aggregator

Britain Passes One Week Without Coal Power For First Time Since 1882

Slashdot - Your Rights Online - Cz, 2019-05-09 05:30
An anonymous reader quotes a report from The Guardian: Britain has gone a week without using coal to generate electricity for the first time since Queen Victoria was on the throne, in a landmark moment in the transition away from the heavily polluting fuel. The last coal generator came off the system at 1.24pm on 1 May, meaning the UK reached a week without coal at 1.24pm on Wednesday, according to the National Grid Electricity System Operator, which runs the network in England, Scotland and Wales. The latest achievement – the first coal-free week since 1882, when a plant opened at Holborn in London – comes only two years after Britain's first coal-free day since the Industrial Revolution. Burning coal to generate electricity is thought to be incompatible with avoiding catastrophic climate change, and the UK government has committed to phasing out coal-fired power by 2025.

Read more of this story at Slashdot.

Samsung Spilled SmartThings App Source Code, Secret Keys

Slashdot - Your Rights Online - Cz, 2019-05-09 02:45
Mossab Hussein, a security researcher at SpiderSilk, has discovered that a development lab used by Samsung engineers was leaking highly sensitive source code, credentials and secret keys for several internal projects -- including its SmartThings platform. TechCrunch reports: The electronics giant left dozens of internal coding projects on a GitLab instance hosted on a Samsung-owned domain, Vandev Lab. The instance, used by staff to share and contribute code to various Samsung apps, services and projects, was spilling data because the projects were set to "public" and not properly protected with a password, allowing anyone to look inside at each project, access and download the source code. Hussein said one project contained credentials that allowed access to the entire AWS account that was being used, including more than 100 S3 storage buckets that contained logs and analytics data. Many of the folders, he said, contained logs and analytics data for Samsung's SmartThings and Bixby services, but also several employees' exposed private GitLab tokens stored in plaintext, which allowed him to gain additional access from 42 public projects to 135 projects, including many private projects. Samsung told him some of the files were for testing but Hussein challenged the claim, saying source code found in the GitLab repository contained the same code as the Android app, published in Google Play on April 10. The app, which has since been updated, has more than 100 million installs to date.

Read more of this story at Slashdot.

Denver Becomes First US City To Decriminalize Psychedelic Mushrooms

Slashdot - Your Rights Online - Cz, 2019-05-09 02:03
An anonymous reader quotes a report from Reason: In a surprise turn of events, a Denver ballot initiative to effectively decriminalize psychedelic mushrooms, previously thought to have failed, now appears to have narrowly passed after all. This would make the Mile High City the first in the U.S. to decriminalize psilocybin. If the unofficial final tally holds, Denver law enforcement will be directed to treat psychedelic mushrooms owned for personal possession as the lowest enforcement priority. The initiative will not legalize commercial sales. "After trailing in results postings Tuesday night and early Wednesday, final unofficial results just posted show a reversal of fortune -- with Initiative 301 set to pass with nearly 50.6 percent of the vote," The Denver Post reports. "The total stands at 89,320 votes in favor and 87,341 against -- a margin of 1,979 votes. Denver Elections expects to continue accepting military and overseas ballots, but typically those numbers are small." Reason's Jacob Sullem points out that this decriminalization will have only a modest real-world impact, as Denver has only prosecuted a handful of psilocybin cases over the past few years.

Read more of this story at Slashdot.

