aggregator

Vibrator Maker To Pay Millions Over Claims It Secretly Tracked Use

Slashdot - Your Rights Online - Śr, 2017-03-15 00:00
An anonymous reader quotes a report from NPR: The makers of the We-Vibe, a line of vibrators that can be paired with an app for remote-controlled use, have reached a $3.75 million class action settlement with users following allegations that the company was collecting data on when and how the sex toy was used. The We-Vibe product line includes a number of Bluetooth-enabled vibrators that, when linked to the "We-Connect" app, can be controlled from a smartphone. It allows a user to vary rhythms, patterns and settings -- or give a partner, in the room or anywhere in the world, control of the device. Since the app was released in 2014, some observers have raised concerns that Internet-connected sex toys could be vulnerable to hacking. But the lawsuit doesn't involve any outside meddling -- instead, it centers on concerns that the company itself was tracking users' sex lives. The lawsuit was filed in federal court in Illinois in September. It alleges that -- without customers' knowledge -- the app was designed to collect information about how often, and with what settings, the vibrator was used. The lawyers for the anonymous plaintiffs contended that the app, "incredibly," collected users' email addresses, allowing the company "to link the usage information to specific customer accounts." Customers' email addresses and usage data were transmitted to the company's Canadian servers, the lawsuit alleges. When a We-Vibe was remotely linked to a partner, the connection was described as "secure," but some information was also routed through We-Connect and collected, the lawsuit says.

Read more of this story at Slashdot.

It's Possible To Hack a Smartphone With Sound Waves, Researchers Show

Slashdot - Your Rights Online - Wt, 2017-03-14 23:20
A security loophole that would allow someone to add extra steps to the counter on your Fitbit monitor might seem harmless. But researchers say it points to the broader risks that come with technology's embedding into the nooks of our lives. John Markoff, writes for the NYTimes: On Tuesday, a group of computer security researchers at the University of Michigan and the University of South Carolina will demonstrate that they have found a vulnerability that allows them to take control of or surreptitiously influence devices through the tiny accelerometers that are standard components in consumer products like smartphones, fitness monitors and even automobiles. In their paper, the researchers describe how they added fake steps to a Fitbit fitness monitor and played a "malicious" music file from the speaker of a smartphone to control the phone's accelerometer. That allowed them to interfere with software that relies on the smartphone, like an app used to pilot a radio-controlled toy car. "It's like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words" and enter commands rather than just shut down the phone, said Kevin Fu, an author of the paper, who is also an associate professor of electrical engineering and computer science at the University of Michigan and the chief executive of Virta Labs, a company that focuses on cybersecurity in health care. "You can think of it as a musical virus."

Read more of this story at Slashdot.

Germany Plans To Fine Social Media Sites Over Hate Speech

Slashdot - Your Rights Online - Wt, 2017-03-14 21:20
Germany plans a new law calling for social networks like Facebook to remove slanderous or threatening online postings quickly or face fines of up to 50 million euros ($53 mln). From a report: "This (draft law) sets out binding standards for the way operators of social networks deal with complaints and obliges them to delete criminal content," Justice Minister Heiko Maas said in a statement announcing the planned legislation on Tuesday. Failure to comply could see a social media company fined up to 50 million euros, and the company's chief representative in Germany fined up to 5 million euros. Germany already has some of the world's toughest hate speech laws covering defamation, slander, public incitement to commit crimes and threats of violence, backed up by prison sentences for Holocaust denial or inciting hatred against minorities. It now aims to update these rules for the social media age.

Read more of this story at Slashdot.

Facebook Admits Flaw in Image Moderation After BBC Report

Slashdot - Your Rights Online - Wt, 2017-03-14 20:40
From a report on BBC: A Facebook executive has admitted to MPs its moderating process "was not working" following a BBC investigation. BBC News reported 100 posts featuring sexualised images and comments about children, but 82 were deemed not to "breach community standards." Facebook UK director Simon Milner told MPs the problem was now fixed. He was speaking to the Commons Home Affairs committee alongside bosses from Twitter and Google as part of an investigation into online hate crime. The BBC investigation reported dozens of posts through the website tool, including images from groups where users were discussing swapping what appeared to be child abuse material. When journalists went back to Facebook with the images that had not been taken down, the company reported them to the police and cancelled an interview, saying in a statement: "It is against the law for anyone to distribute images of child exploitation."

