aggregator

Instagram Tests Sharing Your Location History With Facebook

Slashdot - Your Rights Online - So, 2018-10-06 01:30
Instagram is testing a feature that would allow it to share your location data with Facebook, regardless of whether you're using the app or not. Researcher Jane Manchun Wong says the option, which is being tested as a setting you have to opt-in to, allows Facebook products to "build and use a history of precise locations" which the company says "helps you explore what's around you, get more relevant ads and helps improve Facebook." The Verge reports: In a statement to TechCrunch, a spokesperson from Facebook confirmed that there was no guarantee the feature would see a wide release. "We often work on ideas that may evolve over time or ultimately not be tested or released. Instagram does not currently store Location History; we'll keep people updated with any changes to our location settings in the future." Wong has a history of correctly identifying features like this before they're officially announced. She has previously leaked Facebook's dating application, Instagram's updated two-factor authentication, and Instagram's school bio feature. Facebook is also reportedly testing a map view to see friend's locations, similar to what's already offered by Snapchat. Instagram's data sharing could provide additional data points to power this functionality, while providing Facebook with more data to better target its ads.

Read more of this story at Slashdot.

China's Tencent Employs Facial Recognition To Detect Minors in Top-Grossing Mobile Game

Slashdot - Your Rights Online - Pt, 2018-10-05 21:20
AmiMoJo shares a report: Tencent Holdings, the world's top-grossing games publisher, will use facial recognition technology to detect minors amid tighter scrutiny by the Chinese government over concerns excessive video gaming is hurting public health. Tencent's blockbuster mobile title, Honour of Kings, will be the first to test the technology, with some 1,000 new users in Beijing and Shenzhen selected to verify their identities through camera checks, the company said in a statement. In mid-September, Tencent found that almost half of the 600 game-playing minors and their parents who took part in its survey doubted facial-recognition checks in games, according to the statement. Tencent said it hoped to see how to use facial recognition and unearth problems through the scheme.

Read more of this story at Slashdot.

California Bans Default Passwords on Any Internet-Connected Device

Slashdot - Your Rights Online - Pt, 2018-10-05 20:40
In less than two years, anything that can connect to the internet will come with a unique password -- that is, if it's produced or sold in California. From a report: The "Information Privacy: Connected Devices" bill that comes into effect on January 1, 2020, effectively bans pre-installed and hard-coded default passwords. It only took the authorities about two weeks to approve the proposal made by the state senate. The new regulation mandates device manufacturers to either create a unique password for each device at the time of production or require the user to create one when they interact with the device for the first time. According to the bill, it applies to any connected device, which is defined as a "physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address."

Read more of this story at Slashdot.

Seven Russian Hackers Charged With Hacking Anti-Doping Organizations

Slashdot - Your Rights Online - Pt, 2018-10-05 02:45
Seven Russian intelligence officers have been indicted by the Justice Department for computing hacking, wire fraud, money laundering, and identity theft -- all as part of an effort to distract from Russia's state-sponsored doping program. The defendants reportedly stole and disseminated the personal information of several prominent anti-doping officials and 250 athletes following the 2014 Sochi Olympics. The Verge reports: The indictment names all seven of the accused as members of the Russian Federation intelligence agency (or GRU) housed within the intelligence directorate of the Russian military. Three of the defendants were also charged as part of the Mueller investigation regarding hacking the Democratic National Convention in an attempt to compromise U.S. election infrastructure in 2016. The Justice Department claimed in its indictment that the GRU officials were working to undermine the advocacy of anti-doping organizations, officials, and athletes following the exposure of a Russian state-sponsored doping campaign in 2015. Login credentials were stolen through classic phishing techniques, which, in some cases, gave the hackers access to the medical profiles of some athletes. This information was then disseminated over social media by the hackers who disguised themselves as a hacktivist group called the Fancy Bears' Hack Team. In the case of four-time Olympic gold medalist runner Mo Farah, the Fancy Bears' Hack Team had gained access to his "biological passport." This set of information tracks the blood data of athletes in order to monitor the potentiality of doping. The group then posted the contents of Farah's profile over social media, pointing to results that claimed he was "likely doping." By use of this method, the hackers were able to subvert media attention away from Russia's doping accusations and point the finger at other countries as well. The indictment claims that the hackers spoke to 186 different reporters in order to "amplify the exposure" of their message.

