aggregator

Afghans Scramble To Delete Digital History, Evade Biometrics

Slashdot - Your Rights Online - Śr, 2021-08-18 16:43
Thousands of Afghans struggling to ensure the physical safety of their families after the Taliban took control of the country have an additional worry: that biometric databases and their own digital history can be used to track and target them. From a report: U.N. Secretary-General Antonio Guterres has warned of "chilling" curbs on human rights and violations against women and girls, and Amnesty International on Monday said thousands of Afghans - including academics, journalists and activists - were "at serious risk of Taliban reprisals." After years of a push to digitise databases in the country, and introduce digital identity cards and biometrics for voting, activists warn these technologies can be used to target and attack vulnerable groups. "We understand that the Taliban is now likely to have access to various biometric databases and equipment in Afghanistan," the Human Rights First group wrote on Twitter on Monday. "This technology is likely to include access to a database with fingerprints and iris scans, and include facial recognition technology," the group added. The U.S.-based advocacy group quickly published a Farsi-language version of its guide on how to delete digital history - that it had produced last year for activists in Hong Kong - and also put together a manual on how to evade biometrics. Tips to bypass facial recognition include looking down, wearing things to obscure facial features, or applying many layers of makeup, the guide said, although fingerprint and iris scans were difficult to bypass.

Read more of this story at Slashdot.

Microsoft Envisions a Blockchain-Based Bounty System to Catch Pirates

Slashdot - Your Rights Online - Śr, 2021-08-18 04:02
A new paper (PDF) published by Microsoft's research department proposes to tackle piracy with a blockchain-based bounty system titled "Argus." The system allows volunteers to report piracy in exchange for a reward. It uses the Ethereum blockchain and is transparent, practical, and secure, while limiting abusive reports and errors. TorrentFreak reports: Argus is a transparent system built on the Ethereum blockchain that allows people to anonymously report piracy in exchange for a bounty. Pirated content is traced back to the source through a unique watermark that corresponds with a secret code. When a pirated copy is reported, the status of the source (licensee) is changed to "accused." The system provides an appeal option, but if that fails, the accused status changes to "guilty." Argus is an open system but there are various safeguards to prevent abuse. Reporting the same pirated work multiple times under different aliases is useless, for example, as that will only reduce the reward. The system relies on several checks to ensure that the system is open, while avoiding false accusations at the same time. And according to the researchers, the costs of utilizing the blockchain are relatively low. "We effectively optimize several cryptographic operations so that the cost for a piracy reporting is reduced to an equivalent cost of sending about 14 ETH-transfer transactions to run on the public Ethereum network, which would otherwise correspond to thousands of transactions. "With the security and practicality of Argus, we hope real-world anti-piracy campaigns will be truly effective by shifting to a fully transparent incentive mechanism," the researchers add. Whether Microsoft has any plans to test the system in the wild is unknown. It theoretically works with various media types including images, audio and software. That said, it's unclear how effective it will be. The researchers "assume" that the watermarking technology deployed is tamper-free, which isn't always the case today. The paper and the Argus system will be presented at the upcoming 40th International Symposium on Reliable Distributed Systems, which will be held virtually at the end of September.

Read more of this story at Slashdot.