Justice Department Shuts Dark Web Drug Directory, Arrests Alleged Owners

Slashdot - Your Rights Online - Cz, 2019-05-09 00:03
In what is being called "the single most significant law enforcement disruption of the darknet to date" by U.S. Attorney Scott Brady, the Justice Department has shut down a major directory of dark web drug marketplaces and arrested the alleged owners. NBC News reports: DeepDotWeb was a regular searchable website that provided a directory with direct access to a host of darknet marketplaces selling illegal narcotics including fentanyl, cocaine, heroin and meth. The website also provided access to marketplaces for firearms, including assault rifles, and for malicious software and hacking tools. The alleged owners, Tal Prihar, 37, and Michael Phan, 34, both from Israel, were arrested Monday, Prihar in France and Phan in Israel, where they remain in custody. They each face a single count of money laundering conspiracy in the U.S. Phan also faces charges in Israel. Prihar and Phan allegedly received kickback payments through bitcoin when someone purchased an item on the darknet sites found through the directory, earning more than $15 million in fees since October 2013, according to prosecutors. These "referral bonuses" allegedly came from darknet marketplaces including AlphaBay Market, Agora Market, Abraxas Market, Dream Market, Valhalla Market, Hansa Market, TradeRoute Market, Dr. D's, Wall Street Market and Tochka Market. The closing of a directory like DeepDotWeb is significant, Brady said, because it should stifle hundreds of millions of dollars in illegal purchases.

Read more of this story at Slashdot.

Google Chrome To Support Same-Site Cookies, Get Anti-Fingerprinting Protection

Slashdot - Your Rights Online - Śr, 2019-05-08 22:06
Google plans to add support for two new privacy and security features in Chrome, namely same-site cookies and anti-fingerprinting protection. From a report: The biggest change that Google plans to roll out is in regards to how it treats cookie files. These new controls will be based on a new IETF standard that Chrome and Mozilla developers have been working on for more than three years. This new IETF specification describes a new attribute that can be set inside HTTP headers. Called "SameSite," the attribute must be set by the website owner and should describe the situations in which a site's cookies can be loaded. [...] Google engineers also announced a second major new privacy feature for Chrome. According to Google, the company plans to add support for blocking certain types of "user fingerprinting" techniques that are being abused by online advertisers. Google didn't go into details of what types of user fingerprinting techniques it was planning to block. It is worth mentioning that there are many, which range from scanning locally installed system fonts to abusing the HTML5 canvas element, and from measuring a user's device screen size to reading locally installed extensions.

Read more of this story at Slashdot.

Video Game 'Loot Boxes' Would Be Outlawed in Many Games Under Forthcoming Federal Bill

Slashdot - Your Rights Online - Śr, 2019-05-08 18:47
Video games popular among kids would be prohibited from offering "loot boxes" or randomized assortments of digital weapons, clothing and other items that can be purchased for a fee, under federal legislation to be introduced by Republican Sen. Josh Hawley (Mo.). From a report: Hawley's Protecting Children from Abusive Games Act takes aim at a growing industry revenue stream that analysts say could be worth more than $50 billion -- but one that increasingly has triggered worldwide scrutiny out of fear it fosters addictive behaviors and entices kids to gamble. Hawley's proposed bill, outlined Wednesday, covers games explicitly targeted to players under age 18 as well as those for broader audiences where developers are aware that kids are making in-game purchases. Along with outlawing loot boxes, these video games also would be banned from offering "pay to win" schemes, where players must spend money to access additional content or gain digital advantages over rival players. "Social media and video games prey on user addiction, siphoning our kids' attention from the real world and extracting profits from fostering compulsive habits," Hawley said in a statement. "No matter this business model's advantages to the tech industry, one thing is clear: There is no excuse for exploiting children through such practices." Offering one "notorious example," Hawley's office pointed to Candy Crush, a popular, free smartphone puzzle app that allows users to spend $149.99 on a bundle of goods that include virtual currency and other items that make the game easier to play.

Read more of this story at Slashdot.