Read more of this story at Slashdot.

FBI Says It Can't Release iPhone Hacking Tool Because It Might Still Be Useful

Slashdot - Your Rights Online - Wt, 2017-03-14 16:40
Justice Dept. officials say that details of a hacking tool used to access a terrorist's iPhone should not be released because it may still be "useful" to federal investigators. From a report: The government is fighting a case against three news organizations, including the Associated Press, which are fighting to release details of the hacking tool that FBI agents used to unlock a passcode-protected phone used by San Bernardino shooter Syed Farook. Details of the hacking tool have remained classified, not least because the Justice Dept. believes the tool may could still be used by the FBI in similar cases. "Disclosure of this information could reasonably be expected to cause serious damage to national security as it would allow hostile entities to discover the current intelligence gathering methods used, as well as the capabilities and limitations of these methods," said David Hardy, section chief of the FBI's records management division, in a court filing released late Monday.

Read more of this story at Slashdot.

Apple, Amazon, and Microsoft Are Helping Google Fight an Order To Hand Over Foreign Emails

Slashdot - Your Rights Online - Wt, 2017-03-14 16:00
Apple, Microsoft, Amazon, and Cisco have filed an amicus brief in support of Google, after a Pennsylvania court ruled that the company had to hand over emails stored overseas in response to an FBI warrant. From a report: An amicus brief is filed by people or companies who have an interest in the case, but aren't directly involved. In this case, it's in Silicon Valley's interest to keep US law enforcement from accessing customer data stored outside the US. It isn't clear what data Google might have to hand over and, last month, the company said it would fight to the order. In the brief, the companies argue: "When a warrant seeks email content from a foreign data center, that invasion of privacy occurs outside the United States -- in the place where the customers' private communications are stored, and where they are accessed, and copied for the benefit of law enforcement, without the customer's consent."

Read more of this story at Slashdot.

A Rogue Robot Is Blamed For a Human Colleague's Gruesome Death

Slashdot - Your Rights Online - Wt, 2017-03-14 15:00
A new lawsuit has emerged claiming a robot is responsible for killing a human colleague, reports Quartz. It all started in July 2015, when Wanda Holbrook, "a maintenance technician performing routine duties on an assembly line" at an auto-parts maker in Ionia, Michigan, called Ventra Ionia Main, "was 'trapped by robotic machinery' and crushed to death." From the report: On March 7, her husband, William Holbrook, filed a wrongful death complaint (pdf) in Michigan federal court, naming five North American robotics companies involved in engineering and integrating the machines and parts used at the plant: Prodomax, Flex-N-Gate, FANUC, Nachi, and Lincoln Electric. Holbrook's job involved keeping robots in working order. She routinely inspected and adjusted processes on the assembly line at Ventra, which makes bumpers and trailer hitches. One day, Holbrook was performing her regular duties when a machine acted very irregularly, according to the lawsuit reported in Courthouse News. Holbrook was in the plant's six-cell "100 section" when a robot unexpectedly activated, taking her by surprise. The cells are separated by safety doors and the robot should not have been able to move. But it somehow reached Holbrook, and was intent on loading a trailer-hitch assembly part right where she stood over a similar part in another cell. The machine loaded the hardware onto Holbrook's head. She was unable to escape, and her skull was crushed. Co-workers who eventually noticed that something seemed amiss found Holbrook dead. William Holbrook seeks an unspecified amount of damages, arguing that before her gruesome death, his wife "suffered tremendous fright, shock and conscious pain and suffering." He also names three of the defendants -- FANUC, Nachi, and Lincoln Electric -- in two additional claims of product liability and breach of implied warranty. He argues that the robots, tools, controllers, and associated parts were not properly designed, manufactured or tested, and not fit for use. "The robot from section 130 should have never entered section 140, and should have never attempted to load a hitch assembly within a fixture that was already loaded with a hitch assembly. A failure of one or more of defendants' safety systems or devices had taken place, causing Wanda's death," the lawsuit alleges.

