work providing artificial intelligence to the U.S. Department of Defense for analyzing drone footage after its current contract expires. Google Cloud CEO Diane Greene announced the decision at a meeting with employees Friday morning, three sources told Gizmodo. The current contract expires in 2019 and there will not be a follow-up contract, Greene said. The meeting, dubbed Weather Report, is a weekly update on Google Cloud's business. Google would not choose to pursue Maven today because the backlash has been terrible for the company, Greene said, adding that the decision was made at a time when Google was more aggressively pursuing military work. The company plans to unveil new ethical principles about its use of AI next week.

Read more of this story at Slashdot.

Thousands of Organizations Are Exposing Sensitive Data Via Google Groups Lists, Researchers Find

Slashdot - Your Rights Online - Pt, 2018-06-01 20:40
Brian Krebs reports: Google is reminding organizations to review how much of their Google Groups mailing lists should be public and indexed by Google.com. The notice was prompted in part by a review that KrebsOnSecurity undertook with several researchers who've been busy cataloging thousands of companies that are using public Google Groups lists to manage customer support and in some cases sensitive internal communications. Google Groups is a service from Google that provides discussion groups for people sharing common interests. Because of the organic way Google Groups tend to grow as more people are added to projects -- and perhaps given the ability to create public accounts on otherwise private groups -- a number of organizations with household names are leaking sensitive data in their message lists. Many Google Groups leak emails that should probably not be public but are nevertheless searchable on Google, including personal information such as passwords and financial data, and in many cases comprehensive lists of company employee names, addresses and emails. Google has outlined instructions on how to secure the discussion boards.

Read more of this story at Slashdot.