Google Fights Back

Slashdot - Your Rights Online - Śr, 2019-05-08 18:05
Ben Thompson, writing for Stratechery: For a company famed for its engineering culture, you wouldn't expect a video at Google's annual I/O developer conference to have such emotional resonance. And yet, just watch (I have included the context around the video in question, which starts at the 2:33 mark): "I liked that very much." This was the most direct statement of what was a clear theme from Google's entire keynote: "Technology, particularly Google's technology, is a good thing, and we are going to remind you why you like it." As he opened the keynote, CEO Sundar Pichai, as he always does, repeated Google's mission statements: "It all begins with our mission to organize the world's information and make it universally accessible and useful, and today, our mission feels as relevant as ever." Pichai, though, quickly pivoted to something rather different than simply organizing and presenting information: "The way we approach it is constantly evolving. We are moving from a company that helps you find answers to a company that helps you get things done... We want our products to work harder for you in the context of your job, your home, and your life, and they all share a single goal: to be helpful, so we can be there for you in moments big and small over the course of your day." In short, the mission statement may be the same, but what that means for Google and its products has shifted: "Our goal is to build a more helpful Google for everyone. And when we say helpful, we mean giving you the tools to increase your knowledge, success, health, and happiness. We feel so privileged to be developing products for billions of users, and with that scale comes a deep sense of responsibility to create things that improve people's lives. By focusing on these fundamental attributes, we can empower individuals and benefit society as a whole." This set the stage for the rest of the keynote, including the video above: Google spent most of the keynote demonstrating -- both with actual products, and whole bunch of vaporware -- how Google could take a much more proactive role in its users' lives in ways they ought appreciate. Further reading: Sundar Pichai's op-ed on the New York Times. A NYT columnist adds: "Someone asked me today why Google gets less privacy flak than Facebook despite collecting more (+ more intimate) data. My theory is that Google takes people's data in exchange for useful things (maps! docs! mail!) while FB exchanges data for things that make them sad and angry."

Read more of this story at Slashdot.

San Francisco Bans Cashless Stores

Slashdot - Your Rights Online - Śr, 2019-05-08 12:00
Following Philadelphia's lead, San Francisco became the second major U.S. city to ban cashless businesses in a Tuesday vote by the city Board of Supervisors. The legislation ends a practice widely viewed as discriminatory against low income residents. San Francisco Examiner reports: There are currently only a handful of businesses that do not accept cash in San Francisco, requiring payment through smart phone applications tied to a person's bank account or credit card. The number, however, was increasing. Those without bank accounts or credit are unable to purchase goods in these types of stores. "The City must remain vigilant in ensuring its economy is inclusionary and accessible to Everyone," the legislation states. "The purpose of this [law]is to ensure that all City residents -- including those who lack access to other forms of payment are able to participate in the City's economic life by paying cash for goods and many services." Businesses argue going cashless creates a safer work environment and more efficient service. Under the legislation, repeat violations would constitute a misdemeanor and carry a fine of up to $1,000. The law applies to brick-and-mortar businesses, those with a fixed location. It does not impact food trucks, ride hail services or temporary "pop up" retail.

Read more of this story at Slashdot.

Detroit's LED Streetlights Are Going Dark After a Few Years

Slashdot - Your Rights Online - Śr, 2019-05-08 03:10
Detroit's Public Lighting Authority has filed a federal lawsuit Monday against the manufacturer of nearly a third of the city's 65,000 streetlights, after it found that upward of 20,000 LED lights are "prematurely dimming and burning out" and putting the city's revitalization progress "in jeopardy." The city estimates a fix would cost millions. Detroit News reports: The issue was discovered last fall during routine surveys of the lighting system, and it's tied to defective units that were either "charred, burned, or cracked," according to a February letter from the lighting authority's law firm. The California-based manufacturer (Leotek Electronics USA) acknowledged in a December letter to the lighting authority that it had experienced "a higher number of reports of failures" in models dimming city streets, primarily in west side neighborhoods and a number of Detroit's major thoroughfares. In the Dec. 17 letter, Leotek administrator Hy Nguyen said the company had determined "the problem is excessive heat that can burn the lens directly above the LED." "We apologize for the problem you have experienced and will work with you to correct the problems," Nguyen wrote. But in recent weeks, Leotek officials have gone silent, according to the lighting authority. A representative for Leotek did not respond Monday to requests for comment. The lighting project has been held up by Mayor Mike Duggan and others as an early success in the city's effort to restore basic services. Before the three-year, $185 million overhaul, about 40% of Detroit's 88,000 streetlights didn't work. The LED lights provided by Leotek were anticipated to last for at least a decade.

Read more of this story at Slashdot.