Read more of this story at Slashdot.

Nintendo Switch Ships With Unpatched 6-Month-Old WebKit Vulnerabilities

Slashdot - Your Rights Online - Wt, 2017-03-14 12:00
An anonymous reader quotes a report from Ars Technica: Nintendo's Switch has been out for almost two weeks, which of course means that efforts to hack it are well underway. One developer, who goes by qwertyoruiop on Twitter, has demonstrated that the console ships with months-old bugs in its WebKit browser engine. These bugs allow for arbitrary code execution within the browser. A proof-of-concept explainer video was posted here. The potential impact of these vulnerabilities for Switch users is low. A Switch isn't going to have the same amount of sensitive data on it that an iPhone or iPad can, and there are way fewer Switches out there than iDevices. Right now, the Switch also doesn't include a standalone Internet browser, though WebKit is present on the system for logging into public Wi-Fi hotspots, and, with some cajoling, you can use it to browse your Facebook feed. The exploit could potentially open the door for jailbreaking and running homebrew software on the Switch, but, as of this writing, the exploit doesn't look like it provides kernel access. The developer who discovered the exploit himself says that the vulnerability is just a "starting point."

Read more of this story at Slashdot.

NYC Sues Verizon For Breaking Promise To Make FiOS Available To All Residents

Slashdot - Your Rights Online - Wt, 2017-03-14 05:30
New submitter erickessler writes: 1 million NYC homes can't get Verizon FiOS, so the city just sued Verizon. Verizon wants another four years to cover remaining 1 million households. Washington Post reports: "New York City has sued Verizon, saying the phone giant broke its 2008 promise (PDF) to make its Fios cable service available to all city residents. The city said in a lawsuit (PDF) Monday that Verizon missed a 2014 deadline to extend wire by every home or apartment building in the city -- in technical parlance, "passing" the home. The city also argues that Verizon hasn't installed service for thousands who requested it. Verizon disagrees with the city's definition of "passing" a home and says it has done its job. Spokesman Ray McConville said Monday that Verizon sees "passed" as meaning that it can reach every home, provided a landlord gives permission. Verizon wants to reach some buildings through other buildings. In a letter to the city Friday, Verizon says 2.2 million households have access to Fios, a phone, cable and high-speed internet network. Verizon said Monday that it is committed to expanding Fios availability to the city's remaining 1 million households."

Read more of this story at Slashdot.

Facebook and Instagram Ban Developers From Using Data For Surveillance

Slashdot - Your Rights Online - Wt, 2017-03-14 02:45
An anonymous reader quotes a report from The Guardian: Facebook and Instagram have banned developers from using their data for surveillance with a new privacy policy that civil rights activists have long sought to curb spying by law enforcement. Following revelations last year that police departments had gained special access to the social networks to track protesters, Facebook, which owns Instagram, announced on Monday that it had updated its rules to state that developers could not "use data obtained from us to provide tools that are used for surveillance." The American Civil Liberties Union obtained government records last year revealing that Facebook, Instagram and Twitter had provided users' data to a software company that aids police surveillance programs and had helped law enforcement monitor Black Lives Matter demonstrations. The ACLU found that the social networking sites had given "special access" to Geofeedia, a controversial startup that has partnered with law enforcement to track streams of user content. "Our goal is to make our policy explicit," Facebook said in its announcement on Monday. "Over the past several months we have taken enforcement action against developers who created and marketed tools meant for surveillance, in violation of our existing policies; we want to be sure everyone understands the underlying policy and how to comply."

Read more of this story at Slashdot.

Ask Slashdot: How Would You Solve the Instant Messaging Problem?