Critical Bug Impacting Millions of IoT Devices Lets Hackers Spy On You

Slashdot - Your Rights Online - Śr, 2021-08-18 02:45
An anonymous reader quotes a report from BleepingComputer: Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek's Kalay IoT cloud platform. The security issue impacts products from various manufacturers providing video and surveillance solutions as well as home automation IoT systems that use the Kalay network for easy connectin and communication with a corresponding app. A remote attacker could leverage the bug to gain access to the live audio and video streams, or to take control of the vulnerable device. Researchers at Mandiant's Red Team discovered the vulnerability at the end of 2020 and worked with the U.S. Cybersecurity and Infrastructure Security Agency and ThroughTek to coordinate the disclosure and create mitigation options. Tracked as CVE-2021-28372, the issue is a device impersonation vulnerability that received a severity score of 9.6 out of 10. It affects the Kalay protocol that is implemented as a software development kit (SDK) that is built into mobile and desktop applications. Mandiant's Jake Valletta, Erik Barzdukas, and Dillon Franke looked at ThroughTek's Kalay protocol and found that registering a device on the Kalay network required only the device's unique identifier (UID). Following this lead, the researchers discovered that a Kalay client, such as a mobile app, usually receives the UID from a web API hosted by the vendor of the IoT device. An attacker with the UID of a target system could register on the Kalay network a device they control and receive all client connection attempts. This would allow them to obtain the login credentials that provide remote access to the victim device audio-video data. The researchers say that this type of access combined with vulnerabilities in device-implemented RPC (remote procedure call) interface can lead to complete device compromise. By the latest data from ThroughTek, its Kalay platform has more than 83 million active devices and manages over 1 billion connections every month. The best way to protect yourself from this vulnerability is to keep your device software and applications updated to the latest version, as well as create complex, unique login passwords. The report also recommends you avoid connecting to IoT devices from an untrusted network.

Read more of this story at Slashdot.

Stop Using Zoom, Hamburg's DPA Warns State Government

Slashdot - Your Rights Online - Wt, 2021-08-17 16:04
Hamburg's state government has been formally warned against using Zoom over data protection concerns. From a report: The German state's data protection agency (DPA) took the step of issuing a public warning yesterday, writing in a press release that the Senate Chancellory's use of the popular videoconferencing tool violates the European Union's General Data Protection Regulation (GDPR) since user data is transferred to the US for processing. The DPA's concern follows a landmark ruling (Schrems II) by Europe's top court last summer which invalidated a flagship data transfer arrangement between the EU and the US (Privacy Shield), finding US surveillance law to be incompatible with EU privacy rights. The fallout from Schrems II has been slow to manifest -- beyond an instant blanket of legal uncertainty. However a number of European DPAs are now investigating the use of US-based digital services because of the data transfer issue, and in some instances publicly warning against the use of mainstream US tools like Facebook and Zoom because user data cannot be adequately safeguarded when it's taken over the pond. German agencies are among the most proactive in this respect. But the EU's data protection supervisor is also investigating the bloc's use of cloud services from US giants Amazon and Microsoft over the same data transfer concern.

Read more of this story at Slashdot.

Sonos Gets Early Patent Victory Against Google Smart Speakers

Slashdot - Your Rights Online - Pn, 2021-08-16 22:50
An anonymous reader quotes a report from Ars Technica: Sonos scored an early victory in its case against Google Friday, when the US International Trade Commission ruled that Google infringed five of Sonos' smart speaker patents. The ruling is preliminary and subject to a full ITC review, but it could lead to a ban on Google smart speakers. In January 2020, Sonos brought a patent infringement case against Google targeting Google's smart speakers, the Google Home, and later the Nest Audio line. Sonos is the originator of Internet-connected speakers that easily hook up to streaming services, while Google speakers combine a similar feature set with voice-activated Google Assistant commands. To hear Sonos tell the story, Google got a behind-the-scenes look at Sonos' hardware in 2013, when Google agreed to build Google Play Music support for Sonos speakers. Sonos claims Google used that access to "blatantly and knowingly" copy Sonos' audio features for the Google Home speaker, which launched in 2016. TechCrunch got statements from both sides of the fight. First up, Sonos Chief Legal Officer Eddie Lazarus told the site, "Today the ALJ has found all five of Sonos' asserted patents to be valid and that Google infringes on all five patents. We are pleased the ITC has confirmed Google's blatant infringement of Sonos' patented inventions. This decision re-affirms the strength and breadth of our portfolio, marking a promising milestone in our long-term pursuit to defend our innovation against misappropriation by Big Tech monopolies." Meanwhile, Google said, "We do not use Sonos' technology, and we compete on the quality of our products and the merits of our ideas. We disagree with this preliminary ruling and will continue to make our case in the upcoming review process." A final ruling should happen on December 13, and it's not just speakers that could be banned if the two companies don't make nice. The products that connect to those speakers, like Pixels and Chromecasts, could also be banned.