How a Mark Cuban-Backed Facial Recognition Firm Pushed To Get Driver License Photo Data

Slashdot - Your Rights Online - Wt, 2019-05-07 15:00
An anonymous reader quotes a report from Motherboard: Now, emails obtained through a public records request provide insight into how facial recognition companies attempt to strike deals with local law enforcement as well as gain access to sensitive data on local residents. The emails show how a firm backed by Shark Tank judge, Dallas Mavericks owner, and billionaire entrepreneur Mark Cuban pushed a local police department to try and gain access to state driver's license photos to train its product. The emails also show the company asked the police department to vouch for it on a government grant application in exchange for receiving the technology for free. "Chief, you seemed pretty keen on the use of facial recognition in stadiums. If you know of any place to start, please let me know," a 2016 email from Jacob Sniff, a co-founder of facial recognition startup Suspect Technologies, addressed to Michael Botieri, chief of the Plymouth Police Department in Massachusetts, reads. In the emails, Sniff repeatedly asked Botieri to deploy the technology in his district to help improve the product. Sniff mentioned plans for the technology to search through results for people of a particular gender or ethnicity, and deploy "emotion recognition." "So you would aim to do this on all or most of the buildings you showed me in person? We would be fine on the privacy concerns for this?" Sniff wrote in a November 2017 email to the police department. "I do realize the technology could be perceived as controversial, though the stark reality is that it could save lives." "Ed, you mentioned that if we did the lobby idea in Boston, that they would go absolutely nuts and it would be a privacy disaster. Our discussion last week was that police departments are supposed to be welcoming and this would ultimately deter people from showing up," Sniff wrote in an April 2018 email chain including Ed Davis, former Boston Police Commissioner and who now runs a security consulting firm. [...] Sniff asked Chief Botieri to sign a letter helping Suspect Technologies receive a grant from the National Institute of Standards and Technology (NIST), according to a January 2017 email. Sniff offered to give the police department the facial recognition technology for free in exchange for signing the letter.

Read more of this story at Slashdot.

'Universal Basic Income Doesn't Work'

Slashdot - Your Rights Online - Wt, 2019-05-07 05:30
An anonymous reader shares an opinion piece from The Guardian, written by analyst, writer and head of social policy for the New Economics Foundation, Anna Coote: A study published this week sheds doubt on ambitious claims made for universal basic income (UBI), the scheme that would give everyone regular, unconditional cash payments that are enough to live on. Its advocates claim it would help to reduce poverty, narrow inequalities and tackle the effects of automation on jobs and income. Research conducted for Public Services International, a global trade union federation, reviewed for the first time 16 practical projects that have tested different ways of distributing regular cash payments to individuals across a range of poor, middle-income and rich countries, as well as copious literature on the topic. It could find no evidence to suggest that such a scheme could be sustained for all individuals in any country in the short, medium or longer term -- or that this approach could achieve lasting improvements in wellbeing or equality. The research confirms the importance of generous, non-stigmatizing income support, but everything turns on how much money is paid, under what conditions and with what consequences for the welfare system as a whole. [...] The cost of a sufficient UBI scheme would be extremely high according to the International Labor Office, which estimates average costs equivalent to 20-30% of GDP in most countries. Costs can be reduced -- and have been in most trials -- by paying smaller amounts to fewer individuals. But there is no evidence to suggest that a partial or conditional UBI scheme could do anything to mitigate, let alone reverse, current trends towards worsening poverty, inequality and labor insecurity. Costs may be offset by raising taxes or shifting expenditure from other kinds of public expenditure, but either way there are huge and risky trade-offs. As this week's report observes, "If cash payments are allowed to take precedence, there's a serious risk of crowding out efforts to build collaborative, sustainable services and infrastructure -- and setting a pattern for future development that promotes commodification rather than emancipation." The report concludes that the money needed to pay for an adequate UBI scheme "would be better spent on reforming social protection systems, and building more and better-quality public services."

Read more of this story at Slashdot.