Read more of this story at Slashdot.

US Department of Transportation Updates Autonomous Car Rules

Slashdot - Your Rights Online - Pt, 2018-10-05 00:00
The U.S. Department of Transportation (DOT) has released a report called "Preparing for the Future of Transportation: Automated Vehicles 3.0," which includes a new set of voluntary guidelines for automated driving systems. According to Engadget, the report "outlines additional safety principles, updates policy and offers guidance to state and local governments." From the report: The report notes that it's meant to be an update to, but not a replacement of, last year's guidance, and it encourages those developing automated driving systems to make public their Voluntary Safety Self-Assessments, which were introduced in last year's report. It also updates the list of best practices for state and local governments considering automated vehicle testing and operation. The agency also takes measures to clarify its policies and roles in regards to autonomous technology implementation. First, it's doing away with the Automated Vehicle Proving Grounds announced last year -- a list of 10 self-driving test sites that were eligible for federal funding. The DOT said that due to the "rapid increase in automated vehicle testing activities in many locations, there is no need for U.S. DOT to favor particular locations." Additionally, the agency is working on updating language and regulations that it said unintentionally hamper automated vehicle progress. It will adapt its definitions of "driver" and "operator" to reflect that they no longer always refer to humans and can encompass automated systems. The DOT also announced a future notice of proposed rulemaking that will suggest exceptions to certain safety standards that apply only to human drivers -- such as pedals, brakes, mirrors and steering wheels -- for automated systems.

Read more of this story at Slashdot.

BlackBerry Races Ahead of Security Curve With Quantum-Resistant Solution

Slashdot - Your Rights Online - Cz, 2018-10-04 23:20
An anonymous reader quotes a report from TechCrunch: Quantum computing represents tremendous promise to completely alter technology as we've known it, allowing operations that weren't previously possible with traditional computing. The downside of these powerful machines is that they could be strong enough to break conventional cryptography schemes. Today, BlackBerry announced a new quantum-resistant code signing service to help battle that possibility. The solution, which will be available next month, is actually the product of a partnership between BlackBerry and Isara Corporation, a company whose mission is to build quantum-safe security solutions. BlackBerry is using Isara's cryptographic libraries to help sign and protect code as security evolves. "By adding the quantum-resistant code signing server to our cybersecurity tools, we will be able to address a major security concern for industries that rely on assets that will be in use for a long time. If your product, whether it's a car or critical piece of infrastructure, needs to be functional 10-15 years from now, you need to be concerned about quantum computing attacks," Charles Eagan, BlackBerry's chief technology officer, said in a statement. Some of the long-lived assets include aerospace equipment, connected cars, or transportation infrastructure -- basically anything that will still be in use several years from now when quantum computing attacks are expected to emerge.

Read more of this story at Slashdot.

Apple CEO Tim Cook Says Giving Up Your Data For Better Services is 'a Bunch of Bunk'

Slashdot - Your Rights Online - Cz, 2018-10-04 20:07
Apple chief executive Tim Cook urged consumers not to believe the dominant tech industry narrative that the data collected about them will lead to better services. From a report: In an interview with "Vice News Tonight" that aired Tuesday, Cook highlighted his company's commitment to user privacy, positioning Apple's business as one that stands apart from tech giants that compile massive amounts of personal data and sell the ability to target users through advertising [The link may be paywalled; alternative source]. "The narrative that some companies will try to get you to believe is: I've got to take all of our data to make my service better," he said. "Well, don't believe them. Whoever's telling you that, it's a bunch of bunk." [...] Cook said in the interview that he is "exceedingly optimistic" that the topic of data privacy has reached an elevated level of public debate. "When the free market doesn't produce a result that's great for society you have to ask yourself what do we need to do. And I think some level of government regulation is important to come out on that."

Read more of this story at Slashdot.

Vice President Mike Pence Says Google Should Halt Dragonfly App Development

Slashdot - Your Rights Online - Cz, 2018-10-04 18:00
On Thursday, the U.S. Vice President Mike Pence weighed in on Dragonfly, a project run by Google to build a censored search engine app for China. He said Dragonfly app would make it easier to track someone's internet searches. From a report: Pence said in a speech that business leaders are now thinking twice before entering the Chinese market "if it means turning over their intellectual property or abetting Beijing's oppression." He added, "More must follow suit. For example, Google should immediately end development of the 'Dragonfly' app that will strengthen Communist Party censorship and compromise the privacy of Chinese customers."