Read more of this story at Slashdot.

A Simple Software Fix Could Limit Location Data Sharing

Slashdot - Your Rights Online - Pn, 2021-08-16 05:34
Slashdot reader nickwinlund77 quotes Wired: Location data sharing from wireless carriers has been a major privacy issue in recent years... Carriers remain perennially hungry to know as much about you as they can. Now, researchers are proposing a simple plan to limit how much bulk location data they can get from cell towers. Much of the third-party location data industry is fueled by apps that gain permission to access your GPS information, but the location data that carriers can collect from cell towers has often provided an alternative pipeline. For years it's seemed like little could be done about this leakage, because cutting off access to this data would likely require the sort of systemic upgrades that carriers are loath to make. At the Usenix security conference on Thursday, though, network security researchers Paul Schmitt of Princeton University and Barath Raghavan of the University of Southern California are presenting a scheme called Pretty Good Phone Privacy that can mask wireless users' locations from carriers with a simple software upgrade that any carrier can adopt—no tectonic infrastructure shifts required... The researchers propose installing portals on every device — using an app or operating system function — that run regular checks with a billing server to confirm that a user is in good standing. The system would hand out digital tokens that don't identify the specific device but simply indicate whether the attached wireless account is paid up.

Read more of this story at Slashdot.

Russian Intelligence Services are Working with Ransomware Gangs, Report Says

Slashdot - Your Rights Online - Pn, 2021-08-16 03:34
CBS News reports: Russian intelligence services worked with prominent ransomware gangs to compromise U.S. government and government-affiliated organizations, according to new research from cybersecurity firm Analyst1. Two Russian intelligence bureaus — the Federal Security Service, or FSB, and Foreign Intelligence Service, or SVR — collaborated with individuals in "multiple cybercriminal organizations," security analysts with the firm say in the report. The research indicates these cybercriminals helped Russian intelligence develop and deploy custom malware targeting American companies that serve U.S. military clients... The code was launched sometime between June 2019 and January 2020 and hid in the background of Windows machines, silently harvesting keystrokes and sensitive documents... Analyst1 does not attribute the rise in organized criminal ransomware directly to Russian President Vladimir Putin or the Kremlin. But DiMaggio does "strongly believe" the Russian government colluded with cybercriminal gangs to spy on American defense targets. The report described said two different Russian cybercriminal groups attacked the same target, infiltrated their targeted systems, "then distributed malware using a PowerShell Windows application..." The report's author, a lead researcher at Analyst1, tells CBS that the ransomware variation "crawls documents for specific keywords, like 'weapon' and 'top secret,' then quietly sends the info back to the attacker."

Read more of this story at Slashdot.

Fight Piracy With a Blockchain-Based Bounty System, Suggest Microsoft Researchers

Slashdot - Your Rights Online - N, 2021-08-15 22:39
TorrentFreak reports: A new paper published by Microsoft's research department proposes to tackle piracy with a blockchain-based bounty system titled "Argus." The system allows volunteers to report piracy in exchange for a reward. It uses the Ethereum blockchain and is transparent, practical, and secure, while limiting abusive reports and errors... Pirated content is traced back to the source through a unique watermark that corresponds with a secret code. When a pirated copy is reported, the status of the source (licensee) is changed to "accused." The system provides an appeal option, but if that fails, the accused status changes to "guilty...." Whether Microsoft has any plans to test the system in the wild is unknown. It theoretically works with various media types including images, audio and software... This idea isn't completely new, however, as the South African company Custos came up with a similar idea years ago. Microsoft's research notes that Argus is superior to Custos' solution as it can assess the severity of piracy and the strength of accusations. TorrentFreak points out that the paper also received input from researchers at Alibaba and Carnegie Mellon University. I like how the paper referenced the appropriately-named functions for parts of the process, including Report(), Appeal(), and SetGuilty().

Read more of this story at Slashdot.