Facebook Contractors Categorize Your Private Posts To Train AI

Slashdot - Your Rights Online - Wt, 2019-05-07 00:10
Facebook uses thousands of third-party staffers around the world to look at Facebook and Instagram posts to help train its AI and to inform new products. "But because the contractors see users' public and private posts, some view it as a violation of privacy," reports Engadget. From the report: According to Reuters, as many as 260 contract workers in Hyderabad, India have spent more than a year labeling millions of Facebook posts dating back to 2014. They look for the subject of the post, the occasion and the author's intent, and Facebook told Reuters, the company uses that information to develop new features and to potentially increase usage and ad revenue. Around the globe, Facebook has as many as 200 similar content labeling projects, many of which are used to train the company's AI. The contractors working in Hyderabad told Reuters they see everything from text-based status updates to videos, photos and Stories across Facebook and Instagram -- including those that are shared privately. And even as Facebook embarks on its "the future is private" platform, one Facebook employee told Reuters he can't imagine the practice going away. It's a core part of training AI and developing the company's products.

Read more of this story at Slashdot.

Refunds For 300 Million Phone Users Sought In Lawsuits Over Location-Data Sales

Slashdot - Your Rights Online - Pn, 2019-05-06 23:30
An anonymous reader quotes a report from Ars Technica: The four major U.S. wireless carriers are facing proposed class-action lawsuits accusing them of violating federal law by selling their customers' real-time location data to third parties. The complaints seeking class action status and financial damages were filed last week against AT&T, Verizon, T-Mobile, and Sprint in U.S. District Court for the District of Maryland. The four suits, filed on behalf of customers by lawyers from the Z Law firm in Maryland, all begin with text nearly identical to this intro found in the suit against AT&T: "This action arises out of Defendant's collection of geolocation data and the unauthorized dissemination to third-parties of the geolocation data collected from its users' cell phones. AT&T admittedly sells customer geolocation data to third-parties, including but not limited to data aggregators, who in turn, are able to use or resell the geolocation data with little or no oversight by AT&T. This is an action seeking damages for AT&T gross failure to safeguard highly personal and private consumer geolocation data in violation of federal law." The proposed classes would include all of the four carriers' customers in the U.S. between 2015 and 2019. In all, that would be 300 million or more customers, as the lawsuits say the proposed classes consist of at least 100 million customers each for AT&T and Verizon and at least 50 million each for Sprint and T-Mobile. Each lawsuit seeks damages for consumers "in an amount to be proven at trial." In June 2018, the four major U.S. carriers promised to stop selling their mobile customers' location info to third-party data brokers after a security problem leaked the real-time location of U.S. cellphone users. Despite the carriers' promises, a Motherboard investigation found in January 2019 that they were still selling access to their customers' location data. "The lawsuits accuse the carriers of violating Section 222 of the U.S. Communications Act, which says that carriers may not use or disclose location information 'without the express prior authorization of the customer,'" reports Ars Technica. "The lawsuits also say that each carrier failed to follow its own privacy policy and 'profited from the sale and unauthorized dissemination of Plaintiff and Class Members' [private data].'"

Read more of this story at Slashdot.

RIAA Obtains Subpoena To Expose 'Infringing' Cloudflare Users

Slashdot - Your Rights Online - Pn, 2019-05-06 22:50
The RIAA has obtained a subpoena from a Columbia federal court ordering Cloudflare to hand over the IP and email addresses and all other identifying information related to several allegedly infringing users. The RIAA notes it will use the information it receives to protect the rights of its member companies. From a report: The RIAA has a long history of going after, what it sees as, pirate sites. The problem, however, is that many owners of such sites operate anonymously. The group, therefore, often has to turn to third-party intermediaries to find out more. While some services may be willing to voluntarily share information with the music industry group, many don't. Cloudflare falls into the latter category. While the CDN service does voluntarily reveal the true hosting locations of some of its users, it doesn't share any personal info. At least, not without a subpoena. Luckily for rightsholders, getting a subpoena isn't very hard in the US. Under the DMCA, copyright holders only have to ask a court clerk for a signature to be able to demand the personal information of alleged copyright infringers. That's exactly what the RIAA did last week. In a letter sent by Mark McDevitt, the RIAA's vice president of online anti-piracy, the music group informs Cloudflare that it requests personal details including names, addresses and payment information relating to the operators of six domains, which are all Cloudflare users.