Read more of this story at Slashdot.

Police Use Fitbit Data To Charge 90-Year-Old Man In Stepdaughter's Killing

Slashdot - Your Rights Online - Cz, 2018-10-04 15:00
An anonymous reader quotes a report from The New York Times: The last time Anthony Aiello spoke to his stepdaughter, he took homemade pizza and biscotti to her house in San Jose, Calif., for a brief visit. Mr. Aiello, 90, told investigators that she then walked him to the door and handed him two roses in gratitude. But an unnoticed observer in the house later revealed that their encounter ended in murder, a police report said. Five days afterward, Mr. Aiello's stepdaughter, Karen Navarra, 67, was discovered by a co-worker in her house with fatal lacerations on her head and neck. She had been wearing a Fitbit fitness tracker, which investigators said showed that her heart rate had spiked significantly around 3:20 p.m. on Sept. 8 (Warning: source may be paywalled; alternative source), when Mr. Aiello was there. Then it recorded her heart rate slowing rapidly, and stopping at 3:28 p.m., about five minutes before Mr. Aiello left the house, the report said. Mr. Aiello was arrested last week on murder charges and booked into the Santa Clara County Jail, the San Jose Police Department said. On Thursday, he will appear in court in the Hall of Justice in San Jose, according to the Santa Clara County district attorney's office. "[T]he police said their investigation used a combination of video surveillance and data from Ms. Navarra's Fitbit, an Alta HR device, which she wore on her left wrist and synchronized with a computer in her home, where she lived alone," reports NYT. When asked for comment, Fitbit shared a copy of its privacy policy, stating in part that they comply with legal processes, including search warrants and court orders, when it shares data.

Read more of this story at Slashdot.

Fully Driverless Waymo Taxis Are Due Out This Year, Alarming Critics

Slashdot - Your Rights Online - Cz, 2018-10-04 12:00
Alphabet's Waymo is launching a driverless taxi service in Phoenix in the next three months -- and it's open to the public. But due to the limited regulations surrounding self-driving cars, many critics argue that more regulations are needed to ensure the safety of these vehicles before they roll out for public and commercial use. Ars Technica reports: If a company wants to sell a new airplane or medical device, it must undergo an extensive process to prove to federal regulators that it's safe. Currently, there's no comparable requirement for self-driving cars. Federal and state laws allow Waymo to introduce fully self-driving cars onto public streets in Arizona without any formal approval process. That's not an oversight. It represents a bipartisan consensus in Washington that strict regulation of self-driving cars would do more harm than good. Mary "Missy" Cummings, an engineering professor at Duke, agrees. "I don't think there should be any driverless cars on the road," she tells Ars. "I think it's unconscionable that no one is stipulating that testing needs to be done before they're put on the road." But so far these advocates' demands have fallen on deaf ears. Partly that's because federal regulators don't want to slow the introduction of a technology that could save a lot of lives in the long run. Partly it's because they believe that liability concerns give companies a strong enough incentive to behave responsibly. And partly it's because no one is sure how to regulate self-driving cars effectively. When it comes to driverless cars, "there's no consensus on what it means to be safe or how we go about proving that," says Bryant Walker Smith, a legal scholar at the University of South Carolina.

Read more of this story at Slashdot.