A CyberSecurity CEO Used Apple's AirTags to Locate His Stolen Scooter

Slashdot - Your Rights Online - N, 2021-08-15 00:34
Dan Guido's cybersecurity consulting firm Trail of Bits claims its clients range from Facebook to DARPA. CNET tells the story of what happened after someone stole Guido's electric scooter: The cybersecurity CEO, located in Brooklyn, New York, had hidden two Apple AirTags inside the black scooter, concealed with black duct tape. He set out the next day to locate the vehicle with help from the little Bluetooth trackers. Spoiler alert: He succeeded. Guido works at the New York City-based Trail of Bits, a cybersecurity research and consulting firm that serves clients in the defense, tech, finance and blockchain industries. He chronicled his hunt for the scooter in a series of tweets Monday, sharing both the challenges and successes of his wild journey... After some convincing, two police officers eventually agreed to accompany him to the scooter's location. Then, they spotted something promising: an e-bike store. After venturing inside, Guido received a ping, alerting him the elusive scooter was nearby... Guido's tweets document the rest of the big confrontation. "As I further inspect the scooter, the cops start asking questions: Do you sell used e-bikes? Do you collect info from the seller? Do you ask they prove ownership? What is the contact info for the person who dropped this scooter off? No, No, No, and we don't know... "An employee inside realizes we're investigating further. He immediately becomes agitated: I should be happy I got my scooter back and leave. It's my fault for getting it stolen. I'm screwing up his day. This isn't how we do things in Brooklyn. More joined in..." Among Guido's final tweets of advice: "Limit your in-person interactions and always involve the police. Don't try to retrieve your stolen goods until you have backup." Apple Insider adds that "This Apple Insider. "">isn't the first time that Apple's AirTags have been used to locate missing or stolen items. Back in July, a tech enthusiast said he used the tracking accessories to find his missing wallet hours after losing it on the New York City subway."

Read more of this story at Slashdot.

Would You Let Amazon Scan Your Palm For $10?

Slashdot - Your Rights Online - So, 2021-08-14 23:34
"New Amazon CEO Andy Jassy is facing questions about how the company plans to use the data it gathers from its newly installed palm-reading scanners in some of the company's retail outlets," reports GeekWire: A group of three U.S. senators — Amy Klobuchar (D-Minn.), Bill Cassidy (R-La.), and Jon Ossoff (D-Ga.) — sent a letter to Jassy asking a series of questions about its new Amazon One program which encourages people to make contactless payments via hand scans in its brick-and-mortar stores, such as Whole Foods. Specifically, the senators expressed concerns about Amazon's own history with its user data... "Our concerns about user privacy are heightened by evidence that Amazon shared voice data with third-party contractors and allegations that Amazon has violated biometric privacy laws... In contrast with biometric systems like Apple's Face ID and Touch ID or Samsung Pass, which store biometric information on a user's device, Amazon One reportedly uploads biometric information to the cloud, raising unique security risks," they wrote in the letter. Currently, Amazon is offering $10 in promotional credits to those who enroll their bank accounts in the program and link them to their Amazon accounts. Hot Hardware calls it a "slightly creepy promo," asking "What is the lowest amount you would sell your personal palm print for to a third-party?"

Read more of this story at Slashdot.

Deflecting Criticism, Russia Tries Insinuating 2018 Hole on Space Station Was US Sabotage