Read more of this story at Slashdot.

Google Prepares To Launch New Privacy Tools To Limit Cookies

Slashdot - Your Rights Online - Pn, 2019-05-06 20:50
Google is set to launch new tools to limit the use of tracking cookies, a move that could strengthen the search giant's advertising dominance and deal a blow to other digital-marketing companies, WSJ reported Monday, citing people familiar with the matter. [Editor's note: the link may be paywalled; alternative source.] From the report: After years of internal debate, Google could as soon as this week roll out a dashboard-like function in its Chrome browser that will give internet users more information about what cookies are tracking them and offer options to fend them off, the people said. This is a more incremental approach than less-popular browsers, such as Apple's Safari and Mozilla's Firefox, which introduced updates to restrict by default the majority of tracking cookies in 2017 and 2018, respectively. Google's move, which could be announced at its developer conference in Mountain View, Calif., starting Tuesday, is expected to be touted as part of the company's commitment to privacy -- a complicated sell, given the torrent of data it continues to store on users -- and press its sizable advantage over online-advertising rivals.

Read more of this story at Slashdot.

In a First, Israel Responds To Hamas Hackers With an Air Strike

Slashdot - Your Rights Online - Pn, 2019-05-06 17:21
For the first time, Israel has used brute military force to respond to a Hamas cyberattack, three years after NATO proclaimed "cyber" an official battlefield in modern warfare. From a report: The "bomb-back" response took place on Saturday when Israel Defense Forces (IDF) launched an air strike against a building in the Gaza Strip. They claimed it housed Hamas cyber operatives, which had been engaging in a cyberattack against Israel's "cyberspace." "We were ahead of them all the time," said Brigadier General D., the head of the IDF's cyber defense division. "The moment they tried to do something, they failed." Israeli officials did not disclose any details about the Hamas cyberattack; however, they said they first stopped the attack online, and only then responded with an air strike. "After dealing with the cyber dimension, the Air Force dealt with it in the physical dimension," said IDF spokesperson, Brig. Gen. Ronen Manlis. "At this point in time, Hamas has no cyber operational capabilities."

Read more of this story at Slashdot.

Ask Slashdot: Is the Information Asymmetry Between Producers and Consumers Good?

Slashdot - Your Rights Online - Pn, 2019-05-06 03:41
dryriver asks a philosophical question: The producer of a tech product -- thanks to internet data mining -- may know all sorts of things about me, the buyer of a product. Gender, age, income level, education level, profession, geolocation, what I read online, who my social media friends are, what interests me intellectually, which way I swing politically, and more. For a few dollars spent, I am no "mystery" to the producer of this tech product. But if I were to ask the producer of the product simple questions like "How much did the GPU component in this laptop you are selling me cost you?" or "What portion of the final asking price of this product is profit that goes to you?" I likely wouldn't get an answer. Information asymmetry is at play now -- the producing party in the buying transaction knows far, far more about me than I can possibly know about the producing party. And unlike the producing party, I cannot simply open my wallet and purchase "data mined information" about the producing party. Company secrets are company secrets. The "info buying" works in one direction only. Is it a good thing for consumers that this "information asymmetry" exists in the first place? That pretty much any tech producer can learn about me with a few bucks spent, but I cannot get simple information like "How much did the Nvidia 1060 Mobile GPU in this 1,200 Dollar notebook cost the producer"? Anyone have an answer? Leave your own thoughts in the comments. Is this information asymmetry between producers and consumers good?

Read more of this story at Slashdot.

FCC Warns About 'One Ring' Robocall Scam Seeking Callbacks To a Toll Number

Slashdot - Your Rights Online - Pn, 2019-05-06 00:59
"Don't return that middle-of-the-night phone call if your cell phone only rang once," warns the New York Daily News: The Federal Communications Commission on Friday alerted consumers about a wave of "One Ring" robocalls after detecting "widespread overnight calling" in both New York and Arizona. The scam calls, also known as "Wangiri" -- which is Japanese for "one ring and drop" -- are an attempt to trick customers into phoning the number back. If you do, it can result in getting billed toll charges as though you called a 900 number... "They may call repeatedly, hoping the consumer calls back and runs up a toll that is largely paid to the scammer," the FCC said in a press release. According to the FCC the callers are using the "222" country code of Mauritania, a nation in West Africa, to carry out their scheme. In addition to not returning the phone call, officials encouraged people against calling back numbers they don't recognize -- especially if they appear to be international.