Slashdot - Your Rights Online - Wt, 2017-03-14 01:20
Artem Tashkinov writes: The XKCD comics has posted a wonderful and exceptionally relevant post in regard to the today's situation with various instant messaging solutions. E-mail has served us well in the past, however, it's not suitable for any real-time communications involving video and audio. XMPP was a nice idea, however, it has largely failed except for a low number of geeks who stick to it. Nowadays, some people install up to seven instant messengers to be able to keep up with various circles of people. How do you see this situation being resolved? People desperately need a universal solution which is secure, decentralized, fault tolerant, not attached to your phone number, protects your privacy, supports video and audio chats and sending of files, works behind NATs and other firewalls and has the ability to send offline messages. I believe we need a modern version of SMTP. [How would you solve the instant messaging problem?]

Read more of this story at Slashdot.

Online Job Sites May Block Older Workers

Slashdot - Your Rights Online - Wt, 2017-03-14 00:40
Joe_Dragon quotes a report from CNBC: Older Americans struggling to overcome age discrimination while looking for work face a new enemy: their computers. Illinois Attorney General Lisa Madigan recently opened a probe into allegations that ageism is built right into the online software tools that millions of Americans use to job hunt. Separate research published recently by the San Francisco Federal Reserve Bank found that in a widespread test using fabricated resumes, fictional older workers were 30 percent less likely to be contacted after applying for jobs. Fictional older women had it even worse, being 47 percent less likely to get a "callback." Several forces are conspiring to ensure that many Americans have to work well past the traditional retirement age of 65. People are living longer, their retirement savings are inadequate, and Social Security reforms are almost certainly going to require it. The San Francisco Fed says that the share of the older-65 working population is projected to rise sharply -- from about 19 percent now to 29 percent in the year 2060. Online job-hunting tools should be making things easier for older employment seekers, and it can. Indeed.com, which claims to list 16 million jobs worldwide, currently lists 158,000 openings under its "Part Time Jobs, Senior Citizen Jobs" category. Monster.com, which claims 5 million listings, has a special home page for "Careers at 50+." In other ways, however, online job sites can cut older workers out. Age bias is built right into their software, according to Madigan. Job seekers who try to build a profile or resume can find that it's impossible to complete some forms because drop-down menus needed to complete tasks don't go back far enough to let older applicants fill them out. For example, one site's menu options for "years attended college" stops abruptly at 1956. That could prevent someone in their late 70s from filling out the form. Madigan's office said it found one example that only accommodated those who had attended school after 1980, "barring anyone who is older than 52." Other sites used dates ranging from 1950 to 1970 as cutoffs, her office said. The Illinois' Civil Rights Bureau has opened a probe into potential violations of the Illinois Human Rights Act and the federal Age Discrimination in Employment Act. Madigan's office has sent inquiry letters to six top jobs sites: Beyond.com, CareerBuilder, Indeed Inc., Ladders Inc., Monster Worldwide Inc. and Vault.

Read more of this story at Slashdot.

The Most Striking Thing About the WikiLeaks CIA Data Dump Is How Little Most People Cared

Slashdot - Your Rights Online - Pn, 2017-03-13 20:40
Last week, WikiLeaks released a trove of web pages describing sophisticated software tools and techniques used by the C.I.A to break into smartphones, computers, and IoT devices including smart TVs. Despite the initial media coverage, it appears normal people don't really care much about it, reports Quartz. An anonymous reader shares the report: There's also one other big difference between now and 2013. Snowden's NSA revelations sent shockwaves around the world. Despite WikiLeaks' best efforts at theatrics -- distributing an encrypted folder and tweeting the password "SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds" -- the Vault 7 leak has elicited little more than a shrug from the media and the public, even if the spooks are seriously worried. Maybe it's because we already assume the government can listen to everything.

Read more of this story at Slashdot.

