aggregator

The Touch Bar Could Replace the Keyboard on Future Macbooks

Slashdot - Your Rights Online - Pn, 2018-08-06 23:25
Apple's new patent applications hint at more touch-sensitive surfaces and virtual keyboards. From a report: In the wake of user complaints and multiple lawsuits concerning problems with the "butterfly switch" keyboard Apple has used in its laptops since 2016, the company may be developing new user interfaces that depend less on moving mechanical parts. The company has filed three new keyboard-related patents, Mashable reported on Monday. One of the patent applications describes a laptop with a digital panel where a keyboard traditionally sits. This could be interpreted as a plan to replace the conventional keyboard with technology similar to the Touch Bar -- the row of virtual, customizable buttons that Apple debuted on the Macbook Pro in 2016. The patent also includes information about sensors and haptics embedded beneath the envisioned digital panel, which would allow it to detect and respond to user inputs such as keystrokes, taps and clicks.

Read more of this story at Slashdot.

Verizon Didn't Bother To Write a Privacy Policy For Its 'Privacy Protecting' VPN

Slashdot - Your Rights Online - Pn, 2018-08-06 22:05
Jason Koebler writes: Verizon is rolling out a new Virtual Private Network service called Safe Wi-Fi it developed in conjunction with McAfee. According to Verizon, the $4 per month service "protects your privacy and blocks ad tracking, creating a secure Wi-Fi connection anywhere in the world." But the company didn't even write a privacy policy for the product: Verizon's terms of service directs all of its VPN users to the general McAfee privacy policy governing all of its products. That policy, in turn, states that McAfee and Verizon have the right to collect an ocean of data on the end user, including carrier data, Bluetooth device IDs, mobile device ID, mobile advertising identifiers, MAC address, IMEI data, and more. The policy explicitly says that browsing history can be used to help target ads at you.

Read more of this story at Slashdot.

Pentagon Restricts Use of Fitness Trackers, Other Devices

Slashdot - Your Rights Online - Pn, 2018-08-06 18:30
Military troops and other defense personnel at sensitive bases or certain high-risk warzone areas won't be allowed to use fitness tracker or cellphone applications that can reveal their location, according to a new Pentagon order. From a report: The memo, obtained by The Associated Press, stops short of banning the fitness trackers or other electronic devices, which are often linked to cellphone applications or smart watches and can provide the users' GPS and exercise details to social media. It says the applications on personal or government-issued devices present a "significant risk" to military personnel so those capabilities must be turned off in certain operational areas. Under the new order, military leaders will be able to determine whether troops under their command can use the GPS function on their devices, based on the security threat in that area or on that base. "These geolocation capabilities can expose personal information, locations, routines, and numbers of DOD personnel, and potentially create unintended security consequences and increased risk to the joint force and mission," the memo said. Zack Whittaker, a security reporter at TechCrunch, said, DoD's statement today appears to be a response to the revelation that fitness tracker app Polar was exposing locations of spies and military personnel.

Read more of this story at Slashdot.

Facebook Has Asked Large US Banks To Share Detailed Financial Information About Customers as it Seeks To Boost User Engagement [Update]

Slashdot - Your Rights Online - Pn, 2018-08-06 16:44
Facebook wants your financial data. The social media giant has asked large U.S. banks to share detailed financial information about their customers, including card transactions and checking account balances, as part of an effort to offer new services to users, The Wall Street Journal reported Monday. From the report: Facebook increasingly wants to be a platform where people buy and sell goods and services, besides connecting with friends. The company over the past year asked JPMorgan Chase, Wells Fargo & Co., Citigroup and U.S. Bancorp USB to discuss potential offerings it could host for bank customers on Facebook Messenger, said people familiar with the matter. Facebook has talked about a feature that would show its users their checking-account balances, the people said. It has also pitched fraud alerts, some of the people said. Data privacy is a sticking point in the banks' conversations with Facebook, according to people familiar with the matter. The talks are taking place as Facebook faces several investigations over its ties to political analytics firm Cambridge Analytica, which accessed data on as many 87 million Facebook users without their consent. Update: Shares of Facebook surged nearly 3% following the report. A paywall free, alternative source of this story. Update 2 (18:10 GMT): Talking to TechCrunch, Facebook has, in part, denied WSJ's report. TechCrunch: Facebook spokesperson Elisabeth Diana tells TechCrunch it's not asking for credit card transaction data from banks and it's not interested in building a dedicated banking feature where you could interact with your accounts. It also says its work with banks isn't to gather data to power ad targeting, or even personalize content such as what Marketplace products you see based on what you buy elsewhere.