New Yorkers Sue Trump and FEMA To Stop Presidential Alert

Slashdot - Your Rights Online - Cz, 2018-10-04 02:03
Not everyone is pleased to hear that President Trump has the power to use communications systems in case of an emergency. According to CNET, three New York residents recently filed a lawsuit against President Trump and William Long, administrator of the Federal Emergency Management Agency, to halt FEMA's new Presidential Alert messaging system. The lawsuit reads in part: "Plaintiffs are American citizens who do not wish to receive text messages, or messages of any kind, on any topic or subject, from defendant Trump. [Trump's] rise to power was facilitated by weaponized disinformation that he broadcast into the public information sphere via Twitter in addition to traditional mass media." From the report: Presidential Alerts are similar to Amber or other emergency alerts on your phone -- you hear a loud noise comes along with vibration. The messages come from the Integrated Public Alert and Warning System (IPAWS), which attempts to send the alert to every cell phone within the U.S. operating on a network run by a carrier opting into the Wireless Emergency Alert system. IPAWS is used in the event of natural disasters, acts of terrorism or other disasters or threats to public safety. The plaintiffs' main complaint is that Presidential Alerts are compulsory -- there's no way to opt-out of receiving them. They argue that under civil rights law, government cannot use cellular devices to compel listening, "trespass into and hijack" devices without a warrant or individual consent. The plaintiffs are also concerned Trump might use the alerts to spread disinformation because IPAWS doesn't regulate the content of the messages. That means Trump may be free to define "act of terrorism" and "threat to public safety," and may broadcast "arbitrary, biased, irrational" messages to "hundreds of millions of people," the plaintiffs say in the lawsuit.

Read more of this story at Slashdot.

Alphabet's Intra App Encrypts DNS Queries To Help Users Bypass Online Censorship

Slashdot - Your Rights Online - Cz, 2018-10-04 00:00
Catalin Cimpanu, writing for ZDNet: Jigsaw, a technology incubator created by Google and operated as a subsidiary under the Alphabet brand, has released today an Android app named Intra that can encrypt DNS queries as a protection against DNS manipulation at the ISP (internet service provider) level. DNS manipulation is one of the most common forms of online censorship used by oppressive regimes or unscrupulous ISPs, used to block access to news sites, information portals, social media platforms, undesirable software, and more. Intra protects against DNS manipulation by keeping DNS traffic hidden from third-parties with state-level surveillance capabilities, such as internet service providers in countries with autocratic regimes. Reports suggest that Alphabet tested the app with a few dozen political activists in Venezuela before the global roll-out.

Read more of this story at Slashdot.

Cities Will Sue FCC To Stop $2 Billion Giveaway To Wireless Carriers

Slashdot - Your Rights Online - Śr, 2018-10-03 20:03
Cities are planning to sue the Federal Communications Commission over its decision to preempt local rules on deployment of 5G wireless equipment. From a report: Seattle Mayor Jenny Durkan and City Attorney Pete Holmes yesterday said their city intends to appeal the FCC order in federal court. Seattle will be coordinating with other cities on a lawsuit, they said. "In coordination with the overwhelming majority of local jurisdictions that oppose this unprecedented federal intrusion by the FCC, we will be appealing this order, challenging the FCC's authority and its misguided interpretations of federal law," they said in a press release. The FCC says its order will save carriers $2 billion, less than one percent of the estimated $275 billion it will take to deploy 5G across the country. In Oregon, the Portland City Council voted Tuesday to approve a lawsuit against the FCC, The Oregonian reported, saying the move "added Portland to a growing list of cities, primarily on the West Coast, that are preparing to fight" the FCC order. East Coast cities including New York City and Boston have also objected to the FCC decision. As we've previously reported, the FCC order drew opposition from rural municipalities as well.

Read more of this story at Slashdot.

Entire Broadband Industry Sues California To Stop Net Neutrality Law

Slashdot - Your Rights Online - Śr, 2018-10-03 18:46
Four lobby groups representing the broadband industry today sued California to stop the state's new net neutrality law. From a report: The lawsuit was filed in US District Court for the Eastern District of California by mobile industry lobby CTIA; cable industry lobby NCTA; telco lobby USTelecom; and the American Cable Association, which represents small and mid-size cable companies. Together, these four lobby groups represent all the biggest mobile and home Internet providers in the US and hundreds of smaller ISPs . Comcast, Charter, AT&T, Verizon, T-Mobile US, Sprint, Cox, Frontier, and CenturyLink are among the groups' members. "This case presents a classic example of unconstitutional state regulation," the complaint said. The California net neutrality law "was purposefully intended to countermand and undermine federal law by imposing on [broadband] the very same regulations that the Federal Communications Commission expressly repealed in its 2018 Restoring Internet Freedom Order." ISPs say the California law impermissibly regulates interstate commerce. "[I]t is impossible or impracticable for an Internet service provider ("ISP") offering BIAS to distinguish traffic that moves only within California from traffic that crosses state borders," the lobby groups' complaint said.

Read more of this story at Slashdot.