Typo In IP Address Led To an Innocent Father's Arrest For Paedophilia

Slashdot - Your Rights Online - Pn, 2017-03-13 16:40
An anonymous reader has shared a shocking story about the arrest of Nigel Lang by the British police for a crime he didn't commit. It all happened because of a typo, according to a report. From the report: On a Saturday morning in July 2011, Nigel Lang, then aged 44, was at home in Sheffield with his partner and their 2-year-old son when there was a knock at the door. He opened it to find a man and two women standing there, one of whom asked if he lived at the address. When he said he did, the three strangers pushed past him and one of the women, who identified herself as a police officer, told Lang and his partner he was going to be arrested on suspicion of possessing indecent images of children. [...] He was told that when police requested details about an IP address connected to the sharing of indecent images of children, one extra keystroke was made by mistake, sending police to entirely the wrong physical location. But it would take years, and drawn-out legal processes, to get answers about why this had happened to him, to force police to admit their mistake, and even longer to begin to get his and his family's lives back on track. Police paid Lang 60,000 British Pound ($73,500) in compensation last autumn after settling out of court, two years after they finally said sorry and removed the wrongful arrest from his record.

Read more of this story at Slashdot.

What The CIA WikiLeaks Dump Tells Us: Encryption Works

Slashdot - Your Rights Online - Pn, 2017-03-13 12:34
"If the tech industry is drawing one lesson from the latest WikiLeaks disclosures, it's that data-scrambling encryption works," writes the Associated Press, "and the industry should use more of it." An anonymous reader quotes their report: Documents purportedly outlining a massive CIA surveillance program suggest that CIA agents must go to great lengths to circumvent encryption they can't break. In many cases, physical presence is required to carry off these targeted attacks. "We are in a world where if the U.S. government wants to get your data, they can't hope to break the encryption," said Nicholas Weaver, who teaches networking and security at the University of California, Berkeley. "They have to resort to targeted attacks, and that is costly, risky and the kind of thing you do only on targets you care about. Seeing the CIA have to do stuff like this should reassure civil libertarians that the situation is better now than it was four years ago"... Cindy Cohn, executive director for Electronic Frontier Foundation, a group focused on online privacy, likened the CIA's approach to "fishing with a line and pole rather than fishing with a driftnet." The article points out that there are still some exploits that bypass encryption, according to the recently-released CIA documents. "Although Apple, Google and Microsoft say they have fixed many of the vulnerabilities alluded to in the CIA documents, it's not known how many holes remain open."

Read more of this story at Slashdot.

Tim Berners-Lee Warns About the Web's Three Biggest Threats

Slashdot - Your Rights Online - Pn, 2017-03-13 06:36
Sunday was the 28th anniversary of the day that 33-year-old Tim Berners-Lee submitted his proposal for the World Wide Web -- and the father of the web published a new letter today about "how the web has evolved, and what we must do to ensure it fulfills his vision of an equalizing platform that benefits all of humanity." It's been an ongoing battle to maintain the web's openness, but in addition, Berners-Lee lists the following issues: 1) We've lost control of our personal data. 2) It's too easy for misinformation to spread on the web. 3) Political advertising online needs transparency and understanding. Tim Berners-Lee writes: We must work together with web companies to strike a balance that puts a fair level of data control back in the hands of people, including the development of new technology like personal "data pods" if needed and exploring alternative revenue models like subscriptions and micropayments. We must fight against government over-reach in surveillance laws, including through the courts if necessary. We must push back against misinformation by encouraging gatekeepers such as Google and Facebook to continue their efforts to combat the problem, while avoiding the creation of any central bodies to decide what is "true" or not. We need more algorithmic transparency to understand how important decisions that affect our lives are being made, and perhaps a set of common principles to be followed. We urgently need to close the "internet blind spot" in the regulation of political campaigning. Berners-Lee says his team at the Web Foundation "will be working on many of these issues as part of our new five year strategy," researching policy solutions and building progress-driving coalitions, as well as maintaining their massive list of digital rights organizations. "I may have invented the web, but all of you have helped to create what it is today... and now it is up to all of us to build the web we want -- for everyone." Inspired by the letter, very-long-time Slashdot reader Martin S. asks, does the web need improvements? And if so, "I'm wondering what Slashdotters would consider to be a solution?"

Read more of this story at Slashdot.