Read more of this story at Slashdot.

Facebook Has Asked Large US Banks To Share Detailed Financial Information About Customers as it Seeks To Boost User Engagement

Slashdot - Your Rights Online - Pn, 2018-08-06 16:44
Facebook wants your financial data. The social media giant has asked large U.S. banks to share detailed financial information about their customers, including card transactions and checking account balances, as part of an effort to offer new services to users, The Wall Street Journal reported Monday. From the report: Facebook increasingly wants to be a platform where people buy and sell goods and services, besides connecting with friends. The company over the past year asked JPMorgan Chase, Wells Fargo & Co., Citigroup and U.S. Bancorp USB to discuss potential offerings it could host for bank customers on Facebook Messenger, said people familiar with the matter. Facebook has talked about a feature that would show its users their checking-account balances, the people said. It has also pitched fraud alerts, some of the people said. Data privacy is a sticking point in the banks' conversations with Facebook, according to people familiar with the matter. The talks are taking place as Facebook faces several investigations over its ties to political analytics firm Cambridge Analytica, which accessed data on as many 87 million Facebook users without their consent. Update: Shares of Facebook surged nearly 3% following the report.

Read more of this story at Slashdot.

Public Documents Reveal How the Branches of the US Military Are Instructed To Harness Internet Culture To Advance Their Own Messaging

Slashdot - Your Rights Online - Pn, 2018-08-06 16:00
An anonymous reader shares a report: It's common practice for brands or government agencies to use social media marketing tactics -- such as recognizing internet holidays like #WorldEmojiDay, #NationalDogDay, or #HumpDay using emojis, or generally speaking in a more conversational, down-to-earth tone -- in order to spread their messaging and communicate with the public. However, the stakes behind military Twitter accounts are fundamentally different than that of, say, the Department of the Interior. These accounts aren't just encouraging people to go to national parks; they're propagandizing and idealizing military valor in order to normalize their actions, elicit acceptance from the public, and recruit new members. The report adds that the government organizations maintain social media handbooks to encourage curators to "create a voice and be authentic." In the recent months, many branches of the military have been criticized for insensitive tweets.

Read more of this story at Slashdot.

Security Researchers Express Concerns Over Mozilla's New DNS Resolution For Firefox

Slashdot - Your Rights Online - Pn, 2018-08-06 03:00
With their next patch Mozilla will introduce two new features to their Firefox browser they call "DNS over HTTPs" (DoH) and Trusted Recursive Resolver (TRR). Mozilla says this is an additional feature which enables security. Researchers think otherwise. From a report: So let's get to the new Firefox feature called "Trusted Recursive Resolver" (TRR). When Mozilla turns this on by default, the DNS changes you configured in your network won't have any effect anymore. At least for browsing with Firefox, because Mozilla has partnered up with Cloudflare, and will resolve the domain names from the application itself via a DNS server from Cloudflare based in the United States. Cloudflare will then be able to read everyone's DNS requests. From our point of view, us being security geeks, advertising this feature with slogans like "increases security" is rather misleading because in many cases the opposite is the case. While it is true that with TRR you may not expose the websites you call to a random DNS server in an untrustworthy network you don't know, it is not true that this increases security in general. It is true when you are somewhere in a network you don't know, i. e. a public WiFi network, you could automatically use the DNS server configured by the network. This could cause a security issue, because that unknown DNS server might have been compromised. In the worst case it could lead you to a phishing site pretending to be the website of your bank: as soon as you enter your personal banking information, it will be sent straight to the attackers. But on the other hand Mozilla withholds that using their Trusted Recursive Resolver would cause a security issue in the first place for users who are indeed in a trustworthy network where they know their resolvers, or use the ISP's default one. Because sharing data or information with any third party, which is Cloudflare in this case, is a security issue itself.