Australian Industry and Tech Groups Unite To Fight Encryption-Busting Bill

Slashdot - Your Rights Online - Śr, 2018-10-03 12:00
A new encryption bill that's expected to be passed in Australia is facing strong opposition from tech heavyweights. A new group called "Alliance for a Safe and Secure Internet" has been formed by Australian industry, technology, and human rights groups to persuade the country from passing the bill, reports ZDNet. "The membership of the new alliance consists of Australian Communications Consumer Action Network, Access Now, Ai Group, Australian Information Industry Association, Amnesty International Australia, AMTA, Blueprint for Free Speech, members of Communications Alliance sans NBN, DIGI, Digital Rights Watch, Future Wise, Hack for Privacy, Human Rights Law Centre, Internet Australia, IoT Alliance Australia, and Liberty Victoria." The Guardian also notes that Google and Facebook are part of the group. From the report: The Bill is currently before the Parliamentary Joint Committee on Intelligence and Security, with a minuscule three-week window for submissions closing on Friday, October 12 and a hearing set for Friday, October 19. The proposed legislation would allow the nation's police and anti-corruption forces to ask, before forcing, internet companies, telcos, messaging providers, or anyone deemed necessary, to break into whatever content interception agencies want access to. "This Bill stands to have a huge impact on millions of Australians, so it is crucial that lawmakers reject this proposal in its present form before we sleepwalk into a digital dystopia," said board member of Digital Rights Watch and alliance spokesperson Lizzie O'Shea. "The rushed processes coupled with the lack of transparency can only mean that expert opinions from Australia and abroad are being disregarded, and deep concerns about privacy erosion and lack of judicial review have simply been tossed aside."

Read more of this story at Slashdot.

The Rise of Netflix Competitors Has Pushed Consumers Back Toward Piracy

Slashdot - Your Rights Online - Śr, 2018-10-03 03:30
A new study from network equipment company Sandvine finds that BitTorrent usage and piracy is increasing after years of declines. The reason appears to be due to "an increase in exclusivity deals that force subscribers to hunt and peck among a myriad of streaming services to actually find the content they're looking for," reports Motherboard. From the report: Sandvine's new Global Internet Phenomena report offers some interesting insight into user video habits and the internet, such as the fact that more than 50 percent of internet traffic is now encrypted, video now accounts for 58 percent of all global traffic, and Netflix alone now comprises 15 percent of all internet downstream data consumed. But there's another interesting tidbit buried in the firm's report: after years of steady decline, BitTorrent usage is once again growing. According to Sandvine, file-sharing accounts for 3 percent of global downstream and 22 percent of upstream traffic, with 97% of that traffic in turn being BitTorrent. While BitTorrent is often used to distribute ordinary files, it remains the choice du jour for those looking to distribute and trade copyrighted content online, made easier via media PCs running Kodi and select plugins. Back in 2011, Sandvine stated that BitTorrent accounted for 52.01% of upstream traffic on fixed broadband networks in North America. By 2015, BitTorrent's share of upstream traffic on these networks had dipped to 26.83 percent, largely thanks to the rise in quality, inexpensive streaming alternatives to piracy. But Sandvine notes that trend is now reversing slightly, with BitTorrent's traffic share once again growing worldwide. That's especially true in the Middle East, Europe, and Africa, where BitTorrent now accounts for 32% of all upstream network traffic.

Read more of this story at Slashdot.