Slashdot - Your Rights Online - So, 2021-08-14 21:34
Remember that small leak on the International Space Station discovered in 2018 that was traced to a Russian module and apparently made by a drill bit? (Implicating the technicans that built the module on earth, Ars Technica wrote "There is evidence that a technician saw the drilling mistake and covered the hole with glue, which prevented the problem from being detected...") It's being revisited in the aftermath of a more recent incident involving Russia's Nauka science module to the International Space Station. (A software glitch after launch had required two course corrections for its rocket, and then while docking in space the module mistakenly fired its thrusters, causing the space station to briefly loss control, as well as communication with earth for 11 minutes.) Russia "is furious at what it says is unfair criticism of its space program," notes Futurism.com. In response, Russia's state-owned news agency TASS has presented an anonymous interview with someone said to be a "high ranking" official at their space agency suggesting that the 2018 drill hole could've been caused by an emotionally unstable NASA flight engineer onboard the space station. The state-owned agency's story claims this flight engineer had discovered a blood clot in their jugular vein, and could've decided their return to earth for medical treatment might be expedited by sabotaging Russia's module. The problem with this story? Space.com reports: NASA officials knew the precise locations of the U.S. astronauts before the leak occurred and at the moment it began, thanks to space station surveillance. The video footage indicated that none of the U.S. astronauts on the station were near the Russian segment where the Soyuz vehicle was docked. So Russia's state-owned news agency TASS now suggests that NASA could've tampered with that video to cover-up sabotage by NASA's astronauts — and points out that they weren't allowed to administer lie-detecting polygraph tests to those astronauts. Asked to comment on the "unstable astronaut" theory, NASA's human spaceflight chief said they "did not find this accusation credible." Ars Technica calls Russia's claims "extraordinarily defamatory."

Read more of this story at Slashdot.

Samsung's Leader Is Out of Jail, Allowing US Factory Plans To Move Forward

Slashdot - Your Rights Online - Pt, 2021-08-13 22:45
An anonymous reader quotes a report from Ars Technica: Samsung Group's leader, Jay Y. Lee, is out of jail on parole today. Lee was serving a 30-month sentence for his role in "Choi-gate," a major 2016 South Korean political scandal that brought down South Korean then-President Park Geun-hye. In 2017, Lee was originally sentenced to five years in jail after being found guilty of bribery, embezzlement, capital flight, and perjury. An appeal and retrial cut Lee's five-year prison sentence down to 30 months after suspending the charges for bribery and embezzlement. Lee served 18 months of that sentence, and now he's out on parole. Upon his release, Lee told reporters, "I've caused much concern for the people. I deeply apologize. I am listening to the concerns, criticisms, worries, and high expectations for me. I will work hard." Lee's release from prison is controversial. The pro-business side of South Korean politics wants to see Lee back on the streets because Samsung is a massive part of South Korea's economy, and jailing the leader has delayed major strategic decisions at the company. Civic groups say South Korea's business elite get a different set of rules from everyone else and that Lee's parole is the latest sign of that reality. Samsung makes up anywhere from 10-20 percent of South Korea's GDP, depending on how the latest quarter is going. As the top dog at Samsung, Lee has the final say on major investments and acquisitions, and one of the big decisions he needs to make is where to build a $17 billion chip factory in the US. The plant could be operational as soon as October 2022, and with the world currently in the middle of a global chip shortage, there's pressure to get everything started. US businesses have even been lobbying South Korea to pardon Lee in the hopes that the deal would go through. Lee reportedly left prison to head to Samsung headquarters, but he still has more legal issues to deal with. In October, he will face another trial relating to the Samsung C&T merger, this time for accounting fraud and stock price manipulation.

Read more of this story at Slashdot.

'The Way the Senate Melted Down Over Crypto Is Very Revealing'

Slashdot - Your Rights Online - Pt, 2021-08-13 20:13
Ezra Klein, writing at The New York Times: Think about it this way: The internet we have allows for the easy transfer of information. We costlessly swap copies of news articles, music files, video games, pornography, GIFs, tweets and much more. The internet is, famously, good at making information nearly free. But for precisely that reason, it is terrible at making information expensive, which it sometimes needs to be. What the internet is missing, in particular, are ways to verify identity, ownership and authenticity -- the exact things that make it possible for creators to get paid for their work (for more on this, I highly recommend Steven Johnson's article "Beyond the Bitcoin Bubble"). That's one reason the riches of the web haven't been more widely shared: You get rich selling access to the internet or by building companies that add convenience and features to the internet. So Facebook got rich by building a proprietary infrastructure for identity, and Spotify created a service in which artists could eke out payment from works that were otherwise just being pirated. The actual creators who make the internet worth visiting are forced to accept the exploitative, ever-changing terms of digital middlemen. This is the problem that the technology behind crypto solves, at least in theory: If the original internet let you easily copy information, the next internet will let you easily trade ownership of digital goods. Crypto lets you make digital goods scarce, which increases their value; it lets you prove ownership, which allows you to buy and sell them; and it makes digital identities verifiable, as that's merely information you own. Together, they unlock the potential for a true economy for digital goods, where creators actually get rewarded for what they make. I will admit to some skepticism that this is how it'll play out, because many of the financiers funding crypto also founded and sit on the boards of the companies that set the terms of today's internet, but we'll see.