Read more of this story at Slashdot.

Facebook's New 'Secret Crush' Feature Called Creepy, Stupid

Slashdot - Your Rights Online - N, 2019-05-05 22:34
This week Facebook announced a new feature that let's you tell the service that you have a "secret crush" on up to nine Facebook friends, reports the Bay Area News Group: Facebook will send you a notification if a person has added you as one of their secret crushes. However, you don't get to know who that person is unless you happened to have put them on your crush list. At that point, Facebook -- because it really does know everything about everything you do at all times -- will then match you together and reveal your crushed to one another. You also have to be signed up for a Facebook Dating profile in order to get the crush notifications.... Facebook Dating and Secret Crush won't be available in America until later this year. But if you live in Canada, Mexico, Argentina or 16 other countries... well, you can let the crushing begin now. The Guardian describes it as "harking back to Facebook's humble beginnings as a tool for ranking strangers' attractiveness... Or you could always, you know, try telling them in person." And other sites also gave the feature a negative review. BGR says Facebook's new feature "isn't cute, it's creepy," adding "it would be foolish to trust the company with even more sensitive data about yourself." But the harshest response came from Mashable, which writes that "the whole point of a secret crush is obviously to keep it a secret. The term really could not be clearer." They call Facebook's proposed solution "truly, madly, deeply sad... We as a society rely on tech for so much, but we shouldn't rely on it for declarations of love. We have to be braver than that." Or, in the words of one Twitter user, "this is dumb as shit just tell them you like them cowards."

Read more of this story at Slashdot.

Top Cybersecurity Experts Unite to Counter Right-to-Repair FUD

Slashdot - Your Rights Online - N, 2019-05-05 19:34
Long-time Slashdot reader chicksdaddy writes: Some of the world's leading cybersecurity experts have come together to counter electronics and technology industry efforts to paint proposed right to repair laws in 20 states as a cyber security risk. The experts have launched securepairs.org, a group that is galvanizing information security industry support for right to repair laws that are being debated in state capitols. Among the experts who are stepping forward is a who's who of the information security space, including cryptography experts Bruce Schneier of IBM and Harvard University and Jon Callas of ACLU, secure coding gurus Gary McGraw of Cigital and Chris Wysopal of Veracode, bug bounty pioneer Katie Moussouris of Luta Security, hardware hackers Joe Grand (aka KingPin) and Billy Rios of Whitescope, nmap creator Gordon "Fyodor" Lyon, Johannes Ullrich of SANS Internet Storm Center and Dan Geer, the CISO of In-Q-Tel. Together, they are calling out electronics and technology industry efforts to keep replacement parts, documentation and diagnostic tools for digital devices secret in the name of cyber security. "False and misleading information about the cyber risks of repair is being directed at state legislators who are considering right to repair laws," said Paul Roberts, the founder of securepairs.org and Editor in Chief at The Security Ledger, an independent cyber security blog. "Securepairs.org is a voice of reason that will provide policy makers with accurate information about the security problems plaguing connected devices. We will make the case that right to repair laws will bring about a more secure, not less secure future." "As cyber security professionals, we have a responsibility to provide accurate information and reliable advice to lawmakers who are considering Right to Repair laws," said Joe Grand of Grand Idea Studio, a hardware hacker and embedded systems security expert. The group will counter a stealthy but well-funded industry efforts to kill off right to repair legislation where it comes up. That has included the creation of front groups like the Security Innovation Center, which has enlisted technology industry executives and academics to write opinion pieces casting right to repair laws as a giveaway to cybercriminals. Securepairs organizers say they hope to mobilize information security professionals to help secure the right to repair in their home states: writing letters and emails and providing expert testimony about the real sources of cyber risks in connected devices.

Read more of this story at Slashdot.