Read more of this story at Slashdot.

Vint Cerf on Differential Traceability on the Internet

Slashdot - Your Rights Online - Pn, 2018-08-06 01:30
Addressing the bad behaviors on the Internet, that range from social network bullying and misinformation to email spam, distributed denial of service attacks, direct cyberattacks against infrastructure, malware propagation, identity theft, and a host of other ills require a wide range of technical and legal considerations, says Vint Cerf, even as he steers clear that he supports encryption. But is there a way to bring more accountability and traceability on our actions on the internet without compromising our privacy? He has a proposition: What is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners (unless, of course, they are vanity plates like mine: "Cerfsup"). This is an example of differential traceability; the police department has the authority to demand ownership information from the Department of Motor Vehicles that issues the license plates. Ordinary citizens do not have this authority. In the Internet environment there are a variety of identifiers associated with users (including corporate users). Domain names, IP addresses, email addresses, and public cryptography keys are examples among many others. Some of these identifiers are dynamic and thus ambiguous. For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user. There has been considerable debate and even a recent court case regarding requirements to register users in domain name WHOIS databases in the context of the adoption of GDPR. If we are to accomplish the simultaneous objectives of protecting privacy while apprehending those engaged in harmful or criminal behavior on the Internet, we must find some balance between conflicting but desirable outcomes.

Read more of this story at Slashdot.

Avast Pulls the Latest Version of CCleaner Following Privacy Controversy

Slashdot - Your Rights Online - N, 2018-08-05 19:00
Piriform, the maker of CCleaner, has pulled v5.45 of its suite from the website after users expressed concerns over the privacy changes in the application, the company, which was acquired by Avast last year, said. In v5.45, the company made it impossible to disable "active monitoring", and the privacy settings had been removed for free customers. Additionally, as BetaNews reported earlier this week, Avast also made it impossible for users to quit the software. Addressing these concerns, Avast said, "Today we have removed v5.45 and reverted to v5.44 as the main download for CCleaner while we work on a new version with several key improvements." The company added: We're currently working on separating out cleaning functionality from analytics reporting and offering more user control options which will be remembered when CCleaner is closed. We're also creating a factsheet to share which will outline the data we collect, for which purposes and how it is processed. [...] As stated before, we'll split cleaning alerts (which don't send any data) from UI trend data (which is anonymous and only there to measure the user experience) and provide a separate setting for each in the user preferences. Some of these features run as a separate process from the UI: we'll restore visibility of this in the notifications area, and you'll be able to close it down from that icon menu as before. We understand the importance of this to you all. This work is our number 1 priority and we are taking the time to get it right in the next release. There are numerous changes required, so that does mean it will take weeks, not days. While we work on this, we have removed version 5.45 and reinstated version 5.44. According to stats shared by the company, CCleaner has been downloaded over two billion times. In a week, it is estimated to see five million downloads.

Read more of this story at Slashdot.

New Alexa Skill Plays Fake Stupid Arguments To Scare Off Burglars

Slashdot - Your Rights Online - So, 2018-08-04 21:34
TechCrunch reports on a new Alexa skill called "Away Mode". Instead of lights and noises, you can keep your home safe from unwanted visitors by playing lengthy audio tracks that sound like real -- and completely ridiculous -- conversations. When you launch Away Mode, Alexa will play one of seven audio tracks penned by comedy writers from SNL, It's Always Sunny in Philadelphia, and UCB... These include gems like "Couple Has Breakup While Also Trying to Watch TV," "Two Average Guys Brainstorm What's Unique About Themselves So They Can Start a Podcast About It," "Emergency PTA Meeting To Discuss Memes, Fidget Spinners, and Other Teen Fads," and more. There are conversations from a book club where no one discusses the book, a mom walking her daughter through IKEA assembly over the phone, a stay-at-home mom losing her s***, and argument over a board game.... After enabling the skill on your Alexa device, you can cycle through the various conversations by saying "Next"... The tracks themselves are around an hour or so long... There are other "burglar deterrent" skills for Alexa if you're interested in the general concept, like that play fake house alarms or sound like guard dogs. But Away Mode is just a little more fun. It's the brainchild of San Francisco-based Hippo Insurance, whose brand manager hopes to get people thinking about home security (though she says it isn't meant to be a serious security tool). Yet, "Theoretically it's a good idea," adds former California police chief Jim Bueermann (now the head of the nonprofit Police Foundation). "If this thing mimics real conversation, it's much more likely to trick the burglar into believing somebody is home." In one fake argument, a board game player shouts "Hand me the rulebook! The other rulebook! That's the rules reference.... No, it's in the learn-to-play guide. That's the quick reference!"