Read more of this story at Slashdot.

Speaker Pioneer Sonos Fighting Google in 'Golden Age of Audio'

Slashdot - Your Rights Online - Pt, 2021-08-13 17:22
Sonos became a favorite with audiophiles by selling sleek, wireless speakers for streaming music long before technology titans such as Alphabet''s Google entered the market with cheaper, internet-connected models. Now Sonos is hoping a U.S. trade judge finds Friday that its partner turned foe, Google, infringed its patents for multiroom audio systems. From a report: Sonos is asking U.S. International Trade Commission Judge Charles Bullock to support its bid to block imports of Google's Home and Chromecast systems and Pixel phones and laptops, which are made in China. "Google has thrown everything at us in this case, but we believe that the evidence before the ITC demonstrates Google to be a serial infringer of Sonos' valid patents and that the ITC case represents just the tip of the iceberg," Sonos Chief Legal Officer Eddie Lazarus said in an earnings call Wednesday. The dispute has caught the attention of regulators and Congress who are investigating whether the big Silicon Valley tech companies have become too powerful. Sonos officials urged politicians to beef up antitrust laws and enforcement against companies like Google and Amazon.com. Sonos and Google have each accused the other of bad behavior, and suits have been filed in California, Texas, Canada, France, Germany and the Netherlands. A federal judge last year said the legal fees being incurred in the global battle "will likely have been able to build dozens of schools, pay all the teachers, and provide hot lunches to the children." Sonos is fighting over what CEO Patrick Spence says is the "Golden Age of Audio." Buoyed by consumers who buy more audiobooks, streaming music and podcasts and are looking for "theater-like" sound while watching movies from home, the focus on home sound systems is likely to survive even after the Covid-19 pandemic and work-from-home orders end.

Read more of this story at Slashdot.

Activist Raided By London Police After Downloading Docs Found On Google Search

Slashdot - Your Rights Online - Pt, 2021-08-13 15:00
A man who viewed documents online for a controversial London property development and shared them on social media was raided by police after developers claimed there had been a break-in to their systems. The Register reports: The raid by four Metropolitan Police constables took place after Southwark campaigner Robert Hutchinson was reportedly accused of illegally entering a password-protected area of a website. "I was searching in Google and found links to board meeting minutes," he told The Register. "Board reports, none of which were marked confidential. So I have no question that it was in the public domain." The Southwark News reported that Hutchinson was arrested at 8.20am on 10 June this year at home following allegations made by Leathermarket Community Benefit Society (CBS). The society is a property development firm that wants to build flats over a children's caged ball court in the south London borough, something Hutchinson "vocally opposes," according to the local paper. "There's a directory, which you need to enter a password and a username to get into. But documents from that area were being published on Google," explained Hutchinson. "I didn't see a page saying 'this is the directors' area' or anything like that, the documents were just available. They were just linked directly." Police said in a statement that Hutchinson was arrested on suspicion of breaking section 1 of Britain's Computer Misuse Act 1990 "between the 17th and 24th February 2021 and had published documents from the website on social media." They added: "He was taken into custody and later released under investigation. Following a review of all available evidence, it was determined no offences had been committed and no further action was taken." Hutchinson said his identification by Leathermarket and subsequent arrest raised questions in his mind, saying police confirmed to him that the company had handed over an access log containing IP addresses: "Now, how that ended up with me being in the frame, I don't know. There's part of this that doesn't add up..." While the property business did not respond to The Register's request for comment at the time of publication, in a statement given to the Southwark News it said: "When it came to the CBS's attention that confidential information had been accessed and subsequently shared via Twitter, the CBS made a general report of the data breach to the police â" who requested a full log of visitor access to the website before deciding whether or not to progress. The police carried out their own independent investigation into who accessed the documents and how, and have now concluded their investigation." The prepared police statement did not explain whether investigators tested Leathermarket CBS's version of events before arresting the campaigner.