Google's First Urban Development Raises Data Concerns

Slashdot - Your Rights Online - Śr, 2018-10-03 02:10
An anonymous reader quotes a report from The Washington Post: A unit of Google's parent company Alphabet is proposing to turn a rundown part of Toronto's waterfront into what may be the most wired community in history -- to "fundamentally refine what urban life can be." Sidewalk Labs has partnered with a government agency known as Waterfront Toronto with plans to erect mid-rise apartments, offices, shops and a school on a 12-acre (4.9-hectare) site -- a first step toward what it hopes will eventually be a 800-acre (325-hectare) development. High-level interest is clear: Prime Minister Justin Trudeau and Alphabet's then-Executive Chairman Eric Schmidt appeared together to announce the plan in October. But some Canadians are rethinking the privacy implications (Warning: source may be paywalled; alternative source) of giving one of the most data-hungry companies on the planet the means to wire up everything from street lights to pavement. And some want the public to get a cut of the revenue from products developed using Canada's largest city as an urban laboratory. "The Waterfront Toronto executives and board are too dumb to realize they are getting played," said former BlackBerry chief executive Jim Balsillie, a smartphone pioneer considered a national hero who also said the federal government is pushing the board to approve it. "Google knew what they wanted. And the politicians wanted a PR splash and the Waterfront board didn't know what they are doing. And the citizens of Toronto and Canada are going to pay the price," Balsillie said. Complaints about the proposed development prompted Waterfront Toronto to re-do the agreement to ensure a greater role for the official agency, which represents city, provincial and federal governments. So far the project is still in the embryonic stage. After consultations, the developers plan to present a formal master plan early next year. Sidewalk Labs' CEO, Dan Doctoroff, says the company isn't looking to monetizing people's personal information in the way that Google does now with search information. He said the plan is to invent so-far-undefined products and services that Sidewalk Labs can market elsewhere. "People automatically assume because of our relationship to Alphabet and Google that they will be treated one way or another. We have never said anythingâ about the data issue, he said. "To be honest people should give us some time. Be patient."

Read more of this story at Slashdot.

Hackers Are Selling Facebook Credentials on the Dark Web For $3

Slashdot - Your Rights Online - Wt, 2018-10-02 17:30
Hackers are selling Facebook logins for just $3 on the dark web, according to new research. From a report: The study by Money Guru found that Facebook logins can be bought for as little as 2.30 Pound ($3), with the report coming just hours after it was revealed that an enormous data breach has left at least 50 million Facebook accounts compromised. The research also found that hacked email logins are also being flogged on dark web marketplaces, which are easily accessible to anyone with the right browser and web addresses. Even financial data is being sold cheaply, with credit card information available for as little as $14 and debit card information for $19.50. The research was looking into the availability of logins for sale for the 26 most commonly used online accounts.

Read more of this story at Slashdot.

The US Government Is Using Road Signs Showing Drivers How Fast They're Going To Capture License Plate Data

Slashdot - Your Rights Online - Wt, 2018-10-02 15:00
Zorro shares a report from Quartz: According to recently released U.S. federal contracting data, the Drug Enforcement Administration will be expanding the footprint of its nationwide surveillance network with the purchase of "multiple" trailer-mounted speed displays "to be retrofitted as mobile LPR [License Plate Reader] platforms." The DEA is buying them from RU2 Systems Inc., a private Mesa, Arizona company. How much it's spending on the signs has been redacted. Two other, apparently related contracts, show that the DEA has hired a small machine shop in California, and another in Virginia, to conceal the readers within the signs. An RU2 representative said the company providing the LPR devices themselves is a Canadian firm called Genetec.

Read more of this story at Slashdot.

Seattle Police Department Is Offering An Anti-Swatting Service

Slashdot - Your Rights Online - Wt, 2018-10-02 05:30
An anonymous reader quotes a report from Ars Technica: The practice of "swatting," or calling in fake threats to activate an aggressive police response to an unwitting home or business, has unfortunately lingered for the past few years. Starting this week, one police department in the United States is rolling out a system targeted directly at this illegal hoax practice. On its official "swatting" resource site, the Seattle Police Department acknowledges how swatting works, along with the fact that citizens have requested a way to submit their own concerns or worries about being a potential victim. "To our knowledge, no solution to this problem existed, so we engineered one," SPD's site reads. The site claims that swatting victims are "typically associated with the tech industry, video game industry, and/or the online broadcasting community." SPD's process asks citizens to create a profile on a third-party data-management service called Rave Facility (run by the company Smart911). Though this service is advertised for public locations and businesses, it supports private residences as well, and SPD offers steps to input data and add a "swatting concerns" tab to your profile. With that information in hand, SPD says that any police or 911 operator who receives a particularly troubling emergency report and matches it to a location that has already been flagged with a "swatting concerns" notice, will share that information "with first responders to inform and improve their police response to the incident." The report notes that "all calls" will still receive standard police response, whether or not any swatting concerns are filed. "Nothing about this solution is designed to minimize or slow emergency services," the site reads. "At the same time, if information is available, it is more useful for responding officers to have it than to not."

Read more of this story at Slashdot.