Notepad++ Update Fixes 'CIA Hacking' Issue

Slashdot - Your Rights Online - N, 2017-03-12 21:34
Free software Notepad++ (released under the GNU General Public License) received a new update this week which was announced under the headline "Fix CIA Hacking Notepad++ Issue". The CIA documents in WikiLeaks' 'Vault 7' included a "Notepad++ DLL Hijack" document which affected the popular Windows editor for text and source code. "It's not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it," reads the announcement. From the Notepad++ web site: If the certificate is missing or invalid, then it just won't be loaded, and Notepad++ will fail to launch. Checking the certificate of DLL makes it harder to hack. Note that once users' PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC. The update also includes "a lot of enhancements and bug-fixes," and if no critical issues are found, "Auto-updater will be triggered in few days."

Read more of this story at Slashdot.

Volkwagen Finally Pleads Guilty On 'Dieselgate' Charges

Slashdot - Your Rights Online - N, 2017-03-12 19:34
Friday Volkswagen admitted in court that they'd committed fraud in their diesel emissions tests, also pleading guilty to falsifying statements and obstruction of justice. An anonymous reader quotes CNET: It marks the first time VW admitted guilt in any court in the world, according to a VW spokesman speaking to Reuters. The judge overseeing the case in the U.S. District Court in Detroit accepted the plea and will issue a sentence at a hearing on April 21. "The agreements that we have reached with the US government reflect our determination to address misconduct that went against all of the values Volkswagen holds so dear," Volkswagen said in an emailed statement... The road to Dieselgate's conclusion still has plenty of pavement, though. The company is still under investigation by the Securities and Exchange Commission and Internal Revenue Service. And that's in the US alone. "VW AG is pleading guilty to all three counts because it is guilty on all three counts," the company's general counsel told the judge. Reuters also reports that VW offered to buy back half a million vehicles just in America, and agreed to spend up to $25 billion in the U.S. to address claims from unhappy owners.

Read more of this story at Slashdot.

How Seven Movie Studios Forced A Pirated Movie Site Offline

Slashdot - Your Rights Online - N, 2017-03-12 17:34
A major pirated movie site went offline last month after seven Hollywood studios won a preliminary court injunction. An anonymous reader quotes the Hollywood Reporter: The MPAA-member studios sued the operators of PubFilm/PidTV in February, asking the court for a temporary restraining order to shut down what it described as a ring of six interconnected large-scale piracy sites. The suit was initially sealed, but was made public on Friday. Warner Bros, 20th Century Fox, Columbia Pictures, Universal, Disney, Paramount and Viacom are named as plaintiffs in the suit for direct and secondary copyright infringement, trademark infringement and unfair competition. They're seeking statutory damages of $150,000 per infringement plus restitution of the sites' profits. So, depending on how many instances of infringement are discovered, the damages in this case could be astronomical. The studios claim the sites had more than 8 million visitors each month, nearly half of which were linked to IP addresses in the U.S... The sites are believed to be operated in Vietnam. The court also ordered GoDaddy, VeriSign and Enom to disable all six domain names, to prevent the domains from being transferred, and to do it without communicating or warning the sites' owners first. In response, the defendants purchased a new domain, and then began publicizing it with ads on Google AdSense.

Read more of this story at Slashdot.

Backlash Builds Against Bill Gates' Call For A Robot Tax

Slashdot - Your Rights Online - N, 2017-03-12 13:34
Bill Gates argued governments should tax companies that use replace humans with robots, which "provoked enough negative feedback to fry a motherboard," according to CBS News. Here's how they summarized some of the reactions: "Why pick on robots?" former Treasury Secretary Summers asked in a Washington Post opinion piece, which called Gates "profoundly misguided." The economist argued that progress, however messy and disruptive sometimes, ultimately benefits society overall.Mike Shedlock, a financial adviser with Sitka Pacific Capital Management in Edmonds, Washington, wrote on his blog that robot owners, who likely would pay the tax, would simply pass it along by jacking up prices.The European Union's parliament in February rejected a measure to impose a tax on robots, using much the same reasoning as Gates' critics. But even while acknowledging that technology can complement humans rather than replacing them, a Bloomberg columnist argues that "Gates is right to say that we should start thinking ahead of time about how to use policy to mitigate the disruptions of automation." So if we're not going to tax robots, then how should society handle the next great wave of automated labor?

Read more of this story at Slashdot.