Read more of this story at Slashdot.

Record Labels File 'Billion Dollar' Piracy Lawsuit Against ISP Cox

Slashdot - Your Rights Online - So, 2018-08-04 15:00
An anonymous reader quotes a report from TorrentFreak: This week Cox's problems doubled after a group of high profile record labels filed a new piracy liability lawsuit against the Internet provider. Sony Music Entertainment, EMI Music, Universal Music, Warner Bros Records, and several others accuse the company of turning a blind eye to pirating subscribers. The labels argue that Cox has knowingly contributed to the piracy activities of its subscribers and that it substantially profited from this activity. All at the expense of the record labels and other rightsholders. "Indeed, for years, Cox deliberately refused to take reasonable measures to curb its customers from using its Internet services to infringe on others' copyrights -- even once Cox became aware of particular customers engaging in specific, repeated acts of infringement," the complaint reads. To stop the infringing activities, the music companies sent hundreds of thousands of notices to the Internet provider. This didn't help much, they claim, noting that Cox actively limited the number of notices it processed. "Rather than working with Plaintiffs to curb this massive infringement, Cox unilaterally imposed an arbitrary cap on the number of infringement notices it would accept from copyright holders, thereby willfully blinding itself to any of its subscribers' infringements that exceeded its 'cap.'" Cox has previously stressed that it implemented a "thirteen-strike policy" to deal with the issue. According to the record labels, it is clear that Cox intentionally ignored these repeated copyright infringements. As such, they believe that the ISP is liable for both contributory and vicarious copyright infringement. As compensation for the claimed losses, the companies demand statutory or actual damages, as well as coverage for their attorney fees and other costs. Since the complaint lists over 10,000 musical works, and there's a statutory maximum of $150,000 per work, the case could in theory cost Cox more than $1.5 billion.

Read more of this story at Slashdot.

Trump Administration Tells Supreme Court To Wipe Out Decision Upholding Net Neutrality

Slashdot - Your Rights Online - So, 2018-08-04 01:00
Repealing net neutrality wasn't enough for the Trump administration. Today, the administration asked the U.S. Supreme Court to vacate a 2016 appeal court ruling that had upheld Obama era net neutrality rules that barred ISPs from blocking, throttling, or prioritizing content. Reuters reports: The request was made even though the Federal Communications Commission voted along party lines to toss out the 2015 rules late last year, rendering the fight over their legality moot. In a filing to the Supreme Court, the Trump administration said the question for the court was "whether the now-superseded 2015 order was invalid because it exceeded the FCC's statutory authority, was arbitrary and capricious, was promulgated without adequate public notice, or violated the First Amendment."

Read more of this story at Slashdot.

FCC Sides With Google Fiber Over Comcast With New Pro-Competition Rule

Slashdot - Your Rights Online - Pt, 2018-08-03 22:20
An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission today approved new rules that could let Google Fiber and other new [ISPs] gain faster access to utility poles. The FCC's One Touch Make Ready (OTMR) rules will let companies attach wires to utility poles without waiting for the other users of the pole to move their own wires. Google Fiber says its deployment has stalled in multiple cities because Comcast and AT&T take a long time to get poles ready for new attachers. One Touch Make Ready rules let new attachers make all of the necessary wire adjustments themselves. Comcast urged the FCC to "reject 'one-touch make-ready' proposals, which inure solely to the benefit of new entrants while unnecessarily risking harm to existing attachers and their customers." FCC Chairman Ajit Pai rejected this argument, saying that startups are unnecessarily delayed when they have to wait for incumbent ISPs before hanging wires. Here's what Pai had to say: "For a competitive entrant, especially a small company, breaking into the market can be hard, if not impossible, if your business plan relies on other entities to make room for you on those poles. Today, a broadband provider that wants to attach fiber or other equipment to a pole first must wait for, and pay for, each existing attacher to sequentially move existing equipment and wires. This can take months, and the bill for multiple truck rolls adds up. For companies of any size, pole-attachment problems represent one of the biggest barriers to broadband deployment."