Read more of this story at Slashdot.

Bill Gates Wants In On Congress' Big Climate Infrastructure Push

Slashdot - Your Rights Online - Pt, 2021-08-13 03:25
If the bipartisan infrastructure bill moves forward, Bill Gates says his climate investment fund will match $1.5 billion in government funds and put that money towards projects that are developing green technologies. The Verge reports: Breakthrough Energy, Gates' climate fund, laid out four different uses for the money: developing green hydrogen fuels, sustainable aviation fuels, energy storage, and technologies that take carbon dioxide out of the air. It said on Twitter that the money could "fast-track" commercial demonstration projects across the US. "Critical for all these climate technologies is to get the costs down and to be able to scale them up to a pretty gigantic level," Gates told The Wall Street Journal, which was the first to report on the announcement. "You'll never get that scale up unless the government's coming in with the right policies, and the right policy is exactly what's in that infrastructure bill." The funding depends on whether a bipartisan infrastructure package ultimately becomes law. The bill still needs to pass the House after it passed in the Senate earlier this week. The package includes $25 billion for the Department of Energy for public-private partnerships, The Wall Street Journal reports. If the bill becomes law, Breakthrough Energy can apply for matching funds. If the bill fails, Breakthrough Energy could funnel its $1.5 billion toward projects in Europe and Asia instead, The Wall Street Journal says. Breakthrough Energy tweeted that it wants to work with the Energy Department to spur up to $15 billion in investments in technologies that might be able to help the US bring its carbon dioxide emissions down to net-zero. "Both Breakthrough Energy and the Biden administration have prioritized developing so-called 'direct air capture' tech," adds The Verge. "The infrastructure package includes $3.5 billion for four proposed regional hubs across the US, each with the ability to capture at least 1 million metric tons of carbon dioxide annually (about as much as 120,000 US homes might generate from their energy use in a year). There's billions more in funding in the bill to build out a new network of pipelines and storage for captured CO2." The report also notes that there's "$8 billion in the bipartisan infrastructure package to develop four regional hubs for 'clean hydrogen,' another focus of Breakthrough Energy's work."

Read more of this story at Slashdot.

Apple's Child Protection Features Spark Concern Within Its Own Ranks

Slashdot - Your Rights Online - Pt, 2021-08-13 02:45
According to an exclusive report from Reuters, Apple's move to scan U.S. customer phones and computers for child sex abuse images has resulted in employees speaking out internally, "a notable turn in a company famed for its secretive culture." From the report: Apple employees have flooded an Apple internal Slack channel with more than 800 messages on the plan announced a week ago, workers who asked not to be identified told Reuters. Many expressed worries that the feature could be exploited by repressive governments looking to find other material for censorship or arrests, according to workers who saw the days-long thread. Past security changes at Apple have also prompted concern among employees, but the volume and duration of the new debate is surprising, the workers said. Some posters worried that Apple is damaging its leading reputation for protecting privacy. In the Slack thread devoted to the photo-scanning feature, some employees have pushed back against criticism, while others said Slack wasn't the proper forum for such discussions. Core security employees did not appear to be major complainants in the posts, and some of them said that they thought Apple's solution was a reasonable response to pressure to crack down on illegal material. Other employees said they hoped that the scanning is a step toward fully encrypting iCloud for customers who want it, which would reverse Apple's direction on the issue a second time. Apple has said it will refuse requests from governments to use the system to check phones for anything other than illegal child sexual abuse material.

Read more of this story at Slashdot.