Read more of this story at Slashdot.

GE Engineer With Ties To China Accused of Stealing Power Plant Technology

Slashdot - Your Rights Online - Pt, 2018-08-03 20:20
An anonymous reader quotes a report from TheStreet: General Electric stock was little changed on Friday, August 3, as a GE engineer with ties to China who has been accused of stealing proprietary power-turbine technology has been released on bond. Xiaoqing Zheng, 56, has been in custody since Wednesday when the FBI raided his home in Niskayuna, New York, near Albany. A federal judge on Thursday set a $100,000 bond; Zheng offered his family's home as collateral and was released on Friday. He was ordered to wear an electronic monitoring device and limit his travel, according to multiple media reports. Zheng, who is a U.S. citizen, was hired by GE in 2008 to work as a principal engineer for the company's power division, according to an affidavit by an FBI agent filed in federal court in Albany. Zheng is "suspected of taking/stealing, on multiple occasions via sophisticated means, data files from GE's laboratories that contain GE's trade secret information involving turbine technology," the FBI said in its affidavit. He also took "elaborate means" to conceal the removal of GE data files. "The primary focus of this affidavit is Zheng's action in 2018 in which he encrypted GE data files containing trade secret information, and thereafter sent the trade secret information from his GE work computer to Zheng's personal e-mail address hidden in the binary code of a digital photograph via a process known as steganography," the FBI said. "Additionally, the secondary focus of this affidavit is Zheng's actions in 2014 in which he downloaded more than 19,000 files from GE's computer network onto an external storage device, believed by GE investigators to have been a personal thumb drive." Zheng's attorney disputed the allegations, saying Zheng "transmitted information on his own patents to himself and to no one else."

Read more of this story at Slashdot.

How Criminals Recruit Telecom Employees To Help Them Hijack SIM Cards

Slashdot - Your Rights Online - Pt, 2018-08-03 18:18
An anonymous reader writes: Sources who work for some of America's major cellphone carriers tell us how criminals are trying to recruit them to get help hacking victims. Normally, criminals approach them online, offering to pay them in Bitcoin (the equivalent of $100 for example). In exchange, the employee has to log into a company portal and process a so-called SIM swap. From the report: How criminals find the employees in the first place can vary. Some SIM hijackers I spoke to told me they approach them through shared friends in real life, others told me they just comb LinkedIn, Reddit or social media sites. AT&T and Sprint did not respond to requests for comment about whether or not it had any knowledge of insiders helping criminals. A T-Mobile spokesperson said in a statement that the company is "aware of these ongoing and ever-changing attempts to take advantage of consumers across the wireless industry and we'll keep fighting to ensure our customers' safety." A Verizon spokesperson said the company doesn't share details of internal security processes or investigations, but the company "has systems in place that work to detect employee/vendor misconduct."

Read more of this story at Slashdot.

Easier Streaming Services Put Dent in Illegal Downloading

Slashdot - Your Rights Online - Pt, 2018-08-03 16:40
Music piracy is falling out of favour as streaming services become more widespread, new figures show. From a report: One in 10 people in the UK use illegal downloads, down from 18% in 2013, according to YouGov's Music Report. The trend looks set to continue -- with 22% of those who get their music illegitimately saying they do not expect to be doing so in five years. "It is now easier to stream music than to pirate it," said one survey participant. Another respondent said: "Spotify has everything from new releases to old songs, it filled the vacuum, there was no longer a need for using unverified sources."

Read more of this story at Slashdot.

Browser Firm That Required Users To Confirm Their Real Life Identity Shut Down After Its Employees Were Threatened

Slashdot - Your Rights Online - Cz, 2018-08-02 20:35
New submitter nleskovic shares a report: When Authenticated Reality launched last year, it seemed that the company had struck gold in terms of market demand and fit. The Austin-based startup had developed a Web browser that would require users to prove they are who they say they are. Users would have to sign up for an account -- scanning their driver's license and taking a photo -- in order to download the browser, which would sit "on top" of the Internet, said Chris Ciabarra, Authenticated Reality's co-founder, in an interview last year. "Everybody knows who everybody is," he said. So, when Facebook announced this week that its site was, once again, home to inauthentic pages and accounts designed to influence the outcome of the upcoming midterm Congressional elections, I contacted Ciabarra to find out how the company was doing. But, he said Wednesday that he had shut down the startup just a month after its debut. He said people who had heard about Authenticated Reality from media reports were visiting the firm's offices in California and threatening employees. (The addresses were listed on the website.) "It was getting kind of scary," he told me. "They were thinking we were taking their freedom away because they had to sign up using a driver's license. They thought we were trying to follow them."

Read more of this story at Slashdot.

White House Proposal Rolls Back Fuel Economy Standards, No Exception For California

Slashdot - Your Rights Online - Cz, 2018-08-02 19:50
The Trump administration has proposed a rollback of Obama-era fuel efficiency and emissions standards, while simultaneously taking aim at California's unique ability to set more stringent rules. From a report: Under the Obama administration, the Environmental Protection Agency called for the fuel economy standards for new vehicles to ratchet up over time. The increasingly strict standards were designed to combat climate change by reducing greenhouse gas emissions. On Thursday, the EPA and the National Highway Traffic Safety Administration released a new proposed rule that would instead freeze the standards at their 2020 levels for six years. "Cars and trucks are just part of the basic fiber of the American economy and the American experience, so we take what we're doing very, very seriously," Bill Wehrum, EPA assistant administrator, told reporters on Thursday. The agencies say that increasing fuel efficiency requirements contributes to an increase in the cost of new cars and trucks, which may discourage consumers from buying new vehicles. Because newer vehicles have advanced safety features, the administration argues, increasing fuel economy requirements therefore harms highway safety, as well as having economic effects.

Read more of this story at Slashdot.

Congress Passes Bill Forcing Tech Companies To Disclose Foreign Software Probes

Slashdot - Your Rights Online - Cz, 2018-08-02 15:00
An anonymous reader quotes a report from Reuters: The U.S. Congress is sending President Donald Trump legislation that would force technology companies to disclose if they allowed countries like China and Russia to examine the inner workings of software sold to the U.S. military. Companies would be required to address any security risks posed by the foreign source code reviews to the satisfaction of the Pentagon, or lose the contract. The legislation also creates a database, searchable by other government agencies, of which software was examined by foreign states that the Pentagon considers a cyber security risk. It makes the database available to public records requests, an unusual step for a system likely to include proprietary company secrets. The final version of the bill was approved by the Senate in a 87-10 vote on Wednesday after passing the House last week. The spending bill is expected to be signed into law by Trump.

Read more of this story at Slashdot.

Top Genetic Testing Firms Promise Not To Share Data Without Consent

Slashdot - Your Rights Online - Cz, 2018-08-02 09:00
Ancestry, 23andMe and several other top genetic testing companies pledged on Tuesday not to share users' DNA data with others without consent. "Under the new guidelines, the companies said they would obtain consumers "separate express consent" before turning over their individual genetic information to businesses and other third parties, including insurers," reports The Washington Post. "They also said they would disclose the number of law-enforcement requests they receive each year." From the report: The new commitments come roughly three months after local investigators used a DNA-comparison service to track down a man police believed to be the Golden State Killer, who allegedly raped and killed dozens of women in California in the 1970s and 1980s. Investigators identified the suspect using a decades-old DNA sample obtained from the crime scene, which they uploaded to GEDmatch, a crowdsourced database of roughly a million distinct DNA sets shared by volunteers. Investigators said they did not need a court order before using GEDmatch, sparking fresh fears that users' biological data might be too easy to access -- and could end up in the wrong hands -- without additional regulation on the fast-growing, already popular industry.

Read more of this story at Slashdot.