Pirated-Entertainment Sites Are Making Billions From Ads

Slashdot - Your Rights Online - Cz, 2021-08-12 19:24
Websites and apps featuring pirated movies and TV shows make about $1.3 billion from advertising each year, including from major companies like Amazon.com, according to a study. From a report: The piracy operations are also a key source of malware, and some ads placed on the sites contain links that hackers use to steal personal information or conduct ransomware attacks, according to the online safety nonprofit Digital Citizens Alliance and the anti-piracy firm White Bullet Solutions. While law enforcement officials have sought to stop some of the online criminality, the groups identified at least 84,000 illicit entertainment sites. The study underscores just how tough a problem piracy is for both Hollywood studios and companies that distribute digital ads. The situation has been compounded by the Covid-19 pandemic, which has left more people watching films and television shows over the web, where criminals have a greater chance of successfully targeting victims. "Piracy causes direct harm to creators and others who lose income when their content is stolen," the authors of the report wrote. "And major brands face reputational risks when their advertising appears on illicit websites."

Read more of this story at Slashdot.

Amazon To Monitor Customer Service Workers' Keyboard and Mouse Strokes

Slashdot - Your Rights Online - Cz, 2021-08-12 17:40
Amazon plans to monitor the keyboard strokes and mouse movements of customer service employees in an attempt to stop rogue workers, imposters, or hackers accessing customers' data, according to a confidential Amazon document obtained by Motherboard. The document also includes several concrete instances where people managed to steal Amazon customer data. From the report: Although the document says Amazon has considered deploying a solution that captures all of a worker's keystrokes, the tool the company has seemingly leaned towards buying is not designed to record exactly what workers type or monitor their communications. Instead, the system generates a profile based on the employee's natural keyboard and mouse movements, and then continuously verifies whether it seems the same person is in control of the worker's account to catch hackers or imposters who may then steal data. The move highlights the sorts of tools companies may increasingly deploy as working from home or remotely continues during the ongoing pandemic, and the issues Amazon is already facing with the theft of customer data.

Read more of this story at Slashdot.

Netflix Intensifies 'VPN Ban' and Targets Residential IP-Addresses Too

Slashdot - Your Rights Online - Cz, 2021-08-12 09:00
Netflix has stepped up its efforts to ban VPN and proxy users from bypassing geographical restrictions. The streaming service is now blocking residential IP addresses too, since some unblocking tools use these to bypass restrictions. This isn't without collateral damage as many regular Internet users without a VPN now report "missing content" on Netflix. TorrentFreak reports: There is a flurry of complaints on social media from users whose VPN services were suddenly 'blocked' by Netflix. Previously, these people couldn't play any content while using a VPN. That changed last year. Now, VPN users can still see Netflix originals while other content is hidden and blocked. https://torrentfreak.com/netflix-is-less-annoying-to-vpn-users-now-but-some-titles-are-hidden-200618/ Netflix doesn't explain which IP addresses are blocked and why, but the most recent efforts are much broader than before. This issue was brought to our attention by WeVPN, which noticed that the updated geo-fencing system is blocking its residential IP addresses. These IP addresses are assigned to common consumer ISPs such as AT&T, Comcast, Verizon. While it makes sense for Netflix to put an end to these workarounds, there appears to be some collateral damage. "The collateral damage is that you have hundreds of thousands of legitimate residential Netflix subscribers blocked from accessing Netflix's local country full catalog from their home," a WeVPN spokesperson informs us. While we are unable to verify how many people are facing issues, it is clear that the measures are spilling over to regular subscribers. While Netflix hasn't released an official comment on the situation, the company is aware of the problems. One user who complained on Twitter, got the advice to contact their ISP to see if their IP address is associated with proxy or VPN use. This is a peculiar suggestion, as the blocking is taking place on Netflix's end. WeVPN told us that the company is experimenting with a solution, which appears to function for now. CyberGhost and Private Internet Access, which were also affected by Netflix's new blockades, say they managed to route around it within a day. In an update, a Netflix spokesperson said that the company is not banning all content for VPN and proxy services. Netflix originals are still available and the streaming service is working with people who were inadvertently affected to restore access to the full library.

Read more of this story at Slashdot.